Commit Graph

28 Commits

Author SHA1 Message Date
Uwe Tews
e1cc514a68 - avoid possible circular object referances caused by parser/lexer objects 2015-08-06 01:19:11 +02:00
Uwe Tews
61253c1999 optimization 2015-07-12 07:03:55 +02:00
Uwe Tews
7fa6c4fd47 update include_path handling 2015-07-07 17:55:45 +02:00
Uwe Tews
3052406cfc - fix $smarty->use_include_path option and optimize file path code 2015-06-29 02:41:42 +02:00
Uwe Tews
aee07f7bba - optimize security isTrustedResourceDir() 2015-06-28 02:37:41 +02:00
Uwe Tews
5377fd5926 - move $smarty->enableSecurity() into Smarty_Security class 2015-06-28 01:38:52 +02:00
Uwe Tews
f567d5d778 - update Smarty security with new realpath handling 2015-06-27 20:18:01 +02:00
Uwe Tews
8ee805632d - bugfix in Smarty_Security 'nl2br' should be a trusted modifier, not PHP function (code.google issue 223) 2015-05-13 20:17:02 +02:00
Uwe Tews
ea2a566b1f - bugfix Smarty_Security->allow_constants=false; did also disable true, false and null (change of 16.03.2015)
- improvement added a whitelist for trusted constants to security Smarty_Security::$trusted_constants (forum topic 25471)
2015-03-28 03:58:08 +01:00
Uwe Tews
1a781b39b1 new feature: security can now control access to static methods and properties
see also NEW_FEATURES.txt
2015-01-22 03:53:01 +01:00
Uwe Tews
6be6bf7b70 limit the template nesting level by security 2014-12-30 12:57:43 +01:00
Uwe Tews
1da50aa61d security can now disable special $smarty variables
see also NEW_FEATURES.txt
2014-12-29 21:59:23 +01:00
Uwe.Tews@googlemail.com
bbf0e42847 Fix typo's in Smarty_Security class comment and documentation 2014-10-01 17:15:24 +00:00
Uwe.Tews@googlemail.com
425091a19f - fixed spelling, PHPDoc , minor errors, code cleanup 2014-06-06 02:40:04 +00:00
Uwe.Tews@googlemail.com
00ccae8857 - update for PHP 5.4 compatibility
- reformat source to PSR-2 standard
2013-07-14 22:15:45 +00:00
Uwe.Tews@googlemail.com
b0b2c0e86d 17.06.2013
- fixed spelling in sources and documentation (from smarty-developers forum Veres Lajos)
2013-06-17 12:34:10 +00:00
rodneyrehm
26eac9888d bugfix Smarty_Security internal $_resource_dir cache wasn't properly propagated 2012-01-30 11:31:34 +00:00
rodneyrehm
2c25a64dd3 - added Smarty_Security::isTrustedUri() and Smarty_Security::$trusted_uri to validate remote resource calls through {fetch} and {html_image} (Forum Topic 20627) 2011-12-18 22:21:49 +00:00
rodneyrehm
aeec0783ec - bugfix of problem introduced with r4342 by replacing strlen() with isset() 2011-10-05 17:11:01 +00:00
rodneyrehm
655cbc94bc - improvement replaced some strlen($foo) > 3 calls by isset($foo[3]) 2011-10-01 18:47:56 +00:00
rodneyrehm
aff7c6a0ab - improvement replaced most in_array() calls by more efficient isset() on array_flip()ed haystacks
- added notes on possible performance optimization/problem with Smarty_Security
2011-10-01 18:10:48 +00:00
monte.ohrt
8842e79107 commit 3.1 into the trunk 2011-09-16 14:19:56 +00:00
uwe.tews@googlemail.com
f044178bad - major update including some API changes 2010-11-11 21:34:36 +00:00
monte.ohrt
21d507a5cb fix formatting 2010-08-17 15:39:51 +00:00
Uwe.Tews
0426dd0459 - bugfix on expressions in doublequoted string enclosed in backticks
- added security property $static_classes for static class security
2010-02-24 18:01:03 +00:00
Uwe.Tews
7e6da87134 - added max attribute to for loop
- added security mode allow_super_globals
2009-12-04 15:44:47 +00:00
monte.ohrt
3386b94e15 change linefeed style to native on all files 2009-11-06 14:35:00 +00:00
Uwe.Tews
94b80e892b - renamed function names of autoloaded Smarty methods to Smarty_Method_....
- new security_class property (default is Smarty_Security)
2009-11-03 20:38:38 +00:00