smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-04 10:24:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added 'script' attribute to {insert..}.

Browse Source
This commit is contained in:
andrey
2001-12-11 21:34:22 +00:00
parent 5aa62bf613
commit c81d1eb839
3 changed files with 63 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
NEWS
View File

@@ -1,4 +1,6 @@
- added default template function handler (Monte) - added 'script' attribute to {insert..} which specifies the script that
the insert function can be found in. (Andrei)
- added default template function handler. (Monte)
Version 1.5.1 Version 1.5.1
------------- -------------

31
Smarty.class.php
View File

@@ -100,7 +100,7 @@ class Smarty
// this will tell Smarty not to look for // this will tell Smarty not to look for
// insert tags, thus speeding up cached page // insert tags, thus speeding up cached page
// fetches. true/false default true. // fetches. true/false default true.
var $cache_handler_func = 'make_tpl'; // function used for cached content. this is var $cache_handler_func = null; // function used for cached content. this is
// an alternative to using the built-in file // an alternative to using the built-in file
// based caching. // based caching.
@@ -1115,6 +1115,21 @@ function _parse_file_path($file_base_path, $file_path, &$resource_type, &$resour
$name = $args['name']; $name = $args['name'];
unset($args['name']); unset($args['name']);
if (isset($args['script'])) {
$this->_parse_file_path($this->trusted_dir, $this->_dequote($args['script']), $resource_type, $resource_name);
if ($this->security) {
if( $resource_type != 'file' || !@is_file($resource_name)) {
$this->_syntax_error("include_php: $resource_type: $resource_name is not readable"); return false;
}
if (!$this->_is_trusted($resource_type, $resource_name)) {
$this->_syntax_error("include_php: $resource_type: $resource_name is not trusted");
return false;
}
}
include_once($resource_name);
unset($args['script']);
}
$function_name = 'insert_' . $name; $function_name = 'insert_' . $name;
$replace = $function_name($args, $this); $replace = $function_name($args, $this);
@@ -1146,6 +1161,20 @@ function _run_insert_handler($args)
return $this->_smarty_md5."{insert_cache $arg_string}".$this->_smarty_md5; return $this->_smarty_md5."{insert_cache $arg_string}".$this->_smarty_md5;
} else { } else {
$function_name = 'insert_'.$args['name']; $function_name = 'insert_'.$args['name'];
if (isset($args['script'])) {
$this->_parse_file_path($this->trusted_dir, $this->_dequote($args['script']), $resource_type, $resource_name);
if ($this->security) {
if( $resource_type != 'file' || !@is_file($resource_name)) {
$this->_syntax_error("include_php: $resource_type: $resource_name is not readable"); return false;
}
if (!$this->_is_trusted($resource_type, $resource_name)) {
$this->_syntax_error("include_php: $resource_type: $resource_name is not trusted");
return false;
}
}
include_once($resource_name);
}
$content = $function_name($args, $this); $content = $function_name($args, $this);
if ($this->debugging) { if ($this->debugging) {
$this->_smarty_debug_info[] = array('type' => 'insert', $this->_smarty_debug_info[] = array('type' => 'insert',

31
libs/Smarty.class.php
View File

@@ -100,7 +100,7 @@ class Smarty
// this will tell Smarty not to look for // this will tell Smarty not to look for
// insert tags, thus speeding up cached page // insert tags, thus speeding up cached page
// fetches. true/false default true. // fetches. true/false default true.
var $cache_handler_func = 'make_tpl'; // function used for cached content. this is var $cache_handler_func = null; // function used for cached content. this is
// an alternative to using the built-in file // an alternative to using the built-in file
// based caching. // based caching.
@@ -1115,6 +1115,21 @@ function _parse_file_path($file_base_path, $file_path, &$resource_type, &$resour
$name = $args['name']; $name = $args['name'];
unset($args['name']); unset($args['name']);
if (isset($args['script'])) {
$this->_parse_file_path($this->trusted_dir, $this->_dequote($args['script']), $resource_type, $resource_name);
if ($this->security) {
if( $resource_type != 'file' || !@is_file($resource_name)) {
$this->_syntax_error("include_php: $resource_type: $resource_name is not readable"); return false;
}
if (!$this->_is_trusted($resource_type, $resource_name)) {
$this->_syntax_error("include_php: $resource_type: $resource_name is not trusted");
return false;
}
}
include_once($resource_name);
unset($args['script']);
}
$function_name = 'insert_' . $name; $function_name = 'insert_' . $name;
$replace = $function_name($args, $this); $replace = $function_name($args, $this);
@@ -1146,6 +1161,20 @@ function _run_insert_handler($args)
return $this->_smarty_md5."{insert_cache $arg_string}".$this->_smarty_md5; return $this->_smarty_md5."{insert_cache $arg_string}".$this->_smarty_md5;
} else { } else {
$function_name = 'insert_'.$args['name']; $function_name = 'insert_'.$args['name'];
if (isset($args['script'])) {
$this->_parse_file_path($this->trusted_dir, $this->_dequote($args['script']), $resource_type, $resource_name);
if ($this->security) {
if( $resource_type != 'file' || !@is_file($resource_name)) {
$this->_syntax_error("include_php: $resource_type: $resource_name is not readable"); return false;
}
if (!$this->_is_trusted($resource_type, $resource_name)) {
$this->_syntax_error("include_php: $resource_type: $resource_name is not trusted");
return false;
}
}
include_once($resource_name);
}
$content = $function_name($args, $this); $content = $function_name($args, $this);
if ($this->debugging) { if ($this->debugging) {
$this->_smarty_debug_info[] = array('type' => 'insert', $this->_smarty_debug_info[] = array('type' => 'insert',