GX-Task #46352 » Smarty_v3_1_29_Integration_Zwischenstand_fixed.patch
| src/includes/classes/Smarty/sysplugins/smarty_internal_method_getconfigvars.php (revision Shelved version) | ||
|---|---|---|
| 1 |
<?php |
|
| 2 |
|
|
| 3 |
/** |
|
| 4 |
* Smarty Method GetConfigVars |
|
| 5 |
* |
|
| 6 |
* Smarty::getConfigVars() method |
|
| 7 |
* |
|
| 8 |
* @package Smarty |
|
| 9 |
* @subpackage PluginsInternal |
|
| 10 |
* @author Uwe Tews |
|
| 11 |
*/ |
|
| 12 |
class Smarty_Internal_Method_GetConfigVars |
|
| 13 |
{
|
|
| 14 |
/** |
|
| 15 |
* Valid for all objects |
|
| 16 |
* |
|
| 17 |
* @var int |
|
| 18 |
*/ |
|
| 19 |
public $objMap = 7; |
|
| 20 |
|
|
| 21 |
/** |
|
| 22 |
* Returns a single or all config variables |
|
| 23 |
* |
|
| 24 |
* @api Smarty::getConfigVars() |
|
| 25 |
* @link http://www.smarty.net/docs/en/api.get.config.vars.tpl |
|
| 26 |
* |
|
| 27 |
* @param \Smarty_Internal_Data|\Smarty_Internal_Template|\Smarty $data |
|
| 28 |
* @param string $varname variable name or null |
|
| 29 |
* @param bool $search_parents include parent templates? |
|
| 30 |
* |
|
| 31 |
* @return mixed variable value or or array of variables |
|
| 32 |
*/ |
|
| 33 |
public function getConfigVars(Smarty_Internal_Data $data, $varname = null, $search_parents = true) |
|
| 34 |
{
|
|
| 35 |
$_ptr = $data; |
|
| 36 |
$var_array = array(); |
|
| 37 |
while ($_ptr !== null) {
|
|
| 38 |
if (isset($varname)) {
|
|
| 39 |
if (isset($_ptr->config_vars[$varname])) {
|
|
| 40 |
return $_ptr->config_vars[$varname]; |
|
| 41 |
} |
|
| 42 |
} else {
|
|
| 43 |
$var_array = array_merge($_ptr->config_vars, $var_array); |
|
| 44 |
} |
|
| 45 |
// not found, try at parent |
|
| 46 |
if ($search_parents) {
|
|
| 47 |
$_ptr = $_ptr->parent; |
|
| 48 |
} else {
|
|
| 49 |
$_ptr = null; |
|
| 50 |
} |
|
| 51 |
} |
|
| 52 |
if (isset($varname)) {
|
|
| 53 |
return ''; |
|
| 54 |
} else {
|
|
| 55 |
return $var_array; |
|
| 56 |
} |
|
| 57 |
} |
|
| 58 |
} |
|
| src/includes/classes/Smarty/sysplugins/smarty_internal_method_createdata.php (revision Shelved version) | ||
|---|---|---|
| 1 |
<?php |
|
| 2 |
|
|
| 3 |
/** |
|
| 4 |
* Smarty Method CreateData |
|
| 5 |
* |
|
| 6 |
* Smarty::createData() method |
|
| 7 |
* |
|
| 8 |
* @package Smarty |
|
| 9 |
* @subpackage PluginsInternal |
|
| 10 |
* @author Uwe Tews |
|
| 11 |
*/ |
|
| 12 |
class Smarty_Internal_Method_CreateData |
|
| 13 |
{
|
|
| 14 |
/** |
|
| 15 |
* Valid for Smarty and template object |
|
| 16 |
* |
|
| 17 |
* @var int |
|
| 18 |
*/ |
|
| 19 |
public $objMap = 3; |
|
| 20 |
|
|
| 21 |
/** |
|
| 22 |
* creates a data object |
|
| 23 |
* |
|
| 24 |
* @api Smarty::createData() |
|
| 25 |
* @link http://www.smarty.net/docs/en/api.create.data.tpl |
|
| 26 |
* |
|
| 27 |
* @param \Smarty_Internal_TemplateBase|\Smarty_Internal_Template|\Smarty $obj |
|
| 28 |
* @param \Smarty_Internal_Template|\Smarty_Internal_Data|\Smarty_Data|\Smarty $parent next higher level of Smarty |
|
| 29 |
* variables |
|
| 30 |
* @param string $name optional data block name |
|
| 31 |
* |
|
| 32 |
