Содержимое файла | Последнее изменение | Открыть журнал | RSS
| Редакция | Автор | № строки | Строка |
|---|---|---|---|
| 304 | alex-w | 1 | <?php |
| 2 | /** |
||
| 3 | * Smarty plugin |
||
| 4 | * |
||
| 5 | * @package Smarty |
||
| 6 | * @subpackage Security |
||
| 7 | * @author Uwe Tews |
||
| 8 | */ |
||
| 9 | |||
| 10 | /** |
||
| 11 | * This class does contain the security settings |
||
| 12 | */ |
||
| 13 | class Smarty_Security_Policy { |
||
| 14 | /** |
||
| 15 | * This determines how Smarty handles "<?php ... ?>" tags in templates. |
||
| 16 | * possible values: |
||
| 17 | * <ul> |
||
| 18 | * <li>SMARTY_PHP_PASSTHRU -> echo PHP tags as they are</li> |
||
| 19 | * <li>SMARTY_PHP_QUOTE -> escape tags as entities</li> |
||
| 20 | * <li>SMARTY_PHP_REMOVE -> remove php tags</li> |
||
| 21 | * <li>SMARTY_PHP_ALLOW -> execute php tags</li> |
||
| 22 | * </ul> |
||
| 23 | * |
||
| 24 | * @var integer |
||
| 25 | */ |
||
| 26 | public $php_handling = SMARTY_PHP_PASSTHRU; |
||
| 27 | |||
| 28 | /** |
||
| 29 | * This is the list of template directories that are considered secure. |
||
| 30 | * One directory per array element. |
||
| 31 | * $template_dir is in this list implicitly. |
||
| 32 | * |
||
| 33 | * @var array |
||
| 34 | */ |
||
| 35 | public $secure_dir = array(); |
||
| 36 | |||
| 37 | |||
| 38 | /** |
||
| 39 | * This is an array of directories where trusted php scripts reside. |
||
| 40 | * {@link $security} is disabled during their inclusion/execution. |
||
| 41 | * |
||
| 42 | * @var array |
||
| 43 | */ |
||
| 44 | public $trusted_dir = array(); |
||
| 45 | |||
| 46 | |||
| 47 | /** |
||
| 48 | * This is an array of trusted PHP functions. |
||
| 49 | * |
||
| 50 | * If empty all functions are allowed. |
||
| 51 | * If set to 'none' none is allowed. |
||
| 52 | * @var array |
||
| 53 | */ |
||
| 54 | public $php_functions = array('isset', 'empty', |
||
| 55 | 'count', 'sizeof','in_array', 'is_array','time','nl2br'); |
||
| 56 | |||
| 57 | /** |
||
| 58 | * This is an array of trusted modifers. |
||
| 59 | * |
||
| 60 | * If empty all modifiers are allowed. |
||
| 61 | * If set to 'none' none is allowed. |
||
| 62 | * @var array |
||
| 63 | */ |
||
| 64 | public $modifiers = array('escape','count'); |
||
| 65 | |||
| 66 | /** |
||
| 67 | * This is an array of trusted streams. |
||
| 68 | * |
||
| 69 | * If empty all streams are allowed. |
||
| 70 | * If set to 'none' none is allowed. |
||
| 71 | * @var array |
||
| 72 | */ |
||
| 73 | public $streams = array('file'); |
||
| 74 | /** |
||
| 75 | + flag if constants can be accessed from template |
||
| 76 | */ |
||
| 77 | public $allow_constants = true; |
||
| 78 | /** |
||
| 79 | + flag if {php} tag can be executed |
||
| 80 | */ |
||
| 81 | public $allow_php_tag = false; |
||
| 82 | } |
||
| 83 | |||
| 84 | ?> |