This class does contain the security settings
| Methods | ||||||
|---|---|---|---|---|---|---|
public
|
__construct(Smarty $smarty)
|
# | ||||
public
|
isTrustedPhpFunction(string $function_name, object $compiler): boolean
Check if PHP function is trusted.
Check if PHP function is trusted. Parameters
Returnstrue if function is trusted |
# | ||||
public
|
isTrustedStaticClass(string $class_name, object $compiler): boolean
Check if static class is trusted.
Check if static class is trusted. Parameters
Returnstrue if class is trusted |
# | ||||
public
|
isTrustedStaticClassAccess(string $class_name, string $params, object $compiler): boolean
Check if static class method/property is trusted.
Check if static class method/property is trusted. Parameters
Returnstrue if class method is trusted |
# | ||||
public
|
isTrustedPhpModifier(string $modifier_name, object $compiler): boolean
Check if PHP modifier is trusted.
Check if PHP modifier is trusted. Parameters
Returnstrue if modifier is trusted |
# | ||||
public
|
isTrustedTag(string $tag_name, object $compiler): boolean
Check if tag is trusted.
Check if tag is trusted. Parameters
Returnstrue if tag is trusted |
# | ||||
public
|
isTrustedSpecialSmartyVar(string $var_name, object $compiler): boolean
Check if special $smarty variable is trusted.
Check if special $smarty variable is trusted. Parameters
Returnstrue if tag is trusted |
# | ||||
public
|
isTrustedModifier(string $modifier_name, object $compiler): boolean
Check if modifier plugin is trusted.
Check if modifier plugin is trusted. Parameters
Returnstrue if tag is trusted |
# | ||||
public
|
isTrustedConstant(string $const, object $compiler): bool
Check if constants are enabled or trusted
Check if constants are enabled or trusted Parameters
|
# | ||||
public
|
isTrustedStream(string $stream_name): boolean
Check if stream is trusted.
Check if stream is trusted. Returnstrue if stream is trusted Throws
|
# | ||||
public
|
isTrustedResourceDir(string $filepath, null|bool $isConfig = null): bool
Check if directory of file resource is trusted.
Check if directory of file resource is trusted. Returnstrue if directory is trusted Throws
|
# | ||||
public
|
isTrustedUri(string $uri): boolean
Check if URI (e.g. {fetch} or {html_image}) is trusted
To simplify things, isTrustedUri() resolves all input to "{…
Check if URI (e.g. {fetch} or {html_image}) is trusted To simplify things, isTrustedUri() resolves all input to "{$PROTOCOL}://{$HOSTNAME}". So "http://username:password@hello.world.example.org:8080/some-path?some=query-string" is reduced to "http://hello.world.example.org" prior to applying the patters from {@link $trusted_uri}. Returnstrue if URI is trusted Throws
|
# | ||||
public
|
isTrustedPHPDir(string $filepath): boolean
Check if directory of file resource is trusted.
Check if directory of file resource is trusted. Returnstrue if directory is trusted Throws
|
# | ||||
public
static
|
enableSecurity(Smarty $smarty, string|Smarty_Security $security_class): Smarty
Loads security class and enables security
Loads security class and enables security Parameters
Returnscurrent Smarty instance for chaining Throws
|
# | ||||
public
|
startTemplate($template)
Start template processing
|
# | ||||
public
|
endTemplate()
Exit template processing
Exit template processing |
# | ||||
public
|
registerCallBacks(Smarty_Internal_Template $template)
Register callback functions call at start/end of template rendering
Register callback functions call at start/end of template rendering |
# | ||||
| Properties | |||
|---|---|---|---|
public
|
integer
|
$php_handling = Smarty::PHP_PASSTHRU
|
# |
public
|
array
|
$secure_dir = []
|
# |
public
|
array
|
$trusted_dir = []
|
# |
public
|
array
|
$trusted_uri = []
|
# |
public
|
array
|
$trusted_constants = []
|
# |
public
|
array
|
$static_classes = []
|
# |
public
|
array
|
$trusted_static_methods = []
|
# |
public
|
array
|
$trusted_static_properties = []
|
# |
public
|
array
|
$php_functions = ['isset', 'empty', 'count', 'sizeof', 'in_array', 'is_array', 'time']
|
# |
public
|
array
|
$php_modifiers = ['escape', 'count', 'nl2br']
|
# |
public
|
array
|
$allowed_tags = []
|
# |
public
|
array
|
$disabled_tags = []
|
# |
public
|
array
|
$allowed_modifiers = []
|
# |
public
|
array
|
$disabled_modifiers = []
|
# |
public
|
array
|
$disabled_special_smarty_vars = []
|
# |
public
|
array
|
$streams = ['file']
|
# |
public
|
boolean
|
$allow_constants = true
|
# |
public
|
boolean
|
$allow_super_globals = true
|
# |
public
|
int
|
$max_template_nesting = 0
|
# |
protected
|
array
|
$_resource_dir = []
|
# |
protected
|
array
|
$_template_dir = []
|
# |
protected
|
array
|
$_config_dir = []
|
# |
protected
|
array
|
$_secure_dir = []
|
# |
protected
|
array
|
$_php_resource_dir = null
|
# |
protected
|
array
|
$_trusted_dir = null
|
# |
protected
|
bool
|
$_include_path_status = false
|
# |
protected
|
array
|
$_include_dir = []
|
# |