* @returns Smarty_Data data object |
|
| 33 |
*/ |
|
| 34 |
public function createData(Smarty_Internal_TemplateBase $obj, Smarty_Internal_Data $parent = null, $name = null) |
|
| 35 |
{
|
|
| 36 |
/* @var Smarty $smarty */ |
|
| 37 |
$smarty = isset($this->smarty) ? $this->smarty : $obj; |
|
| 38 |
$dataObj = new Smarty_Data($parent, $smarty, $name); |
|
| 39 |
if ($smarty->debugging) {
|
|
| 40 |
Smarty_Internal_Debug::register_data($dataObj); |
|
| 41 |
} |
|
| 42 |
return $dataObj; |
|
| 43 |
} |
|
| 44 |
} |
|
| src/includes/classes/Smarty/plugins/outputfilter.trimwhitespace.php (revision Shelved version) | ||
|---|---|---|
| 45 | 45 |
|
| 46 | 46 |
// capture html elements not to be messed with |
| 47 | 47 |
$_offset = 0; |
| 48 |
if (preg_match_all('#<(script|pre|textarea)[^>]*>.*?</\\1>#is', $source, $matches, PREG_OFFSET_CAPTURE | PREG_SET_ORDER)) {
|
|
| 48 |
if (preg_match_all('#(<script[^>]*>.*?</script[^>]*>)|(<textarea[^>]*>.*?</textarea[^>]*>)|(<pre[^>]*>.*?</pre[^>]*>)#is', $source, $matches, PREG_OFFSET_CAPTURE | PREG_SET_ORDER)) {
|
|
| 49 | 49 |
foreach ($matches as $match) {
|
| 50 | 50 |
$store[] = $match[0][0]; |
| 51 | 51 |
$_length = strlen($match[0][0]); |
| ... | ... | |
| 62 | 62 |
// can't remove them entirely, becaue that might break poorly implemented CSS display:inline-block elements |
| 63 | 63 |
'#(:SMARTY@!@|>)\s+(?=@!@SMARTY:|<)#s' => '\1 \2', |
| 64 | 64 |
// remove spaces between attributes (but not in attribute values!) |
| 65 |
'#(([a-z0-9]\s*=\s*(["\'])[^\3]*?\3)|<[a-z0-9_]+)\s+([a-z/>])#is' => '\1 \4',
|
|
| 65 |
'#(([a-z0-9]\s*=\s*("[^"]*?")|(\'[^\']*?\'))|<[a-z0-9_]+)\s+([a-z/>])#is' => '\1 \5',
|
|
| 66 | 66 |
// note: for some very weird reason trim() seems to remove spaces inside attributes. |
| 67 | 67 |
// maybe a \0 byte or something is interfering? |
| 68 | 68 |
'#^\s+<#Ss' => '<', |
| src/includes/classes/Smarty/sysplugins/smarty_resource_uncompiled.php (revision Shelved version) | ||
|---|---|---|
| 17 | 17 |
abstract class Smarty_Resource_Uncompiled extends Smarty_Resource |
| 18 | 18 |
{
|
| 19 | 19 |
/** |
| 20 |
* Flag that it's an uncompiled resource |
|
| 21 |
* |
|
| 22 |
* @var bool |
|
| 23 |
*/ |
|
| 24 |
public $uncompiled = true; |
|
| 25 |
|
|
| 26 |
/** |
|
| 27 |
* Resource does implement populateCompiledFilepath() method |
|
| 28 |
* |
|
| 29 |
* @var bool |
|
| 30 |
*/ |
|
| 31 |
public $hasCompiledHandler = true; |
|
| 32 |
|
|
| 33 |
/** |
|
| 20 | 34 |
* Render and output the template (without using the compiler) |
| 21 | 35 |
* |
| 22 | 36 |
* @param Smarty_Template_Source $source source object |
| ... | ... | |
| 37 | 51 |
$compiled->filepath = false; |
| 38 | 52 |
$compiled->timestamp = false; |
| 39 | 53 |
$compiled->exists = false; |
| 54 |
} |
|
| 55 |
|
|
| 56 |
/** |
|
| 57 |
* render compiled template code |
|
| 58 |
* |
|
| 59 |
* @param Smarty_Internal_Template $_template |
|
| 60 |
* |
|
| 61 |
* @return string |
|
| 62 |
* @throws Exception |
|
| 63 |
*/ |
|
| 64 |
public function render($_template) |
|
| 65 |
{
|
|
| 66 |
