smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-05 02:44:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

- update Smarty security with new realpath handling

Browse Source
This commit is contained in:
Uwe Tews
2015-06-27 20:18:01 +02:00
parent 6197df45b5
commit f567d5d778
2 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
change_log.txt
View File

@@ -2,6 +2,7 @@
27.06.2015 27.06.2015
- bugfix resolve naming conflict between custom Smarty delimiter '<%' and PHP ASP tags https://github.com/smarty-php/smarty/issues/64 - bugfix resolve naming conflict between custom Smarty delimiter '<%' and PHP ASP tags https://github.com/smarty-php/smarty/issues/64
- update $smarty->_realpath for relative path not starting with './' - update $smarty->_realpath for relative path not starting with './'
- update Smarty security with new realpath handling
19.06.2015 19.06.2015
- improvement allow closures as callback at $smarty->registerFilter() https://github.com/smarty-php/smarty/issues/59 - improvement allow closures as callback at $smarty->registerFilter() https://github.com/smarty-php/smarty/issues/59

16
libs/sysplugins/smarty_security.php
View File

@@ -492,7 +492,6 @@ class Smarty_Security
if ($_template) { if ($_template) {
$this->_template_dir = $_template_dir; $this->_template_dir = $_template_dir;
foreach ($_template_dir as $directory) { foreach ($_template_dir as $directory) {
$directory = realpath($directory);
$this->_resource_dir[$directory] = true; $this->_resource_dir[$directory] = true;
} }
} }
@@ -501,8 +500,7 @@ class Smarty_Security
if ($_config) { if ($_config) {
$this->_config_dir = $_config_dir; $this->_config_dir = $_config_dir;
foreach ($_config_dir as $directory) { foreach ($_config_dir as $directory) {
$directory = realpath($directory); $this->_resource_dir[$directory] = true;
$this->_resource_dir[$directory] = true;
} }
} }
@@ -510,13 +508,13 @@ class Smarty_Security
if ($_secure) { if ($_secure) {
$this->_secure_dir = $this->secure_dir; $this->_secure_dir = $this->secure_dir;
foreach ((array) $this->secure_dir as $directory) { foreach ((array) $this->secure_dir as $directory) {
$directory = realpath($directory); $directory = $this->smarty->_realpath($directory . DS);
$this->_resource_dir[$directory] = true; $this->_resource_dir[$directory] = true;
} }
} }
$_filepath = realpath($filepath); $_filepath = $filepath;
$directory = dirname($_filepath); $directory = dirname($_filepath) . DS;
$_directory = array(); $_directory = array();
while (true) { while (true) {
// remember the directory to add it to _resource_dir in case we're successful // remember the directory to add it to _resource_dir in case we're successful
@@ -587,13 +585,13 @@ class Smarty_Security
$this->_trusted_dir = $this->trusted_dir; $this->_trusted_dir = $this->trusted_dir;
foreach ((array) $this->trusted_dir as $directory) { foreach ((array) $this->trusted_dir as $directory) {
$directory = realpath($directory); $directory = $this->smarty->_realpath($directory . DS);
$this->_php_resource_dir[$directory] = true; $this->_php_resource_dir[$directory] = true;
} }
} }
$_filepath = realpath($filepath); $_filepath = $this->smarty->_realpath($filepath);
$directory = dirname($_filepath); $directory = dirname($_filepath) . DS;
$_directory = array(); $_directory = array();
while (true) { while (true) {
// remember the directory to add it to _resource_dir in case we're successful // remember the directory to add it to _resource_dir in case we're successful