smarty/internals/core.is_secure.php
author Dan
Sun, 23 Mar 2008 23:55:50 -0400
changeset 8 a8d108f37363
parent 0 c63de9eb7045
permissions -rw-r--r--
Modified to trap signals properly and not write to the root directory (only working directory)
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
     1
<?php
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
     2
/**
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
     3
 * Smarty plugin
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
     4
 * @package Smarty
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
     5
 * @subpackage plugins
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
     6
 */
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
     7
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
     8
/**
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
     9
 * determines if a resource is secure or not.
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    10
 *
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    11
 * @param string $resource_type
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    12
 * @param string $resource_name
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    13
 * @return boolean
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    14
 */
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    15
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    16
//  $resource_type, $resource_name
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    17
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    18
function smarty_core_is_secure($params, &$smarty)
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    19
{
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    20
    if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    21
        return true;
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    22
    }
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    23
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    24
    if ($params['resource_type'] == 'file') {
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    25
        $_rp = realpath($params['resource_name']);
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    26
        if (isset($params['resource_base_path'])) {
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    27
            foreach ((array)$params['resource_base_path'] as $curr_dir) {
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    28
                if ( ($_cd = realpath($curr_dir)) !== false &&
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    29
                     strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    30
                     substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) {
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    31
                    return true;
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    32
                }
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    33
            }
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    34
        }
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    35
        if (!empty($smarty->secure_dir)) {
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    36
            foreach ((array)$smarty->secure_dir as $curr_dir) {
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    37
                if ( ($_cd = realpath($curr_dir)) !== false) {
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    38
                    if($_cd == $_rp) {
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    39
                        return true;
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    40
                    } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    41
                        substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) {
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    42
                        return true;
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    43
                    }
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    44
                }
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    45
            }
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    46
        }
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    47
    } else {
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    48
        // resource is not on local file system
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    49
        return call_user_func_array(
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    50
            $smarty->_plugins['resource'][$params['resource_type']][0][2],
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    51
            array($params['resource_name'], &$smarty));
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    52
    }
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    53
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    54
    return false;
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    55
}
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    56
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    57
/* vim: set expandtab: */
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    58
c63de9eb7045 First commit. Basic things are working and implemented (webserver, templating, DCOP interface)
Dan
parents:
diff changeset
    59
?>