$level = ob_get_level(); |
|
| 67 |
ob_start(); |
|
| 68 |
try {
|
|
| 69 |
$this->renderUncompiled($_template->source, $_template); |
|
| 70 |
return ob_get_clean(); |
|
| 71 |
} |
|
| 72 |
catch (Exception $e) {
|
|
| 73 |
while (ob_get_level() > $level) {
|
|
| 74 |
ob_end_clean(); |
|
| 75 |
} |
|
| 76 |
throw $e; |
|
| 77 |
} |
|
| 40 | 78 |
} |
| 41 | 79 |
} |
| src/includes/classes/Smarty/sysplugins/smarty_internal_method_clearassign.php (revision Shelved version) | ||
|---|---|---|
| 1 |
<?php |
|
| 2 |
|
|
| 3 |
/** |
|
| 4 |
* Smarty Method ClearAssign |
|
| 5 |
* |
|
| 6 |
* Smarty::clearAssign() method |
|
| 7 |
* |
|
| 8 |
* @package Smarty |
|
| 9 |
* @subpackage PluginsInternal |
|
| 10 |
* @author Uwe Tews |
|
| 11 |
*/ |
|
| 12 |
class Smarty_Internal_Method_ClearAssign |
|
| 13 |
{
|
|
| 14 |
/** |
|
| 15 |
* Valid for all objects |
|
| 16 |
* |
|
| 17 |
* @var int |
|
| 18 |
*/ |
|
| 19 |
public $objMap = 7; |
|
| 20 |
|
|
| 21 |
/** |
|
| 22 |
* clear the given assigned template variable(s). |
|
| 23 |
* |
|
| 24 |
* @api Smarty::clearAssign() |
|
| 25 |
* @link http://www.smarty.net/docs/en/api.clear.assign.tpl |
|
| 26 |
* |
|
| 27 |
* @param \Smarty_Internal_Data|\Smarty_Internal_Template|\Smarty $data |
|
| 28 |
* @param string|array $tpl_var the template variable(s) to clear |
|
| 29 |
* |
|
| 30 |
* @return \Smarty_Internal_Data|\Smarty_Internal_Template|\Smarty |
|
| 31 |
*/ |
|
| 32 |
public function clearAssign(Smarty_Internal_Data $data, $tpl_var) |
|
| 33 |
{
|
|
| 34 |
if (is_array($tpl_var)) {
|
|
| 35 |
foreach ($tpl_var as $curr_var) {
|
|
| 36 |
unset($data->tpl_vars[$curr_var]); |
|
| 37 |
} |
|
| 38 |
} else {
|
|
| 39 |
unset($data->tpl_vars[$tpl_var]); |
|
| 40 |
} |
|
| 41 |
|
|
| 42 |
return $data; |
|
| 43 |
} |
|
| 44 |
} |
|
| src/includes/classes/Smarty/sysplugins/smarty_internal_method_getdefaultmodifiers.php (revision Shelved version) | ||
|---|---|---|
| 1 |
<?php |
|
| 2 |
|
|
| 3 |
/** |
|
| 4 |
* Smarty Method GetDefaultModifiers |
|
| 5 |
* |
|
| 6 |
* Smarty::getDefaultModifiers() method |
|
| 7 |
* |
|
| 8 |
* @package Smarty |
|
| 9 |
* @subpackage PluginsInternal |
|
| 10 |
* @author Uwe Tews |
|
| 11 |
*/ |
|
| 12 |
class Smarty_Internal_Method_GetDefaultModifiers |
|
| 13 |
{
|
|
| 14 |
/** |
|
| 15 |
* Valid for Smarty and template object |
|
| 16 |
* |
|
| 17 |
* @var int |
|
| 18 |
*/ |
|
| 19 |
public $objMap = 3; |
|
| 20 |
|
|
| 21 |
/** |
|
| 22 |
* Get default modifiers |
|
| 23 |
* |
|
| 24 |
* @api Smarty::getDefaultModifiers() |
|
| 25 |
* |
|
| 26 |
* @param \Smarty_Internal_TemplateBase|\Smarty_Internal_Template|\Smarty $obj |
|
| 27 |
* |
|
| 28 |
* @return array list of default modifiers |
|
| 29 |
*/ |
|
| 30 |
public function getDefaultModifiers(Smarty_Internal_TemplateBase $obj) |
|
| 31 |
{
|
|
| 32 |
$smarty = isset($obj->smarty) ? $obj->smarty : $obj; |
|
| 33 |
return $smarty->default_modifiers; |
|
| 34 |
} |
|
| 35 |
} |
|
| src/includes/classes/Smarty/sysplugins/smarty_security.php (revision Shelved version) | ||
|---|---|---|
