1: <?php
2: 3: 4: 5: 6:
7:
8: 9: 10: 11: 12: 13: 14:
15:
16:
17:
18: function smarty_core_is_secure($params, &$smarty)
19: {
20: if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
21: return true;
22: }
23:
24: if ($params['resource_type'] == 'file') {
25: $_rp = realpath($params['resource_name']);
26: if (isset($params['resource_base_path'])) {
27: foreach ((array)$params['resource_base_path'] as $curr_dir) {
28: if ( ($_cd = realpath($curr_dir)) !== false &&
29: strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
30: substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) {
31: return true;
32: }
33: }
34: }
35: if (!empty($smarty->secure_dir)) {
36: foreach ((array)$smarty->secure_dir as $curr_dir) {
37: if ( ($_cd = realpath($curr_dir)) !== false) {
38: if($_cd == $_rp) {
39: return true;
40: } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
41: substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) {
42: return true;
43: }
44: }
45: }
46: }
47: } else {
48:
49: return call_user_func_array(
50: $smarty->_plugins['resource'][$params['resource_type']][0][2],
51: array($params['resource_name'], &$smarty));
52: }
53:
54: return false;
55: }
56:
57:
58:
59: ?>
60: