Содержимое файла | Последнее изменение | Открыть журнал | RSS
Редакция | Автор | № строки | Строка |
---|---|---|---|
304 | alex-w | 1 | <?php |
2 | /** |
||
3 | * Smarty plugin |
||
4 | * |
||
5 | * @package Smarty |
||
6 | * @subpackage Security |
||
7 | * @author Uwe Tews |
||
8 | */ |
||
9 | |||
10 | /** |
||
11 | * This class does contain the security settings |
||
12 | */ |
||
13 | class Smarty_Security_Policy { |
||
14 | /** |
||
15 | * This determines how Smarty handles "<?php ... ?>" tags in templates. |
||
16 | * possible values: |
||
17 | * <ul> |
||
18 | * <li>SMARTY_PHP_PASSTHRU -> echo PHP tags as they are</li> |
||
19 | * <li>SMARTY_PHP_QUOTE -> escape tags as entities</li> |
||
20 | * <li>SMARTY_PHP_REMOVE -> remove php tags</li> |
||
21 | * <li>SMARTY_PHP_ALLOW -> execute php tags</li> |
||
22 | * </ul> |
||
23 | * |
||
24 | * @var integer |
||
25 | */ |
||
26 | public $php_handling = SMARTY_PHP_PASSTHRU; |
||
27 | |||
28 | /** |
||
29 | * This is the list of template directories that are considered secure. |
||
30 | * One directory per array element. |
||
31 | * $template_dir is in this list implicitly. |
||
32 | * |
||
33 | * @var array |
||
34 | */ |
||
35 | public $secure_dir = array(); |
||
36 | |||
37 | |||
38 | /** |
||
39 | * This is an array of directories where trusted php scripts reside. |
||
40 | * {@link $security} is disabled during their inclusion/execution. |
||
41 | * |
||
42 | * @var array |
||
43 | */ |
||
44 | public $trusted_dir = array(); |
||
45 | |||
46 | |||
47 | /** |
||
48 | * This is an array of trusted PHP functions. |
||
49 | * |
||
50 | * If empty all functions are allowed. |
||
51 | * If set to 'none' none is allowed. |
||
52 | * @var array |
||
53 | */ |
||
54 | public $php_functions = array('isset', 'empty', |
||
55 | 'count', 'sizeof','in_array', 'is_array','time','nl2br'); |
||
56 | |||
57 | /** |
||
58 | * This is an array of trusted modifers. |
||
59 | * |
||
60 | * If empty all modifiers are allowed. |
||
61 | * If set to 'none' none is allowed. |
||
62 | * @var array |
||
63 | */ |
||
64 | public $modifiers = array('escape','count'); |
||
65 | |||
66 | /** |
||
67 | * This is an array of trusted streams. |
||
68 | * |
||
69 | * If empty all streams are allowed. |
||
70 | * If set to 'none' none is allowed. |
||
71 | * @var array |
||
72 | */ |
||
73 | public $streams = array('file'); |
||
74 | /** |
||
75 | + flag if constants can be accessed from template |
||
76 | */ |
||
77 | public $allow_constants = true; |
||
78 | /** |
||
79 | + flag if {php} tag can be executed |
||
80 | */ |
||
81 | public $allow_php_tag = false; |
||
82 | } |
||
83 | |||
84 | ?> |