| 34 | 34 |
* @var integer |
| 35 | 35 |
*/ |
| 36 | 36 |
public $php_handling = Smarty::PHP_PASSTHRU; |
| 37 |
|
|
| 37 | 38 |
/** |
| 38 | 39 |
* This is the list of template directories that are considered secure. |
| 39 | 40 |
* $template_dir is in this list implicitly. |
| ... | ... | |
| 41 | 42 |
* @var array |
| 42 | 43 |
*/ |
| 43 | 44 |
public $secure_dir = array(); |
| 45 |
|
|
| 44 | 46 |
/** |
| 45 | 47 |
* This is an array of directories where trusted php scripts reside. |
| 46 | 48 |
* {@link $security} is disabled during their inclusion/execution.
|
| ... | ... | |
| 48 | 50 |
* @var array |
| 49 | 51 |
*/ |
| 50 | 52 |
public $trusted_dir = array(); |
| 53 |
|
|
| 51 | 54 |
/** |
| 52 | 55 |
* List of regular expressions (PCRE) that include trusted URIs |
| 53 | 56 |
* |
| 54 | 57 |
* @var array |
| 55 | 58 |
*/ |
| 56 | 59 |
public $trusted_uri = array(); |
| 60 |
|
|
| 57 | 61 |
/** |
| 62 |
* List of trusted constants names |
|
| 63 |
* |
|
| 64 |
* @var array |
|
| 65 |
*/ |
|
| 66 |
public $trusted_constants = array(); |
|
| 67 |
|
|
| 68 |
/** |
|
| 69 |
* List of trusted constants names |
|
| 70 |
* |
|
| 71 |
* @var array |
|
| 72 |
*/ |
|
| 73 |
public $trusted_constants = array(); |
|
| 74 |
|
|
| 75 |
/** |
|
| 58 | 76 |
* This is an array of trusted static classes. |
| 59 | 77 |
* If empty access to all static classes is allowed. |
| 60 | 78 |
* If set to 'none' none is allowed. |
| ... | ... | |
| 62 | 80 |
* @var array |
| 63 | 81 |
*/ |
| 64 | 82 |
public $static_classes = array(); |
| 83 |
|
|
| 65 | 84 |
/** |
| 85 |
* This is an nested array of trusted classes and static methods. |
|
| 86 |
* If empty access to all static classes and methods is allowed. |
|
| 87 |
* Format: |
|
| 88 |
* array ( |
|
| 89 |
* 'class_1' => array('method_1', 'method_2'), // allowed methods listed
|
|
| 90 |
* 'class_2' => array(), // all methods of class allowed |
|
| 91 |
* ) |
|
| 92 |
* If set to null none is allowed. |
|
| 93 |
* |
|
| 94 |
* @var array |
|
| 95 |
*/ |
|
| 96 |
public $trusted_static_methods = array(); |
|
| 97 |
|
|
| 98 |
/** |
|
| 99 |
* This is an array of trusted static properties. |
|
| 100 |
* If empty access to all static classes and properties is allowed. |
|
| 101 |
* Format: |
|
| 102 |
* array ( |
|
| 103 |
* 'class_1' => array('prop_1', 'prop_2'), // allowed properties listed
|
|
| 104 |
* 'class_2' => array(), // all properties of class allowed |
|
| 105 |
* ) |
|
| 106 |
* If set to null none is allowed. |
|
| 107 |
* |
|
| 108 |
* @var array |
|
| 109 |
*/ |
|
| 110 |
public $trusted_static_properties = array(); |
|
| 111 |
|
|
| 112 |
/** |
|
| 113 |
* This is an nested array of trusted classes and static methods. |
|
| 114 |
* If empty access to all static classes and methods is allowed. |
|
| 115 |
* Format: |
|
| 116 |
* array ( |
|
| 117 |
* 'class_1' => array('method_1', 'method_2'), // allowed methods listed
|
|
| 118 |
* 'class_2' => array(), // all methods of class allowed |
|
| 119 |
* ) |
|
| 120 |
* If set to null none is allowed. |
|
| 121 |
