smarty/internals/core.is_trusted.php
author Dan
Mon, 30 Jun 2008 12:36:13 -0400
changeset 21 74edc873234f
parent 0 c63de9eb7045
permissions -rw-r--r--
Made the webserver a bit smarter. It handles running as root properly (only allows it if user/group specified and port < 1024) and directory listing is massively smarter.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
     1
<?php
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
     2
/**
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
     3
 * Smarty plugin
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
     4
 * @package Smarty
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
     5
 * @subpackage plugins
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
     6
 */
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
     7
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
     8
/**
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
     9
 * determines if a resource is trusted or not
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    10
 *
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    11
 * @param string $resource_type
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    12
 * @param string $resource_name
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    13
 * @return boolean
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    14
 */
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    15
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    16
 // $resource_type, $resource_name
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    17
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    18
function smarty_core_is_trusted($params, &$smarty)
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    19
{
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    20
    $_smarty_trusted = false;
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    21
    if ($params['resource_type'] == 'file') {
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    22
        if (!empty($smarty->trusted_dir)) {
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    23
            $_rp = realpath($params['resource_name']);
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    24
            foreach ((array)$smarty->trusted_dir as $curr_dir) {
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    25
                if (!empty($curr_dir) && is_readable ($curr_dir)) {
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    26
                    $_cd = realpath($curr_dir);
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    27
                    if (strncmp($_rp, $_cd, strlen($_cd)) == 0
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    28
                        && substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) {
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    29
                        $_smarty_trusted = true;
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    30
                        break;
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    31
                    }
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    32
                }
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    33
            }
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    34
        }
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    35
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    36
    } else {
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    37
        // resource is not on local file system
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    38
        $_smarty_trusted = call_user_func_array($smarty->_plugins['resource'][$params['resource_type']][0][3],
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    39
                                                array($params['resource_name'], $smarty));
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    40
    }
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    41
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    42
    return $_smarty_trusted;
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    43
}
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    44
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    45
/* vim: set expandtab: */
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    46
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    47
?>