smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-06 03:14:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix smarty security_policy issue in plugins {html_image} and {fetch}

Browse Source
This commit is contained in:
rodneyrehm
2011-06-09 07:52:58 +00:00
parent 0c552377cd
commit bc96213c44
3 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
change_log.txt
View File

@@ -1,4 +1,7 @@
===== SVN trunk ===== ===== SVN trunk =====
09/0672011
- bugfix smarty security_policy issue in plugins {html_image} and {fetch}
07/06/2011 07/06/2011
- bugfix registerFilter() or registerPlugin() on template objects did register to the main Smarty object if the register methods had been used on the main Smarty object before. - bugfix registerFilter() or registerPlugin() on template objects did register to the main Smarty object if the register methods had been used on the main Smarty object before.

4
libs/plugins/function.fetch.php
View File

@@ -28,8 +28,8 @@ function smarty_function_fetch($params, $template)
} }
$content = ''; $content = '';
if (isset($template->security_policy) && !preg_match('!^(http|ftp)://!i', $params['file'])) { if (isset($template->smarty->security_policy) && !preg_match('!^(http|ftp)://!i', $params['file'])) {
if(!$template->security_policy->isTrustedResourceDir($params['file'])) { if(!$template->smarty->security_policy->isTrustedResourceDir($params['file'])) {
return; return;
} }

4
libs/plugins/function.html_image.php
View File

@@ -106,8 +106,8 @@ function smarty_function_html_image($params, $template)
return; return;
} }
} }
if (isset($template->security_policy)) { if (isset($template->smarty->security_policy)) {
if (!$template->security_policy->isTrustedResourceDir($_image_path)) { if (!$template->smarty->security_policy->isTrustedResourceDir($_image_path)) {
return; return;
} }
} }