* |
|
| 122 |
* @var array |
|
| 123 |
*/ |
|
| 124 |
public $trusted_static_methods = array(); |
|
| 125 |
|
|
| 126 |
/** |
|
| 127 |
* This is an array of trusted static properties. |
|
| 128 |
* If empty access to all static classes and properties is allowed. |
|
| 129 |
* Format: |
|
| 130 |
* array ( |
|
| 131 |
* 'class_1' => array('prop_1', 'prop_2'), // allowed properties listed
|
|
| 132 |
* 'class_2' => array(), // all properties of class allowed |
|
| 133 |
* ) |
|
| 134 |
* If set to null none is allowed. |
|
| 135 |
* |
|
| 136 |
* @var array |
|
| 137 |
*/ |
|
| 138 |
public $trusted_static_properties = array(); |
|
| 139 |
|
|
| 140 |
/** |
|
| 66 | 141 |
* This is an array of trusted PHP functions. |
| 67 | 142 |
* If empty all functions are allowed. |
| 68 | 143 |
* To disable all PHP functions set $php_functions = null. |
| 69 | 144 |
* |
| 70 | 145 |
* @var array |
| 71 | 146 |
*/ |
| 72 |
public $php_functions = array( |
|
| 73 |
'isset', 'empty', |
|
| 74 |
'count', 'sizeof', |
|
| 75 |
'in_array', 'is_array', |
|
| 76 |
'time', |
|
| 77 |
'nl2br', |
|
| 78 |
); |
|
| 147 |
public $php_functions = array('isset', 'empty', 'count', 'sizeof', 'in_array', 'is_array', 'time',);
|
|
| 148 |
|
|
| 79 | 149 |
/** |
| 80 | 150 |
* This is an array of trusted PHP modifiers. |
| 81 | 151 |
* If empty all modifiers are allowed. |
| ... | ... | |
| 83 | 153 |
* |
| 84 | 154 |
* @var array |
| 85 | 155 |
*/ |
| 86 |
public $php_modifiers = array( |
|
| 87 |
'escape', |
|
| 88 |
'count' |
|
| 89 |
); |
|
| 156 |
public $php_modifiers = array('escape', 'count', 'nl2br',);
|
|
| 157 |
|
|
| 90 | 158 |
/** |
| 91 | 159 |
* This is an array of allowed tags. |
| 92 | 160 |
* If empty no restriction by allowed_tags. |
| ... | ... | |
| 94 | 162 |
* @var array |
| 95 | 163 |
*/ |
| 96 | 164 |
public $allowed_tags = array(); |
| 165 |
|
|
| 97 | 166 |
/** |
| 98 | 167 |
* This is an array of disabled tags. |
| 99 | 168 |
* If empty no restriction by disabled_tags. |
| ... | ... | |
| 101 | 170 |
* @var array |
| 102 | 171 |
*/ |
| 103 | 172 |
public $disabled_tags = array(); |
| 173 |
|
|
| 104 | 174 |
/** |
| 105 | 175 |
* This is an array of allowed modifier plugins. |
| 106 | 176 |
* If empty no restriction by allowed_modifiers. |
| ... | ... | |
| 108 | 178 |
* @var array |
| 109 | 179 |
*/ |
| 110 | 180 |
public $allowed_modifiers = array(); |
| 181 |
|
|
| 111 | 182 |
/** |
| 112 | 183 |
* This is an array of disabled modifier plugins. |
| 113 | 184 |
* If empty no restriction by disabled_modifiers. |
| ... | ... | |
| 115 | 186 |
* @var array |
| 116 | 187 |
*/ |
| 117 | 188 |
public $disabled_modifiers = array(); |
| 189 |
|
|
| 118 | 190 |
/** |
| 191 |
* This is an array of disabled special $smarty variables. |
|
| 192 |
* |
|
| 193 |
* @var array |
|
| 194 |
*/ |
|
| 195 |
public $disabled_special_smarty_vars = array(); |
|
| 196 |
|
|
| 197 |
/** |
|
| 198 |
* This is an array of disabled special $smarty variables. |
|
| 199 |
* |
|
| 200 |
* @var array |
|
| 201 |
*/ |
|
| 202 |
