include/smarty/internals/core.is_secure.php

   1 <?php
   2 /**
   3  * Smarty plugin
   4  * @package Smarty
   5  * @subpackage plugins
   6  */
   7
   8 /**
   9  * determines if a resource is secure or not.
  10  *
  11  * @param string $resource_type
  12  * @param string $resource_name
  13  * @return boolean
  14  */
  15
  16 //  $resource_type, $resource_name
  17
  18 function smarty_core_is_secure($params, &$smarty)
  19 {
  20     if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
  21         return true;
  22     }
  23
  24     if ($params['resource_type'] == 'file') {
  25         $_rp = realpath($params['resource_name']);
  26         if (isset($params['resource_base_path'])) {
  27             foreach ((array)$params['resource_base_path'] as $curr_dir) {
  28                 if ( ($_cd = realpath($curr_dir)) !== false &&
  29                      strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
  30                      $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) {
  31                     return true;
  32                 }
  33             }
  34         }
  35         if (!empty($smarty->secure_dir)) {
  36             foreach ((array)$smarty->secure_dir as $curr_dir) {
  37                 if ( ($_cd = realpath($curr_dir)) !== false &&
  38                      strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
  39                      $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) {
  40                     return true;
  41                 }
  42             }
  43         }
  44     } else {
  45         // resource is not on local file system
  46         return call_user_func_array(
  47             $smarty->_plugins['resource'][$params['resource_type']][0][2],
  48             array($params['resource_name'], &$smarty));
  49     }
  50
  51     return false;
  52 }
  53
  54 /* vim: set expandtab: */
  55
  56 ?>