From d9a6f036f11554c3c710582380f364e832f17eeb Mon Sep 17 00:00:00 2001
From: mohrt <mohrt@localhost>
Date: Mon, 20 Jan 2003 18:05:43 +0000
Subject: [PATCH] fix debug template and security, add template_dir to
 secure_dir at runtime

---
 NEWS                  | 3 +++
 Smarty.class.php      | 9 ++++++++-
 libs/Smarty.class.php | 9 ++++++++-
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index a7a35f1d..543e617c 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+    - add debug template to secure dir (Ferdinand Beyer, Monte)
+    - add template_dir to secure_dir by default (Ferdinand
+      Beyer, Monte)
     - added support for object method access (Monte)
     - fixed bug with directories named '0' (Frank Bauer, Monte)
     - add javascript parameter to escape modifier (Monte)
diff --git a/Smarty.class.php b/Smarty.class.php
index fa69d689..12eecad0 100644
--- a/Smarty.class.php
+++ b/Smarty.class.php
@@ -132,7 +132,7 @@ class Smarty
 
 
     var $security       =   false;      // enable template security (default false)
-    var $secure_dir     =   array('templates'); // array of directories considered secure
+    var $secure_dir     =   array(); // array of directories considered secure
     var $security_settings  = array(
                                     'PHP_HANDLING'    => false,
                                     'IF_FUNCS'        => array('array', 'list',
@@ -212,6 +212,10 @@ class Smarty
 \*======================================================================*/
     function Smarty()
     {
+        if($this->security) {
+            // add template_dir to secure_dir array
+            $this->secure_dir = array_merge(array($this->template_dir),$this->secure_dir);
+        }
         foreach ($this->global_assign as $key => $var_name) {
             if (is_array($var_name)) {
                 foreach ($var_name as $var) {
@@ -764,6 +768,9 @@ function _generate_debug_output() {
 	if(empty($this->debug_tpl)) {
 		// set path to debug template from SMARTY_DIR
 		$this->debug_tpl = 'file:'.SMARTY_DIR.'debug.tpl';
+        if($this->security && is_file($this->debug_tpl)) {
+            $secure_dir[] = $this->debug_tpl;
+        }
 	}
 
 	$_ldelim_orig = $this->left_delimiter;
diff --git a/libs/Smarty.class.php b/libs/Smarty.class.php
index fa69d689..12eecad0 100644
--- a/libs/Smarty.class.php
+++ b/libs/Smarty.class.php
@@ -132,7 +132,7 @@ class Smarty
 
 
     var $security       =   false;      // enable template security (default false)
-    var $secure_dir     =   array('templates'); // array of directories considered secure
+    var $secure_dir     =   array(); // array of directories considered secure
     var $security_settings  = array(
                                     'PHP_HANDLING'    => false,
                                     'IF_FUNCS'        => array('array', 'list',
@@ -212,6 +212,10 @@ class Smarty
 \*======================================================================*/
     function Smarty()
     {
+        if($this->security) {
+            // add template_dir to secure_dir array
+            $this->secure_dir = array_merge(array($this->template_dir),$this->secure_dir);
+        }
         foreach ($this->global_assign as $key => $var_name) {
             if (is_array($var_name)) {
                 foreach ($var_name as $var) {
@@ -764,6 +768,9 @@ function _generate_debug_output() {
 	if(empty($this->debug_tpl)) {
 		// set path to debug template from SMARTY_DIR
 		$this->debug_tpl = 'file:'.SMARTY_DIR.'debug.tpl';
+        if($this->security && is_file($this->debug_tpl)) {
+            $secure_dir[] = $this->debug_tpl;
+        }
 	}
 
 	$_ldelim_orig = $this->left_delimiter;