public $disabled_special_smarty_vars = array(); |
|
| 203 |
|
|
| 204 |
/** |
|
| 119 | 205 |
* This is an array of trusted streams. |
| 120 | 206 |
* If empty all streams are allowed. |
| 121 | 207 |
* To disable all streams set $streams = null. |
| ... | ... | |
| 123 | 209 |
* @var array |
| 124 | 210 |
*/ |
| 125 | 211 |
public $streams = array('file');
|
| 212 |
|
|
| 126 | 213 |
/** |
| 127 | 214 |
* + flag if constants can be accessed from template |
| 128 | 215 |
* |
| 129 | 216 |
* @var boolean |
| 130 | 217 |
*/ |
| 131 | 218 |
public $allow_constants = true; |
| 219 |
|
|
| 132 | 220 |
/** |
| 133 | 221 |
* + flag if super globals can be accessed from template |
| 134 | 222 |
* |
| ... | ... | |
| 137 | 225 |
public $allow_super_globals = true; |
| 138 | 226 |
|
| 139 | 227 |
/** |
| 228 |
* max template nesting level |
|
| 229 |
* |
|
| 230 |
* @var int |
|
| 231 |
*/ |
|
| 232 |
public $max_template_nesting = 0; |
|
| 233 |
|
|
| 234 |
/** |
|
| 235 |
* current template nesting level |
|
| 236 |
* |
|
| 237 |
* @var int |
|
| 238 |
*/ |
|
| 239 |
private $_current_template_nesting = 0; |
|
| 240 |
|
|
| 241 |
/** |
|
| 140 | 242 |
* Cache for $resource_dir lookup |
| 141 | 243 |
* |
| 142 | 244 |
* @var array |
| 143 | 245 |
*/ |
| 144 |
protected $_resource_dir = null; |
|
| 246 |
protected $_resource_dir = array(); |
|
| 247 |
|
|
| 145 | 248 |
/** |
| 146 | 249 |
* Cache for $template_dir lookup |
| 147 | 250 |
* |
| 148 | 251 |
* @var array |
| 149 | 252 |
*/ |
| 150 |
protected $_template_dir = null; |
|
| 253 |
protected $_template_dir = array(); |
|
| 254 |
|
|
| 151 | 255 |
/** |
| 152 | 256 |
* Cache for $config_dir lookup |
| 153 | 257 |
* |
| 154 | 258 |
* @var array |
| 155 | 259 |
*/ |
| 156 |
protected $_config_dir = null; |
|
| 260 |
protected $_config_dir = array(); |
|
| 261 |
|
|
| 157 | 262 |
/** |
| 158 | 263 |
* Cache for $secure_dir lookup |
| 159 | 264 |
* |
| 160 | 265 |
* @var array |
| 161 | 266 |
*/ |
| 162 |
protected $_secure_dir = null; |
|
| 267 |
protected $_secure_dir = array(); |
|
| 268 |
|
|
| 163 | 269 |
/** |
| 164 | 270 |
* Cache for $php_resource_dir lookup |
| 165 | 271 |
* |
| 166 | 272 |
* @var array |
| 167 | 273 |
*/ |
| 168 | 274 |
protected $_php_resource_dir = null; |
| 275 |
|
|
| 169 | 276 |
/** |
| 170 | 277 |
* Cache for $trusted_dir lookup |
| 171 | 278 |
* |
| ... | ... | |
| 174 | 281 |
protected $_trusted_dir = null; |
| 175 | 282 |
|
| 176 | 283 |
/** |
| 284 |
* Cache for include path status |
|
| 285 |
* |
|
| 286 |
* @var bool |
|
| 287 |
*/ |
|
| 288 |
protected $_include_path_status = false; |
|
| 289 |
|
|
| 290 |
/** |
|
| 291 |
* Cache for $_include_array lookup |
|
| 292 |
* |
|
| 293 |
* @var array |
|
| 294 |
*/ |
|
| 295 |
protected $_include_dir = array(); |
|
| 296 |
|
|
| 297 |
/** |
|
| 177 | 298 |
* @param Smarty $smarty |
| 178 | 299 |
*/ |
| 179 | 300 |
public function __construct($smarty) |
| ... | ... | |
| 192 | 313 |
*/ |
| 193 | 314 |
public function isTrustedPhpFunction($function_name, $compiler) |
| 194 | 315 |
{
|
| 195 |
