~ubuntu-branches/ubuntu/feisty/smarty/feisty-security

<?php

/**

 * Smarty plugin

 * @package Smarty

 * @subpackage plugins

 */

 

/**#@+

 * @access private

 */

/**

 * determines if a resource is trusted or not

 *

 * @param string $resource_type

 * @param string $resource_name

 * @return boolean

 */

 

 // $resource_type, $resource_name

 

function smarty_core_is_trusted($params, &$smarty)

{

    $_smarty_trusted = false;

    if ($params['resource_type'] == 'file') {

        if (!empty($smarty->trusted_dir)) {

            $_rp = realpath($params['resource_name']);

            foreach ((array)$smarty->trusted_dir as $curr_dir) {

                if (!empty($curr_dir) && is_readable ($curr_dir)) {

                    $_cd = realpath($curr_dir);

                    if (strncmp($_rp, $_cd, strlen($_cd)) == 0

                        && $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) {

                        $_smarty_trusted = true;

                        break;

                    }

                }

            }

        }

 

    } else {

        // resource is not on local file system

        $_smarty_trusted = call_user_func_array($smarty->_plugins['resource'][$params['resource_type']][0][3],

                                                array($params['resource_name'], $smarty));

    }

 

    return $_smarty_trusted;

}

 

/* vim: set expandtab: */

 

?>