selinux-policy/www/smarty/internals/core.is_secure.php
2005-05-17 19:51:41 +00:00

57 lines
1.5 KiB
PHP

<?php
/**
* Smarty plugin
* @package Smarty
* @subpackage plugins
*/
/**
* determines if a resource is secure or not.
*
* @param string $resource_type
* @param string $resource_name
* @return boolean
*/
// $resource_type, $resource_name
function smarty_core_is_secure($params, &$smarty)
{
if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
return true;
}
if ($params['resource_type'] == 'file') {
$_rp = realpath($params['resource_name']);
if (isset($params['resource_base_path'])) {
foreach ((array)$params['resource_base_path'] as $curr_dir) {
if ( ($_cd = realpath($curr_dir)) !== false &&
strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
$_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) {
return true;
}
}
}
if (!empty($smarty->secure_dir)) {
foreach ((array)$smarty->secure_dir as $curr_dir) {
if ( ($_cd = realpath($curr_dir)) !== false &&
strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
$_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) {
return true;
}
}
}
} else {
// resource is not on local file system
return call_user_func_array(
$smarty->_plugins['resource'][$params['resource_type']][0][2],
array($params['resource_name'], &$smarty));
}
return false;
}
/* vim: set expandtab: */
?>