if (isset($this->php_functions) && (empty($this->php_functions) || in_array($function_name, $this->php_functions))) {
|
|
| 316 |
if (isset($this->php_functions) && |
|
| 317 |
(empty($this->php_functions) || in_array($function_name, $this->php_functions)) |
|
| 318 |
) {
|
|
| 196 | 319 |
return true; |
| 197 | 320 |
} |
| 198 | 321 |
|
| ... | ... | |
| 212 | 335 |
*/ |
| 213 | 336 |
public function isTrustedStaticClass($class_name, $compiler) |
| 214 | 337 |
{
|
| 215 |
if (isset($this->static_classes) && (empty($this->static_classes) || in_array($class_name, $this->static_classes))) {
|
|
| 338 |
if (isset($this->static_classes) && |
|
| 339 |
(empty($this->static_classes) || in_array($class_name, $this->static_classes)) |
|
| 340 |
) {
|
|
| 216 | 341 |
return true; |
| 217 | 342 |
} |
| 218 | 343 |
|
| ... | ... | |
| 222 | 347 |
} |
| 223 | 348 |
|
| 224 | 349 |
/** |
| 350 |
* Check if static class method/property is trusted. |
|
| 351 |
* |
|
| 352 |
* @param string $class_name |
|
| 353 |
* @param string $params |
|
| 354 |
* @param object $compiler compiler object |
|
| 355 |
* |
|
| 356 |
* @return boolean true if class method is trusted |
|
| 357 |
* @throws SmartyCompilerException if static class method is not trusted |
|
| 358 |
*/ |
|
| 359 |
public function isTrustedStaticClassAccess($class_name, $params, $compiler) |
|
| 360 |
{
|
|
| 361 |
if (!isset($params[2])) {
|
|
| 362 |
// fall back |
|
| 363 |
return $this->isTrustedStaticClass($class_name, $compiler); |
|
| 364 |
} |
|
| 365 |
if ($params[2] == 'method') {
|
|
| 366 |
$allowed = $this->trusted_static_methods; |
|
| 367 |
$name = substr($params[0], 0, strpos($params[0], '('));
|
|
| 368 |
} else {
|
|
| 369 |
$allowed = $this->trusted_static_properties; |
|
| 370 |
// strip '$' |
|
| 371 |
$name = substr($params[0], 1); |
|
| 372 |
} |
|
| 373 |
if (isset($allowed)) {
|
|
| 374 |
if (empty($allowed)) {
|
|
| 375 |
// fall back |
|
| 376 |
return $this->isTrustedStaticClass($class_name, $compiler); |
|
| 377 |
} |
|
| 378 |
if (isset($allowed[$class_name]) && |
|
| 379 |
(empty($allowed[$class_name]) || in_array($name, $allowed[$class_name])) |
|
| 380 |
) {
|
|
| 381 |
return true; |
|
| 382 |
} |
|
| 383 |
} |
|
| 384 |
$compiler->trigger_template_error("access to static class '{$class_name}' {$params[2]} '{$name}' not allowed by security setting");
|
|
| 385 |
return false; // should not, but who knows what happens to the compiler in the future? |
|
| 386 |
} |
|
| 387 |
|
|
| 388 |
/** |
|
| 389 |
* Check if static class method/property is trusted. |
|
| 390 |
* |
|
| 391 |
* @param string $class_name |
|
| 392 |
* @param string $params |
|
| 393 |
* @param object $compiler compiler object |
|
| 394 |
* |
|
| 395 |
* @return boolean true if class method is trusted |
|
| 396 |
* @throws SmartyCompilerException if static class method is not trusted |
|
| 397 |
*/ |
|
| 398 |
public function isTrustedStaticClassAccess($class_name, $params, $compiler) |
|
| 399 |
{
|
|
| 400 |
if (!isset($params[2])) {
|
|
| 401 |
// fall back |
|
| 402 |
