library/smarty/libs/sysplugins/smarty_security.php
author Markus Bröker <broeker.markus@googlemail.com>
Fri, 13 Nov 2015 17:01:04 +0100
changeset 12 66b604c61e62
parent 0 4869aea77e21
permissions -rw-r--r--
Testreihe für die Datenbank-Klasse hinzu gefügt
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
0
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
     1
<?php
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
     2
/**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
     3
 * Smarty plugin
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
     4
 *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
     5
 * @package    Smarty
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
     6
 * @subpackage Security
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
     7
 * @author     Uwe Tews
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
     8
 */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
     9
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    10
/*
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    11
 * FIXME: Smarty_Security API
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    12
 *      - getter and setter instead of public properties would allow cultivating an internal cache properly
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    13
 *      - current implementation of isTrustedResourceDir() assumes that Smarty::$template_dir and Smarty::$config_dir are immutable
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    14
 *        the cache is killed every time either of the variables change. That means that two distinct Smarty objects with differing
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    15
 *        $template_dir or $config_dir should NOT share the same Smarty_Security instance,
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    16
 *        as this would lead to (severe) performance penalty! how should this be handled?
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    17
 */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    18
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    19
/**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    20
 * This class does contain the security settings
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    21
 */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    22
class Smarty_Security {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    23
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    24
     * This determines how Smarty handles "<?php ... ?>" tags in templates.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    25
     * possible values:
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    26
     * <ul>
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    27
     *   <li>Smarty::PHP_PASSTHRU -> echo PHP tags as they are</li>
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    28
     *   <li>Smarty::PHP_QUOTE    -> escape tags as entities</li>
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    29
     *   <li>Smarty::PHP_REMOVE   -> remove php tags</li>
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    30
     *   <li>Smarty::PHP_ALLOW    -> execute php tags</li>
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    31
     * </ul>
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    32
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    33
     * @var integer
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    34
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    35
    public $php_handling = Smarty::PHP_PASSTHRU;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    36
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    37
     * This is the list of template directories that are considered secure.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    38
     * $template_dir is in this list implicitly.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    39
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    40
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    41
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    42
    public $secure_dir = array();
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    43
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    44
     * This is an array of directories where trusted php scripts reside.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    45
     * {@link $security} is disabled during their inclusion/execution.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    46
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    47
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    48
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    49
    public $trusted_dir = array();
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    50
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    51
     * List of regular expressions (PCRE) that include trusted URIs
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    52
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    53
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    54
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    55
    public $trusted_uri = array();
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    56
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    57
     * List of trusted constants names
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    58
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    59
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    60
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    61
    public $trusted_constants = array();
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    62
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    63
     * This is an array of trusted static classes.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    64
     * If empty access to all static classes is allowed.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    65
     * If set to 'none' none is allowed.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    66
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    67
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    68
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    69
    public $static_classes = array();
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    70
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    71
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    72
     * This is an nested array of trusted classes and static methods.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    73
     * If empty access to all static classes and methods is allowed.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    74
     * Format:
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    75
     * array (
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    76
     *         'class_1' => array('method_1', 'method_2'), // allowed methods listed
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    77
     *         'class_2' => array(),                       // all methods of class allowed
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    78
     *       )
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    79
     * If set to null none is allowed.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    80
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    81
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    82
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    83
    public $trusted_static_methods = array();
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    84
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    85
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    86
     * This is an array of trusted static properties.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    87
     * If empty access to all static classes and properties is allowed.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    88
     * Format:
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    89
     * array (
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    90
     *         'class_1' => array('prop_1', 'prop_2'), // allowed properties listed
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    91
     *         'class_2' => array(),                   // all properties of class allowed
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    92
     *       )
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    93
     * If set to null none is allowed.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    94
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    95
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    96
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    97
    public $trusted_static_properties = array();
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    98
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
    99
     * This is an array of trusted PHP functions.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   100
     * If empty all functions are allowed.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   101
     * To disable all PHP functions set $php_functions = null.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   102
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   103
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   104
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   105
    public $php_functions = array(
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   106
        'isset', 'empty',
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   107
        'count', 'sizeof',
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   108
        'in_array', 'is_array',
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   109
        'time',
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   110
    );
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   111
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   112
     * This is an array of trusted PHP modifiers.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   113
     * If empty all modifiers are allowed.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   114
     * To disable all modifier set $php_modifiers = null.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   115
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   116
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   117
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   118
    public $php_modifiers = array(
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   119
        'escape',
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   120
        'count',
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   121
        'nl2br',
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   122
    );
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   123
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   124
     * This is an array of allowed tags.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   125
     * If empty no restriction by allowed_tags.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   126
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   127
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   128
