smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-04 18:34:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

- update Smarty security with new realpath handling

Browse Source
This commit is contained in:
Uwe Tews
2015-06-27 20:18:01 +02:00
parent 6197df45b5
commit f567d5d778
2 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
change_log.txt
View File

@@ -2,6 +2,7 @@
27.06.2015
- bugfix resolve naming conflict between custom Smarty delimiter '<%' and PHP ASP tags https://github.com/smarty-php/smarty/issues/64
- update $smarty->_realpath for relative path not starting with './'
- update Smarty security with new realpath handling
19.06.2015
- improvement allow closures as callback at $smarty->registerFilter() https://github.com/smarty-php/smarty/issues/59

16
libs/sysplugins/smarty_security.php
View File

@@ -492,7 +492,6 @@ class Smarty_Security
if ($_template) {
$this->_template_dir = $_template_dir;
foreach ($_template_dir as $directory) {
$directory = realpath($directory);
$this->_resource_dir[$directory] = true;
}
}
@@ -501,8 +500,7 @@ class Smarty_Security
if ($_config) {
$this->_config_dir = $_config_dir;
foreach ($_config_dir as $directory) {
$directory = realpath($directory);
$this->_resource_dir[$directory] = true;
$this->_resource_dir[$directory] = true;
}
}
@@ -510,13 +508,13 @@ class Smarty_Security
if ($_secure) {
$this->_secure_dir = $this->secure_dir;
foreach ((array) $this->secure_dir as $directory) {
$directory = realpath($directory);
$directory = $this->smarty->_realpath($directory . DS);
$this->_resource_dir[$directory] = true;
}
}
$_filepath = realpath($filepath);
$directory = dirname($_filepath);
$_filepath = $filepath;
$directory = dirname($_filepath) . DS;
$_directory = array();
while (true) {
// remember the directory to add it to _resource_dir in case we're successful
@@ -587,13 +585,13 @@ class Smarty_Security
$this->_trusted_dir = $this->trusted_dir;
foreach ((array) $this->trusted_dir as $directory) {
$directory = realpath($directory);
$directory = $this->smarty->_realpath($directory . DS);
$this->_php_resource_dir[$directory] = true;
}
}
$_filepath = realpath($filepath);
$directory = dirname($_filepath);
$_filepath = $this->smarty->_realpath($filepath);
$directory = dirname($_filepath) . DS;
$_directory = array();
while (true) {
// remember the directory to add it to _resource_dir in case we're successful