9
* determines if a resource is secure or not.
11
* @param string $resource_type
12
* @param string $resource_name
16
// $resource_type, $resource_name
18
function smarty_core_is_secure($params, &$smarty)
20
static $check_template_dir = true;
22
if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
26
$_smarty_secure = false;
27
if ($params['resource_type'] == 'file') {
28
if($check_template_dir) {
29
if (!in_array($smarty->template_dir, $smarty->secure_dir))
30
// add template_dir to secure_dir array
31
array_unshift($smarty->secure_dir, $smarty->template_dir);
32
$check_template_dir = false;
34
if (!empty($smarty->secure_dir)) {
35
$_rp = realpath($params['resource_name']);
36
foreach ((array)$smarty->secure_dir as $curr_dir) {
37
if ( !empty($curr_dir) && is_readable ($curr_dir)) {
38
$_cd = realpath($curr_dir);
39
if (strncmp($_rp, $_cd, strlen($_cd)) == 0
40
&& $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) {
41
$_smarty_secure = true;
48
// resource is not on local file system
49
$_smarty_secure = call_user_func_array(
50
$smarty->_plugins['resource'][$params['resource_type']][0][2],
51
array($params['resource_name'], &$_smarty_secure, &$smarty));
54
return $_smarty_secure;
57
/* vim: set expandtab: */