1 <?php
2 /**
3 * Smarty plugin
4 *
5 * @package Smarty
6 * @subpackage Security
7 * @author Uwe Tews
8 */
10 /**
11 * This class does contain the security settings
12 */
13 class Smarty_Security {
14 /**
15 * This determines how Smarty handles "<?php ... ?>" tags in templates.
16 * possible values:
17 * <ul>
18 * <li>SMARTY_PHP_PASSTHRU -> echo PHP tags as they are</li>
19 * <li>SMARTY_PHP_QUOTE -> escape tags as entities</li>
20 * <li>SMARTY_PHP_REMOVE -> remove php tags</li>
21 * <li>SMARTY_PHP_ALLOW -> execute php tags</li>
22 * </ul>
23 *
24 * @var integer
25 */
26 public $php_handling = SMARTY_PHP_PASSTHRU;
28 /**
29 * This is the list of template directories that are considered secure.
30 * One directory per array element.
31 * $template_dir is in this list implicitly.
32 *
33 * @var array
34 */
35 public $secure_dir = array();
38 /**
39 * This is an array of directories where trusted php scripts reside.
40 * {@link $security} is disabled during their inclusion/execution.
41 *
42 * @var array
43 */
44 public $trusted_dir = array();
47 /**
48 * This is an array of trusted static classes.
49 *
50 * If empty access to all static classes is allowed.
51 * If set to 'none' none is allowed.
52 * @var array
53 */
54 public $static_classes = array();
56 /**
57 * This is an array of trusted PHP functions.
58 *
59 * If empty all functions are allowed.
60 * If set to 'none' none is allowed.
61 * @var array
62 */
63 public $php_functions = array('isset', 'empty',
64 'count', 'sizeof','in_array', 'is_array','time','nl2br');
66 /**
67 * This is an array of trusted modifers.
68 *
69 * If empty all modifiers are allowed.
70 * If set to 'none' none is allowed.
71 * @var array
72 */
73 public $modifiers = array('escape','count');
75 /**
76 * This is an array of trusted streams.
77 *
78 * If empty all streams are allowed.
79 * If set to 'none' none is allowed.
80 * @var array
81 */
82 public $streams = array('file');
83 /**
84 + flag if constants can be accessed from template
85 */
86 public $allow_constants = true;
87 /**
88 + flag if super globals can be accessed from template
89 */
90 public $allow_super_globals = true;
91 /**
92 + flag if {php} tag can be executed
93 */
94 public $allow_php_tag = false;
95 }
97 ?>