Содержимое файла | Последнее изменение | Открыть журнал | RSS
| Редакция | Автор | № строки | Строка |
|---|---|---|---|
| 304 | alex-w | 1 | <?php |
| 2 | /** |
||
| 3 | * Smarty Internal Plugin Security Handler |
||
| 4 | * |
||
| 5 | * @package Smarty |
||
| 6 | * @subpackage Security |
||
| 7 | * @author Uwe Tews |
||
| 8 | */ |
||
| 9 | /** |
||
| 10 | * This class contains all methods for security checking |
||
| 11 | */ |
||
| 12 | class Smarty_Internal_Security_Handler { |
||
| 13 | function __construct($smarty) |
||
| 14 | { |
||
| 15 | $this->smarty = $smarty; |
||
| 16 | } |
||
| 17 | /** |
||
| 18 | * Check if PHP function is trusted. |
||
| 19 | * |
||
| 20 | * @param string $function_name |
||
| 21 | * @param object $compiler compiler object |
||
| 22 | * @return boolean true if function is trusted |
||
| 23 | */ |
||
| 24 | function isTrustedPhpFunction($function_name, $compiler) |
||
| 25 | { |
||
| 26 | if (empty($this->smarty->security_policy->php_functions) || in_array($function_name, $this->smarty->security_policy->php_functions)) { |
||
| 27 | return true; |
||
| 28 | } else { |
||
| 29 | $compiler->trigger_template_error ("PHP function \"" . $function_name . "\" not allowed by security setting"); |
||
| 30 | return false; |
||
| 31 | } |
||
| 32 | } |
||
| 33 | |||
| 34 | /** |
||
| 35 | * Check if modifier is trusted. |
||
| 36 | * |
||
| 37 | * @param string $modifier_name |
||
| 38 | * @param object $compiler compiler object |
||
| 39 | * @return boolean true if modifier is trusted |
||
| 40 | */ |
||
| 41 | function isTrustedModifier($modifier_name, $compiler) |
||
| 42 | { |
||
| 43 | if (empty($this->smarty->security_policy->modifiers) || in_array($modifier_name, $this->smarty->security_policy->modifiers)) { |
||
| 44 | return true; |
||
| 45 | } else { |
||
| 46 | $compiler->trigger_template_error ("modifier \"" . $modifier_name . "\" not allowed by security setting"); |
||
| 47 | return false; |
||
| 48 | } |
||
| 49 | } |
||
| 50 | /** |
||
| 51 | * Check if stream is trusted. |
||
| 52 | * |
||
| 53 | * @param string $stream_name |
||
| 54 | * @param object $compiler compiler object |
||
| 55 | * @return boolean true if stream is trusted |
||
| 56 | */ |
||
| 57 | function isTrustedStream($stream_name) |
||
| 58 | { |
||
| 59 | if (empty($this->smarty->security_policy->streams) || in_array($stream_name, $this->smarty->security_policy->streams)) { |
||
| 60 | return true; |
||
| 61 | } else { |
||
| 62 | throw new Exception ("stream \"" . $stream_name . "\" not allowed by security setting"); |
||
| 63 | return false; |
||
| 64 | } |
||
| 65 | } |
||
| 66 | |||
| 67 | /** |
||
| 68 | * Check if directory of file resource is trusted. |
||
| 69 | * |
||
| 70 | * @param string $filepath |
||
| 71 | * @param object $compiler compiler object |
||
| 72 | * @return boolean true if directory is trusted |
||
| 73 | */ |
||
| 74 | function isTrustedResourceDir($filepath) |
||
| 75 | { |
||
| 76 | $_rp = realpath($filepath); |
||
| 77 | if (isset($this->smarty->template_dir)) { |
||
| 78 | foreach ((array)$this->smarty->template_dir as $curr_dir) { |
||
| 79 | if (($_cd = realpath($curr_dir)) !== false && |
||
| 80 | strncmp($_rp, $_cd, strlen($_cd)) == 0 && |
||
| 81 | (strlen($_rp) == strlen($_cd) || substr($_rp, strlen($_cd), 1) == DS)) { |
||
| 82 | return true; |
||
| 83 | } |
||
| 84 | } |
||
| 85 | } |
||
| 86 | if (!empty($this->smarty->security_policy->secure_dir)) { |
||
| 87 | foreach ((array)$this->smarty->security_policy->secure_dir as $curr_dir) { |
||
| 88 | if (($_cd = realpath($curr_dir)) !== false) { |
||
| 89 | if ($_cd == $_rp) { |
||
| 90 | return true; |
||
| 91 | } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 && |
||
| 92 | (strlen($_rp) == strlen($_cd) || substr($_rp, strlen($_cd), 1) == DS)) { |
||
| 93 | return true; |
||
| 94 | } |
||
| 95 | } |
||
| 96 | } |
||
| 97 | } |
||
| 98 | |||
| 99 | throw new Exception ("directory \"" . $_rp . "\" not allowed by security setting"); |
||
| 100 | return false; |
||
| 101 | } |
||
| 102 | /** |
||
| 103 | * Check if directory of file resource is trusted. |
||
| 104 | * |
||
| 105 | * @param string $filepath |
||
| 106 | * @param object $compiler compiler object |
||
| 107 | * @return boolean true if directory is trusted |
||
| 108 | */ |
||
| 109 | function isTrustedPHPDir($filepath) |
||
| 110 | { |
||
| 111 | $_rp = realpath($filepath); |
||
| 112 | if (!empty($this->smarty->security_policy->trusted_dir)) { |
||
| 113 | foreach ((array)$this->smarty->security_policy->trusted_dir as $curr_dir) { |
||
| 114 | if (($_cd = realpath($curr_dir)) !== false) { |
||
| 115 | if ($_cd == $_rp) { |
||
| 116 | return true; |
||
| 117 | } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 && |
||
| 118 | substr($_rp, strlen($_cd), 1) == DS) { |
||
| 119 | return true; |
||
| 120 | } |
||
| 121 | } |
||
| 122 | } |
||
| 123 | } |
||
| 124 | |||
| 125 | throw new Exception ("directory \"" . $_rp . "\" not allowed by security setting"); |
||
| 126 | return false; |
||
| 127 | } |
||
| 128 | } |
||
| 129 | |||
| 130 | ?> |