From bc96213c44812460ecb61f6dcfcdcdbfc8e64445 Mon Sep 17 00:00:00 2001 From: rodneyrehm Date: Thu, 9 Jun 2011 07:52:58 +0000 Subject: [PATCH] fix smarty security_policy issue in plugins {html_image} and {fetch} --- change_log.txt | 3 +++ libs/plugins/function.fetch.php | 4 ++-- libs/plugins/function.html_image.php | 4 ++-- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/change_log.txt b/change_log.txt index 6953a637..4727ce58 100644 --- a/change_log.txt +++ b/change_log.txt @@ -1,4 +1,7 @@ ===== SVN trunk ===== +09/0672011 +- bugfix smarty security_policy issue in plugins {html_image} and {fetch} + 07/06/2011 - bugfix registerFilter() or registerPlugin() on template objects did register to the main Smarty object if the register methods had been used on the main Smarty object before. diff --git a/libs/plugins/function.fetch.php b/libs/plugins/function.fetch.php index 2b09fb94..a800350b 100644 --- a/libs/plugins/function.fetch.php +++ b/libs/plugins/function.fetch.php @@ -28,8 +28,8 @@ function smarty_function_fetch($params, $template) } $content = ''; - if (isset($template->security_policy) && !preg_match('!^(http|ftp)://!i', $params['file'])) { - if(!$template->security_policy->isTrustedResourceDir($params['file'])) { + if (isset($template->smarty->security_policy) && !preg_match('!^(http|ftp)://!i', $params['file'])) { + if(!$template->smarty->security_policy->isTrustedResourceDir($params['file'])) { return; } diff --git a/libs/plugins/function.html_image.php b/libs/plugins/function.html_image.php index abb7b578..f148f1c3 100644 --- a/libs/plugins/function.html_image.php +++ b/libs/plugins/function.html_image.php @@ -106,8 +106,8 @@ function smarty_function_html_image($params, $template) return; } } - if (isset($template->security_policy)) { - if (!$template->security_policy->isTrustedResourceDir($_image_path)) { + if (isset($template->smarty->security_policy)) { + if (!$template->smarty->security_policy->isTrustedResourceDir($_image_path)) { return; } }