smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-04 18:34:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

synced secure_dir-checking with trusted_dir-checking

Browse Source
This commit is contained in:
messju
2003-08-09 08:47:10 +00:00
parent 29f5d24082
commit d226b07741
2 changed files with 10 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libs/core/core.is_secure.php
View File

@@ -23,8 +23,8 @@ function smarty_core_is_secure($params, &$smarty)
$_smarty_secure = false;
if ($params['resource_type'] == 'file') {
$_rp = realpath($params['resource_name']);
if (!empty($smarty->secure_dir)) {
$_rp = realpath($params['resource_name']);
foreach ((array)$smarty->secure_dir as $curr_dir) {
if ( !empty($curr_dir) && is_readable ($curr_dir)) {
$_cd = realpath($curr_dir);

11
libs/core/core.is_trusted.php
View File

@@ -23,20 +23,19 @@ function smarty_core_is_trusted($params, &$smarty)
$_smarty_trusted = false;
if ($params['resource_type'] == 'file') {
if (!empty($smarty->trusted_dir)) {
// see if template file is within a trusted directory. If so,
// disable security during the execution of the template.
if (!empty($smarty->trusted_dir)) {
$_rp = realpath($params['resource_name']);
foreach ((array)$smarty->trusted_dir as $curr_dir) {
if (!empty($curr_dir) && is_readable ($curr_dir)) {
if (substr(realpath($params['resource_name']),0, strlen(realpath($curr_dir))) == realpath($curr_dir)) {
$_cd = realpath($curr_dir);
if (strncmp($_rp, $_cd, strlen($_cd)) == 0
&& $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) {
$_smarty_trusted = true;
break;
}
}
}
}
}
} else {
// resource is not on local file system
$_smarty_trusted = call_user_func_array($smarty->_plugins['resource'][$params['resource_type']][0][3],