From ea53ef5a5846d067f77ede2a8a4b9b712164e031 Mon Sep 17 00:00:00 2001
From: messju <messju@localhost>
Date: Thu, 15 Jan 2004 15:00:09 +0000
Subject: [PATCH] fix: $smarty->security is now correctly handled

minor optimizations:
   core/core.is_secure.php is only included when needed
   $dpi_default is only determined when needed
---
 NEWS                                 |  1 +
 libs/plugins/function.html_image.php | 19 ++++++++++++-------
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/NEWS b/NEWS
index f4a30653..f33ea4c8 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,4 @@
+  - fix interpretation of $smarty->security in {html_image} (messju)
   - add caching of requested paths to _assemble_plugin_filepath() (messju)
   - fix handling of comments inside {php}- and {literal}-blocks (messju)
   - fix bug handling triple-quotes in config-files (BRDude, messju)
diff --git a/libs/plugins/function.html_image.php b/libs/plugins/function.html_image.php
index 3fe5f97a..56c55fdc 100644
--- a/libs/plugins/function.html_image.php
+++ b/libs/plugins/function.html_image.php
@@ -48,12 +48,6 @@ function smarty_function_html_image($params, &$smarty)
     $suffix = '';
     $server_vars = ($smarty->request_use_auto_globals) ? $_SERVER : $GLOBALS['HTTP_SERVER_VARS'];
     $basedir = isset($server_vars['DOCUMENT_ROOT']) ? $server_vars['DOCUMENT_ROOT'] : '';
-    if(strstr($server_vars['HTTP_USER_AGENT'], 'Mac')) {
-        $dpi_default = 72;
-    } else {
-        $dpi_default = 96;
-    }
-
     foreach($params as $_key => $_val) {
         switch($_key) {
             case 'file':
@@ -101,7 +95,13 @@ function smarty_function_html_image($params, &$smarty)
     }
 
     if(!isset($params['width']) || !isset($params['height'])) {
-        if(!$_image_data = @getimagesize($_image_path)) {
+        if ($smarty->security &&
+            ($_params = array('resource_type' => 'file', 'resource_name' => $_image_path)) &&
+            (require_once(SMARTY_DIR . 'core' . DIRECTORY_SEPARATOR . 'core.is_secure.php')) &&
+            (!smarty_core_is_secure($_params, $smarty)) ) {
+            $smarty->trigger_error("html_image: (secure) '$_image_path' not in secure directory", E_USER_NOTICE);
+
+        } elseif (!$_image_data = @getimagesize($_image_path)) {
             if(!file_exists($_image_path)) {
                 $smarty->trigger_error("html_image: unable to find '$_image_path'", E_USER_NOTICE);
                 return;
@@ -130,6 +130,11 @@ function smarty_function_html_image($params, &$smarty)
     }
 
     if(isset($params['dpi'])) {
+        if(strstr($server_vars['HTTP_USER_AGENT'], 'Mac')) {
+            $dpi_default = 72;
+        } else {
+            $dpi_default = 96;
+        }
         $_resize = $dpi_default/$params['dpi'];
         $width = round($width * $_resize);
         $height = round($height * $_resize);