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   129
    public $allowed_tags = array();
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   130
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   131
     * This is an array of disabled tags.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   132
     * If empty no restriction by disabled_tags.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   133
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   134
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   135
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   136
    public $disabled_tags = array();
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   137
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   138
     * This is an array of allowed modifier plugins.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   139
     * If empty no restriction by allowed_modifiers.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   140
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   141
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   142
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   143
    public $allowed_modifiers = array();
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   144
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   145
     * This is an array of disabled modifier plugins.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   146
     * If empty no restriction by disabled_modifiers.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   147
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   148
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   149
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   150
    public $disabled_modifiers = array();
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   151
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   152
     * This is an array of disabled special $smarty variables.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   153
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   154
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   155
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   156
    public $disabled_special_smarty_vars = array();
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   157
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   158
     * This is an array of trusted streams.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   159
     * If empty all streams are allowed.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   160
     * To disable all streams set $streams = null.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   161
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   162
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   163
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   164
    public $streams = array('file');
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   165
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   166
     * + flag if constants can be accessed from template
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   167
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   168
     * @var boolean
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   169
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   170
    public $allow_constants = true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   171
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   172
     * + flag if super globals can be accessed from template
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   173
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   174
     * @var boolean
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   175
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   176
    public $allow_super_globals = true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   177
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   178
     * max template nesting level
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   179
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   180
     * @var int
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   181
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   182
    public $max_template_nesting = 0;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   183
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   184
     * current template nesting level
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   185
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   186
     * @var int
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   187
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   188
    private $_current_template_nesting = 0;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   189
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   190
     * Cache for $resource_dir lookup
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   191
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   192
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   193
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   194
    protected $_resource_dir = null;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   195
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   196
     * Cache for $template_dir lookup
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   197
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   198
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   199
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   200
    protected $_template_dir = null;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   201
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   202
     * Cache for $config_dir lookup
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   203
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   204
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   205
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   206
    protected $_config_dir = null;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   207
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   208
     * Cache for $secure_dir lookup
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   209
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   210
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   211
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   212
    protected $_secure_dir = null;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   213
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   214
     * Cache for $php_resource_dir lookup
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   215
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   216
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   217
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   218
    protected $_php_resource_dir = null;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   219
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   220
     * Cache for $trusted_dir lookup
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   221
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   222
     * @var array
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   223
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   224
    protected $_trusted_dir = null;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   225
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   226
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   227
     * @param Smarty $smarty
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   228
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   229
    public function __construct($smarty) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   230
        $this->smarty = $smarty;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   231
    }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   232
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   233
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   234
     * Check if PHP function is trusted.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   235
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   236
     * @param  string $function_name
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   237
     * @param  object $compiler compiler object
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   238
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   239
     * @return boolean                 true if function is trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   240
     * @throws SmartyCompilerException if php function is not trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   241
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   242
    public function isTrustedPhpFunction($function_name, $compiler) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   243
        if (isset($this->php_functions) && (empty($this->php_functions) || in_array($function_name, $this->php_functions))) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   244
            return true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   245
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   246
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   247
        $compiler->trigger_template_error("PHP function '{$function_name}' not allowed by security setting");
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   248
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   249
        return false; // should not, but who knows what happens to the compiler in the future?
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   250
    }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   251
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   252
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   253
     * Check if static class is trusted.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   254
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   255
     * @param  string $class_name
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   256
     * @param  object $compiler compiler object
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   257
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   258
     * @return boolean                 true if class is trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   259
     * @throws SmartyCompilerException if static class is not trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   260
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   261
    public function isTrustedStaticClass($class_name, $compiler) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   262
        if (isset($this->static_classes) && (empty($this->static_classes) || in_array($class_name, $this->static_classes))) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   263
            return true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   264
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   265
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   266
        $compiler->trigger_template_error("access to static class '{$class_name}' not allowed by security setting");
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   267
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   268
        return false; // should not, but who knows what happens to the compiler in the future?
