smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-04 10:24:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix debug template and security, add template_dir to secure_dir at runtime

Browse Source
This commit is contained in:
mohrt
2003-01-20 18:05:43 +00:00
parent 1b0f70c775
commit d9a6f036f1
3 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@@ -1,3 +1,6 @@
- add debug template to secure dir (Ferdinand Beyer, Monte)
- add template_dir to secure_dir by default (Ferdinand
Beyer, Monte)
- added support for object method access (Monte) - added support for object method access (Monte)
- fixed bug with directories named '0' (Frank Bauer, Monte) - fixed bug with directories named '0' (Frank Bauer, Monte)
- add javascript parameter to escape modifier (Monte) - add javascript parameter to escape modifier (Monte)

9
Smarty.class.php
View File

@@ -132,7 +132,7 @@ class Smarty
var $security = false; // enable template security (default false) var $security = false; // enable template security (default false)
var $secure_dir = array('templates'); // array of directories considered secure var $secure_dir = array(); // array of directories considered secure
var $security_settings = array( var $security_settings = array(
'PHP_HANDLING' => false, 'PHP_HANDLING' => false,
'IF_FUNCS' => array('array', 'list', 'IF_FUNCS' => array('array', 'list',
@@ -212,6 +212,10 @@ class Smarty
\*======================================================================*/ \*======================================================================*/
function Smarty() function Smarty()
{ {
if($this->security) {
// add template_dir to secure_dir array
$this->secure_dir = array_merge(array($this->template_dir),$this->secure_dir);
}
foreach ($this->global_assign as $key => $var_name) { foreach ($this->global_assign as $key => $var_name) {
if (is_array($var_name)) { if (is_array($var_name)) {
foreach ($var_name as $var) { foreach ($var_name as $var) {
@@ -764,6 +768,9 @@ function _generate_debug_output() {
if(empty($this->debug_tpl)) { if(empty($this->debug_tpl)) {
// set path to debug template from SMARTY_DIR // set path to debug template from SMARTY_DIR
$this->debug_tpl = 'file:'.SMARTY_DIR.'debug.tpl'; $this->debug_tpl = 'file:'.SMARTY_DIR.'debug.tpl';
if($this->security && is_file($this->debug_tpl)) {
$secure_dir[] = $this->debug_tpl;
}
} }
$_ldelim_orig = $this->left_delimiter; $_ldelim_orig = $this->left_delimiter;

9
libs/Smarty.class.php
View File

@@ -132,7 +132,7 @@ class Smarty
var $security = false; // enable template security (default false) var $security = false; // enable template security (default false)
var $secure_dir = array('templates'); // array of directories considered secure var $secure_dir = array(); // array of directories considered secure
var $security_settings = array( var $security_settings = array(
'PHP_HANDLING' => false, 'PHP_HANDLING' => false,
'IF_FUNCS' => array('array', 'list', 'IF_FUNCS' => array('array', 'list',
@@ -212,6 +212,10 @@ class Smarty
\*======================================================================*/ \*======================================================================*/
function Smarty() function Smarty()
{ {
if($this->security) {
// add template_dir to secure_dir array
$this->secure_dir = array_merge(array($this->template_dir),$this->secure_dir);
}
foreach ($this->global_assign as $key => $var_name) { foreach ($this->global_assign as $key => $var_name) {
if (is_array($var_name)) { if (is_array($var_name)) {
foreach ($var_name as $var) { foreach ($var_name as $var) {
@@ -764,6 +768,9 @@ function _generate_debug_output() {
if(empty($this->debug_tpl)) { if(empty($this->debug_tpl)) {
// set path to debug template from SMARTY_DIR // set path to debug template from SMARTY_DIR
$this->debug_tpl = 'file:'.SMARTY_DIR.'debug.tpl'; $this->debug_tpl = 'file:'.SMARTY_DIR.'debug.tpl';
if($this->security && is_file($this->debug_tpl)) {
$secure_dir[] = $this->debug_tpl;
}
} }
$_ldelim_orig = $this->left_delimiter; $_ldelim_orig = $this->left_delimiter;