smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-04 02:14:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Formatting.

Browse Source
This commit is contained in:
andrey
2001-12-04 22:37:41 +00:00
parent 7014505d59
commit fbb44389d3
3 changed files with 9 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@@ -1,4 +1,4 @@
- add include_php built-in function (Monte)
- added include_php built-in function. (Monte)
- added trusted_dir functionality, documented. (Monte)
- consolidated secure_dir tests to one function. (Monte)
- prepended _smarty_ to variable names in fetch() class function to avoid

17
Smarty_Compiler.class.php
View File

@@ -450,35 +450,24 @@ class Smarty_Compiler extends Smarty {
function _compile_include_php_tag($tag_args)
{
$attrs = $this->_parse_attrs($tag_args);
$arg_list = array();
if (empty($attrs['file'])) {
$this->_syntax_error("missing 'file' attribute in include_php tag");
return false;
}
if($this->security) {
if ($this->security) {
$this->_parse_file_path($this->trusted_dir, $this->_dequote($attrs['file']), $resource_type, $resource_name);
if( $resource_type != 'file' || !is_file( $resource_name )) {
if( $resource_type != 'file' || !@is_file($resource_name)) {
$this->_syntax_error("include_php: $resource_type: $resource_name is not readable");
return false;
}
if(!$this->_is_trusted($resource_type, $resource_name)) {
if (!$this->_is_trusted($resource_type, $resource_name)) {
$this->_syntax_error("include_php: $resource_type: $resource_name is not trusted");
return false;
}
}
foreach ($attrs as $arg_name => $arg_value) {
if ($arg_name == 'file') {
$include_file = $arg_value;
continue;
}
if (is_bool($arg_value))
$arg_value = $arg_value ? 'true' : 'false';
$arg_list[] = "'$arg_name' => $arg_value";
}
return "<?php include('".$resource_name."'); ?>";
}

17
libs/Smarty_Compiler.class.php
View File

@@ -450,35 +450,24 @@ class Smarty_Compiler extends Smarty {
function _compile_include_php_tag($tag_args)
{
$attrs = $this->_parse_attrs($tag_args);
$arg_list = array();
if (empty($attrs['file'])) {
$this->_syntax_error("missing 'file' attribute in include_php tag");
return false;
}
if($this->security) {
if ($this->security) {
$this->_parse_file_path($this->trusted_dir, $this->_dequote($attrs['file']), $resource_type, $resource_name);
if( $resource_type != 'file' || !is_file( $resource_name )) {
if( $resource_type != 'file' || !@is_file($resource_name)) {
$this->_syntax_error("include_php: $resource_type: $resource_name is not readable");
return false;
}
if(!$this->_is_trusted($resource_type, $resource_name)) {
if (!$this->_is_trusted($resource_type, $resource_name)) {
$this->_syntax_error("include_php: $resource_type: $resource_name is not trusted");
return false;
}
}
foreach ($attrs as $arg_name => $arg_value) {
if ($arg_name == 'file') {
$include_file = $arg_value;
continue;
}
if (is_bool($arg_value))
$arg_value = $arg_value ? 'true' : 'false';
$arg_list[] = "'$arg_name' => $arg_value";
}
return "<?php include('".$resource_name."'); ?>";
}