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   269
    }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   270
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   271
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   272
     * Check if static class method/property is trusted.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   273
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   274
     * @param  string $class_name
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   275
     * @param  string $params
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   276
     * @param  object $compiler compiler object
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   277
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   278
     * @return boolean                 true if class method is trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   279
     * @throws SmartyCompilerException if static class method is not trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   280
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   281
    public function isTrustedStaticClassAccess($class_name, $params, $compiler) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   282
        if (!isset($params[2])) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   283
            // fall back
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   284
            return $this->isTrustedStaticClass($class_name, $compiler);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   285
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   286
        if ($params[2] == 'method') {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   287
            $allowed = $this->trusted_static_methods;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   288
            $name = substr($params[0], 0, strpos($params[0], '('));
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   289
        } else {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   290
            $allowed = $this->trusted_static_properties;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   291
            // strip '$'
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   292
            $name = substr($params[0], 1);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   293
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   294
        if (isset($allowed)) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   295
            if (empty($allowed)) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   296
                // fall back
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   297
                return $this->isTrustedStaticClass($class_name, $compiler);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   298
            }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   299
            if (isset($allowed[$class_name])
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   300
                && (empty($allowed[$class_name])
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   301
                    || in_array($name, $allowed[$class_name]))
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   302
            ) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   303
                return true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   304
            }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   305
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   306
        $compiler->trigger_template_error("access to static class '{$class_name}' {$params[2]} '{$name}' not allowed by security setting");
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   307
        return false; // should not, but who knows what happens to the compiler in the future?
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   308
    }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   309
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   310
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   311
     * Check if PHP modifier is trusted.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   312
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   313
     * @param  string $modifier_name
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   314
     * @param  object $compiler compiler object
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   315
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   316
     * @return boolean                 true if modifier is trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   317
     * @throws SmartyCompilerException if modifier is not trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   318
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   319
    public function isTrustedPhpModifier($modifier_name, $compiler) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   320
        if (isset($this->php_modifiers) && (empty($this->php_modifiers) || in_array($modifier_name, $this->php_modifiers))) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   321
            return true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   322
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   323
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   324
        $compiler->trigger_template_error("modifier '{$modifier_name}' not allowed by security setting");
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   325
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   326
        return false; // should not, but who knows what happens to the compiler in the future?
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   327
    }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   328
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   329
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   330
     * Check if tag is trusted.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   331
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   332
     * @param  string $tag_name
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   333
     * @param  object $compiler compiler object
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   334
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   335
     * @return boolean                 true if tag is trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   336
     * @throws SmartyCompilerException if modifier is not trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   337
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   338
    public function isTrustedTag($tag_name, $compiler) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   339
        // check for internal always required tags
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   340
        if (in_array($tag_name, array('assign', 'call', 'private_filter', 'private_block_plugin', 'private_function_plugin', 'private_object_block_function',
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   341
            'private_object_function', 'private_registered_function', 'private_registered_block', 'private_special_variable', 'private_print_expression', 'private_modifier'))
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   342
        ) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   343
            return true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   344
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   345
        // check security settings
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   346
        if (empty($this->allowed_tags)) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   347
            if (empty($this->disabled_tags) || !in_array($tag_name, $this->disabled_tags)) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   348
                return true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   349
            } else {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   350
                $compiler->trigger_template_error("tag '{$tag_name}' disabled by security setting", $compiler->lex->taglineno);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   351
            }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   352
        } elseif (in_array($tag_name, $this->allowed_tags) && !in_array($tag_name, $this->disabled_tags)) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   353
            return true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   354
        } else {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   355
            $compiler->trigger_template_error("tag '{$tag_name}' not allowed by security setting", $compiler->lex->taglineno);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   356
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   357
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   358
        return false; // should not, but who knows what happens to the compiler in the future?
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   359
    }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   360
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   361
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   362
     * Check if special $smarty variable is trusted.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   363
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   364
     * @param  string $var_name
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   365
     * @param  object $compiler compiler object
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   366
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   367
     * @return boolean                 true if tag is trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   368
     * @throws SmartyCompilerException if modifier is not trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   369
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   370
    public function isTrustedSpecialSmartyVar($var_name, $compiler) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   371
        if (!in_array($var_name, $this->disabled_special_smarty_vars)) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   372
            return true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   373
        } else {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   374
            $compiler->trigger_template_error("special variable '\$smarty.{$var_name}' not allowed by security setting", $compiler->lex->taglineno);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   375
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   376
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   377
        return false; // should not, but who knows what happens to the compiler in the future?
