/*
* FIXME: Smarty_Security API
* - getter and setter instead of public properties would allow cultivating an internal cache properly
* - current implementation of isTrustedResourceDir() assumes that Smarty::$template_dir and Smarty::$config_dir are immutable
* the cache is killed every time either of the variables change. That means that two distinct Smarty objects with differing
/*
* FIXME: Smarty_Security API
* - getter and setter instead of public properties would allow cultivating an internal cache properly
* - current implementation of isTrustedResourceDir() assumes that Smarty::$template_dir and Smarty::$config_dir are immutable
* the cache is killed every time either of the variables change. That means that two distinct Smarty objects with differing
- * $template_dir or $config_dir should NOT share the same Smarty_Security instance,
- * as this would lead to (severe) performance penalty! how should this be handled?
+ * $template_dir or $config_dir should NOT share the same Smarty_Security instance,
+ * as this would lead to (severe) performance penalty! how should this be handled?
- * @param string $function_name
- * @param object $compiler compiler object
- * @return boolean true if function is trusted
+ * @param string $function_name
+ * @param object $compiler compiler object
+ *
+ * @return boolean true if function is trusted
* @throws SmartyCompilerException if php function is not trusted
*/
public function isTrustedPhpFunction($function_name, $compiler)
* @throws SmartyCompilerException if php function is not trusted
*/
public function isTrustedPhpFunction($function_name, $compiler)
return false; // should not, but who knows what happens to the compiler in the future?
}
/**
* Check if static class is trusted.
*
return false; // should not, but who knows what happens to the compiler in the future?
}
/**
* Check if static class is trusted.
*
- * @param string $class_name
- * @param object $compiler compiler object
- * @return boolean true if class is trusted
+ * @param string $class_name
+ * @param object $compiler compiler object
+ *
+ * @return boolean true if class is trusted
* @throws SmartyCompilerException if static class is not trusted
*/
public function isTrustedStaticClass($class_name, $compiler)
* @throws SmartyCompilerException if static class is not trusted
*/
public function isTrustedStaticClass($class_name, $compiler)
return false; // should not, but who knows what happens to the compiler in the future?
}
/**
* Check if PHP modifier is trusted.
*
return false; // should not, but who knows what happens to the compiler in the future?
}
/**
* Check if PHP modifier is trusted.
*
- * @param string $modifier_name
- * @param object $compiler compiler object
- * @return boolean true if modifier is trusted
+ * @param string $modifier_name
+ * @param object $compiler compiler object
+ *
+ * @return boolean true if modifier is trusted
* @throws SmartyCompilerException if modifier is not trusted
*/
public function isTrustedPhpModifier($modifier_name, $compiler)
* @throws SmartyCompilerException if modifier is not trusted
*/
public function isTrustedPhpModifier($modifier_name, $compiler)
return false; // should not, but who knows what happens to the compiler in the future?
}
/**
* Check if tag is trusted.
*
return false; // should not, but who knows what happens to the compiler in the future?
}
/**
* Check if tag is trusted.
*
- * @param string $tag_name
- * @param object $compiler compiler object
- * @return boolean true if tag is trusted
+ * @param string $tag_name
+ * @param object $compiler compiler object
+ *
+ * @return boolean true if tag is trusted
* @throws SmartyCompilerException if modifier is not trusted
*/
public function isTrustedTag($tag_name, $compiler)
{
// check for internal always required tags
if (in_array($tag_name, array('assign', 'call', 'private_filter', 'private_block_plugin', 'private_function_plugin', 'private_object_block_function',
* @throws SmartyCompilerException if modifier is not trusted
*/
public function isTrustedTag($tag_name, $compiler)
{
// check for internal always required tags
if (in_array($tag_name, array('assign', 'call', 'private_filter', 'private_block_plugin', 'private_function_plugin', 'private_object_block_function',
- 'private_object_function', 'private_registered_function', 'private_registered_block', 'private_special_variable', 'private_print_expression', 'private_modifier'))) {
+ 'private_object_function', 'private_registered_function', 'private_registered_block', 'private_special_variable', 'private_print_expression', 'private_modifier'))
+ ) {
- } else if (in_array($tag_name, $this->allowed_tags) && !in_array($tag_name, $this->disabled_tags)) {
+ } elseif (in_array($tag_name, $this->allowed_tags) && !in_array($tag_name, $this->disabled_tags)) {
return false; // should not, but who knows what happens to the compiler in the future?
}
/**
* Check if modifier plugin is trusted.
*
return false; // should not, but who knows what happens to the compiler in the future?
}
/**
* Check if modifier plugin is trusted.
*
- * @param string $modifier_name
- * @param object $compiler compiler object
- * @return boolean true if tag is trusted
+ * @param string $modifier_name
+ * @param object $compiler compiler object
+ *
+ * @return boolean true if tag is trusted
* @throws SmartyCompilerException if modifier is not trusted
*/
public function isTrustedModifier($modifier_name, $compiler)
* @throws SmartyCompilerException if modifier is not trusted
*/
public function isTrustedModifier($modifier_name, $compiler)
- } else if (in_array($modifier_name, $this->allowed_modifiers) && !in_array($modifier_name, $this->disabled_modifiers)) {
+ } elseif (in_array($modifier_name, $this->allowed_modifiers) && !in_array($modifier_name, $this->disabled_modifiers)) {
return false; // should not, but who knows what happens to the compiler in the future?
}
/**
* Check if stream is trusted.
*
return false; // should not, but who knows what happens to the compiler in the future?
}
/**
* Check if stream is trusted.
*
* @throws SmartyException if directory is not trusted
*/
public function isTrustedResourceDir($filepath)
* @throws SmartyException if directory is not trusted
*/
public function isTrustedResourceDir($filepath)
- || (!$this->_config_dir || $this->_config_dir !== $_config_dir)
- || (!empty($this->secure_dir) && (!$this->_secure_dir || $this->_secure_dir !== $this->secure_dir))
+ || (!$this->_config_dir || $this->_config_dir !== $_config_dir)
+ || (!empty($this->secure_dir) && (!$this->_secure_dir || $this->_secure_dir !== $this->secure_dir))
$_directory[$directory] = true;
// test if the directory is trusted
if (isset($this->_resource_dir[$directory])) {
$_directory[$directory] = true;
// test if the directory is trusted
if (isset($this->_resource_dir[$directory])) {
* To simplify things, isTrustedUri() resolves all input to "{$PROTOCOL}://{$HOSTNAME}".
* So "http://username:password@hello.world.example.org:8080/some-path?some=query-string"
* is reduced to "http://hello.world.example.org" prior to applying the patters from {@link $trusted_uri}.
* To simplify things, isTrustedUri() resolves all input to "{$PROTOCOL}://{$HOSTNAME}".
* So "http://username:password@hello.world.example.org:8080/some-path?some=query-string"
* is reduced to "http://hello.world.example.org" prior to applying the patters from {@link $trusted_uri}.
* @throws SmartyException if URI is not trusted
* @uses $trusted_uri for list of patterns to match against $uri
*/
* @throws SmartyException if URI is not trusted
* @uses $trusted_uri for list of patterns to match against $uri
*/
$_directory[] = $directory;
// test if the directory is trusted
if (isset($this->_php_resource_dir[$directory])) {
$_directory[] = $directory;
// test if the directory is trusted
if (isset($this->_php_resource_dir[$directory])) {