smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-05 19:04:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: $smarty->security is now correctly handled

Browse Source 
minor optimizations:
   core/core.is_secure.php is only included when needed
   $dpi_default is only determined when needed
This commit is contained in:
messju
2004-01-15 15:00:09 +00:00
parent 6e0b6a5f2c
commit ea53ef5a58
2 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@@ -1,3 +1,4 @@
- fix interpretation of $smarty->security in {html_image} (messju)
- add caching of requested paths to _assemble_plugin_filepath() (messju)
- fix handling of comments inside {php}- and {literal}-blocks (messju)
- fix bug handling triple-quotes in config-files (BRDude, messju)

19
libs/plugins/function.html_image.php
View File

@@ -48,12 +48,6 @@ function smarty_function_html_image($params, &$smarty)
$suffix = '';
$server_vars = ($smarty->request_use_auto_globals) ? $_SERVER : $GLOBALS['HTTP_SERVER_VARS'];
$basedir = isset($server_vars['DOCUMENT_ROOT']) ? $server_vars['DOCUMENT_ROOT'] : '';
if(strstr($server_vars['HTTP_USER_AGENT'], 'Mac')) {
$dpi_default = 72;
} else {
$dpi_default = 96;
}
foreach($params as $_key => $_val) {
switch($_key) {
case 'file':
@@ -101,7 +95,13 @@ function smarty_function_html_image($params, &$smarty)
}
if(!isset($params['width']) || !isset($params['height'])) {
if(!$_image_data = @getimagesize($_image_path)) {
if ($smarty->security &&
($_params = array('resource_type' => 'file', 'resource_name' => $_image_path)) &&
(require_once(SMARTY_DIR . 'core' . DIRECTORY_SEPARATOR . 'core.is_secure.php')) &&
(!smarty_core_is_secure($_params, $smarty)) ) {
$smarty->trigger_error("html_image: (secure) '$_image_path' not in secure directory", E_USER_NOTICE);
} elseif (!$_image_data = @getimagesize($_image_path)) {
if(!file_exists($_image_path)) {
$smarty->trigger_error("html_image: unable to find '$_image_path'", E_USER_NOTICE);
return;
@@ -130,6 +130,11 @@ function smarty_function_html_image($params, &$smarty)
}
if(isset($params['dpi'])) {
if(strstr($server_vars['HTTP_USER_AGENT'], 'Mac')) {
$dpi_default = 72;
} else {
$dpi_default = 96;
}
$_resize = $dpi_default/$params['dpi'];
$width = round($width * $_resize);
$height = round($height * $_resize);