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   378
    }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   379
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   380
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   381
     * Check if modifier plugin is trusted.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   382
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   383
     * @param  string $modifier_name
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   384
     * @param  object $compiler compiler object
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   385
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   386
     * @return boolean                 true if tag is trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   387
     * @throws SmartyCompilerException if modifier is not trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   388
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   389
    public function isTrustedModifier($modifier_name, $compiler) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   390
        // check for internal always allowed modifier
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   391
        if (in_array($modifier_name, array('default'))) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   392
            return true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   393
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   394
        // check security settings
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   395
        if (empty($this->allowed_modifiers)) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   396
            if (empty($this->disabled_modifiers) || !in_array($modifier_name, $this->disabled_modifiers)) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   397
                return true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   398
            } else {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   399
                $compiler->trigger_template_error("modifier '{$modifier_name}' disabled by security setting", $compiler->lex->taglineno);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   400
            }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   401
        } elseif (in_array($modifier_name, $this->allowed_modifiers) && !in_array($modifier_name, $this->disabled_modifiers)) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   402
            return true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   403
        } else {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   404
            $compiler->trigger_template_error("modifier '{$modifier_name}' not allowed by security setting", $compiler->lex->taglineno);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   405
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   406
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   407
        return false; // should not, but who knows what happens to the compiler in the future?
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   408
    }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   409
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   410
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   411
     * Check if constants are enabled or trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   412
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   413
     * @param  string $const contant name
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   414
     * @param  object $compiler compiler object
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   415
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   416
     * @return bool
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   417
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   418
    public function isTrustedConstant($const, $compiler) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   419
        if (in_array($const, array('true', 'false', 'null'))) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   420
            return true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   421
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   422
        if (!empty($this->trusted_constants)) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   423
            if (!in_array($const, $this->trusted_constants)) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   424
                $compiler->trigger_template_error("Security: access to constant '{$const}' not permitted");
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   425
                return false;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   426
            }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   427
            return true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   428
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   429
        if ($this->allow_constants) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   430
            return true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   431
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   432
        $compiler->trigger_template_error("Security: access to constants not permitted");
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   433
        return false;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   434
    }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   435
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   436
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   437
     * Check if stream is trusted.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   438
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   439
     * @param  string $stream_name
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   440
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   441
     * @return boolean         true if stream is trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   442
     * @throws SmartyException if stream is not trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   443
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   444
    public function isTrustedStream($stream_name) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   445
        if (isset($this->streams) && (empty($this->streams) || in_array($stream_name, $this->streams))) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   446
            return true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   447
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   448
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   449
        throw new SmartyException("stream '{$stream_name}' not allowed by security setting");
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   450
    }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   451
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   452
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   453
     * Check if directory of file resource is trusted.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   454
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   455
     * @param  string $filepath
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   456
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   457
     * @return boolean         true if directory is trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   458
     * @throws SmartyException if directory is not trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   459
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   460
    public function isTrustedResourceDir($filepath) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   461
        $_template = false;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   462
        $_config = false;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   463
        $_secure = false;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   464
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   465
        $_template_dir = $this->smarty->getTemplateDir();
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   466
        $_config_dir = $this->smarty->getConfigDir();
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   467
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   468
        // check if index is outdated
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   469
        if ((!$this->_template_dir || $this->_template_dir !== $_template_dir)
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   470
            || (!$this->_config_dir || $this->_config_dir !== $_config_dir)
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   471
            || (!empty($this->secure_dir) && (!$this->_secure_dir || $this->_secure_dir !== $this->secure_dir))
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   472
        ) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   473
            $this->_resource_dir = array();
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   474
            $_template = true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   475
            $_config = true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   476
            $_secure = !empty($this->secure_dir);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   477
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   478
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   479
        // rebuild template dir index
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   480
        if ($_template) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   481
            $this->_template_dir = $_template_dir;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   482
            foreach ($_template_dir as $directory) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   483
                $directory = realpath($directory);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   484
                $this->_resource_dir[$directory] = true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   485
            }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   486
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   487
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   488
        // rebuild config dir index
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   489
        if ($_config) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   490
            $this->_config_dir = $_config_dir;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   491
            foreach ($_config_dir as $directory) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   492
                $directory = realpath($directory);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   493
                $this->_resource_dir[$directory] = true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   494
            }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   495
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   496
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   497
        // rebuild secure dir index
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   498
        if ($_secure) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   499
            $this->_secure_dir = $this->secure_dir;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   500
            foreach ((array)$this->secure_dir as $directory) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   501
                $directory = realpath($directory);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   502
                $this->_resource_dir[$directory] = true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   503
            }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   504
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   505
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   506
        $_filepath = realpath($filepath);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   507
        $directory = dirname($_filepath);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   508
        $_directory = array();
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   509
        while (true) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   510
            // remember the directory to add it to _resource_dir in case we're successful
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   511
            $_directory[$directory] = true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   512
            // test if the directory is trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   513
            if (isset($this->_resource_dir[$directory])) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   514
                // merge sub directories of current $directory into _resource_dir to speed up subsequent lookup
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   515
                $this->_resource_dir = array_merge($this->_resource_dir, $_directory);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   516
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   517
                return true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   518
            }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   519
            // abort if we've reached root
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   520
            if (($pos = strrpos($directory, DS)) === false || !isset($directory[1])) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   521
                break;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   522
            }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   523
            // bubble up one level
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   524
            $directory = substr($directory, 0, $pos);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   525
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   526
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   527
        // give up
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   528
        throw new SmartyException("directory '{$_filepath}' not allowed by security setting");
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   529
    }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   530
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   531
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   532
     * Check if URI (e.g. {fetch} or {html_image}) is trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   533
     * To simplify things, isTrustedUri() resolves all input to "{$PROTOCOL}://{$HOSTNAME}".
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   534
     * So "http://username:password@hello.world.example.org:8080/some-path?some=query-string"
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   535
     * is reduced to "http://hello.world.example.org" prior to applying the patters from {@link $trusted_uri}.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   536
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   537
     * @param  string $uri
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   538
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   539
     * @return boolean         true if URI is trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   540
     * @throws SmartyException if URI is not trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   541
     * @uses $trusted_uri for list of patterns to match against $uri
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   542
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   543
    public function isTrustedUri($uri) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   544
        $_uri = parse_url($uri);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   545
        if (!empty($_uri['scheme']) && !empty($_uri['host'])) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   546
            $_uri = $_uri['scheme'] . '://' . $_uri['host'];
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   547
            foreach ($this->trusted_uri as $pattern) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   548
                if (preg_match($pattern, $_uri)) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   549
                    return true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   550
                }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   551
            }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   552
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   553
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   554
        throw new SmartyException("URI '{$uri}' not allowed by security setting");
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   555
    }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   556
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   557
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   558
     * Check if directory of file resource is trusted.
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   559
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   560
     * @param  string $filepath
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   561
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   562
     * @return boolean         true if directory is trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   563
     * @throws SmartyException if PHP directory is not trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   564
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   565
    public function isTrustedPHPDir($filepath) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   566
        if (empty($this->trusted_dir)) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   567
            throw new SmartyException("directory '{$filepath}' not allowed by security setting (no trusted_dir specified)");
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   568
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   569
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   570
        // check if index is outdated
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   571
        if (!$this->_trusted_dir || $this->_trusted_dir !== $this->trusted_dir) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   572
            $this->_php_resource_dir = array();
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   573
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   574
            $this->_trusted_dir = $this->trusted_dir;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   575
            foreach ((array)$this->trusted_dir as $directory) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   576
                $directory = realpath($directory);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   577
                $this->_php_resource_dir[$directory] = true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   578
            }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   579
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   580
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   581
        $_filepath = realpath($filepath);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   582
        $directory = dirname($_filepath);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   583
        $_directory = array();
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   584
        while (true) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   585
            // remember the directory to add it to _resource_dir in case we're successful
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   586
            $_directory[] = $directory;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   587
            // test if the directory is trusted
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   588
            if (isset($this->_php_resource_dir[$directory])) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   589
                // merge sub directories of current $directory into _resource_dir to speed up subsequent lookup
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   590
                $this->_php_resource_dir = array_merge($this->_php_resource_dir, $_directory);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   591
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   592
                return true;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   593
            }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   594
            // abort if we've reached root
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   595
            if (($pos = strrpos($directory, DS)) === false || !isset($directory[2])) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   596
                break;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   597
            }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   598
            // bubble up one level
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   599
            $directory = substr($directory, 0, $pos);
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   600
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   601
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   602
        throw new SmartyException("directory '{$_filepath}' not allowed by security setting");
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   603
    }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   604
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   605
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   606
     * Start template processing
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   607
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   608
     * @param $template
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   609
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   610
     * @throws SmartyException
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   611
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   612
    public function startTemplate($template) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   613
        if ($this->max_template_nesting > 0 && $this->_current_template_nesting++ >= $this->max_template_nesting) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   614
            throw new SmartyException("maximum template nesting level of '{$this->max_template_nesting}' exceeded when calling '{$template->template_resource}'");
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   615
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   616
    }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   617
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   618
    /**
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   619
     * Exit template processing
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   620
     *
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   621
     * @param $template
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   622
     */
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   623
    public function exitTemplate($template) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   624
        if ($this->max_template_nesting > 0) {
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   625
            $this->_current_template_nesting--;
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   626
        }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   627
    }
4869aea77e21 Bröker-Framework BFW-1
Markus Bröker <broeker.markus@googlemail.com>
parents:
diff changeset
   628
}