return $this->isTrustedStaticClass($class_name, $compiler); |
|
| 403 |
} |
|
| 404 |
if ($params[2] == 'method') {
|
|
| 405 |
$allowed = $this->trusted_static_methods; |
|
| 406 |
$name = substr($params[0], 0, strpos($params[0], '('));
|
|
| 407 |
} else {
|
|
| 408 |
$allowed = $this->trusted_static_properties; |
|
| 409 |
// strip '$' |
|
| 410 |
$name = substr($params[0], 1); |
|
| 411 |
} |
|
| 412 |
if (isset($allowed)) {
|
|
| 413 |
if (empty($allowed)) {
|
|
| 414 |
// fall back |
|
| 415 |
return $this->isTrustedStaticClass($class_name, $compiler); |
|
| 416 |
} |
|
| 417 |
if (isset($allowed[$class_name]) && |
|
| 418 |
(empty($allowed[$class_name]) || in_array($name, $allowed[$class_name])) |
|
| 419 |
) {
|
|
| 420 |
return true; |
|
| 421 |
} |
|
| 422 |
} |
|
| 423 |
$compiler->trigger_template_error("access to static class '{$class_name}' {$params[2]} '{$name}' not allowed by security setting");
|
|
| 424 |
return false; // should not, but who knows what happens to the compiler in the future? |
|
| 425 |
} |
|
| 426 |
|
|
| 427 |
/** |
|
| 225 | 428 |
* Check if PHP modifier is trusted. |
| 226 | 429 |
* |
| 227 | 430 |
* @param string $modifier_name |
| ... | ... | |
| 232 | 435 |
*/ |
| 233 | 436 |
public function isTrustedPhpModifier($modifier_name, $compiler) |
| 234 | 437 |
{
|
| 235 |
if (isset($this->php_modifiers) && (empty($this->php_modifiers) || in_array($modifier_name, $this->php_modifiers))) {
|
|
| 438 |
if (isset($this->php_modifiers) && |
|
| 439 |
(empty($this->php_modifiers) || in_array($modifier_name, $this->php_modifiers)) |
|
| 440 |
) {
|
|
| 236 | 441 |
return true; |
| 237 | 442 |
} |
| 238 | 443 |
|
| ... | ... | |
| 253 | 458 |
public function isTrustedTag($tag_name, $compiler) |
| 254 | 459 |
{
|
| 255 | 460 |
// check for internal always required tags |
| 256 |
if (in_array($tag_name, array('assign', 'call', 'private_filter', 'private_block_plugin', 'private_function_plugin', 'private_object_block_function',
|
|
| 257 |
'private_object_function', 'private_registered_function', 'private_registered_block', 'private_special_variable', 'private_print_expression', 'private_modifier')) |
|
| 258 |
) {
|
|
| 461 |
if (in_array($tag_name, array('assign', 'call', 'private_filter', 'private_block_plugin',
|
|
| 462 |
'private_function_plugin', 'private_object_block_function', |
|
| 463 |
'private_object_function', 'private_registered_function', |
|
| 464 |
'private_registered_block', 'private_special_variable', |
|
| 465 |
'private_print_expression', 'private_modifier'))) {
|
|
| 259 | 466 |
return true; |
| 260 | 467 |
} |
| 261 | 468 |
// check security settings |
| ... | ... | |
| 263 | 470 |
if (empty($this->disabled_tags) || !in_array($tag_name, $this->disabled_tags)) {
|
| 264 | 471 |
return true; |
| 265 | 472 |
} else {
|
| 266 |
$compiler->trigger_template_error("tag '{$tag_name}' disabled by security setting", $compiler->lex->taglineno);
|
|
| 473 |
$compiler->trigger_template_error("tag '{$tag_name}' disabled by security setting", null, true);
|
|
| 267 | 474 |
} |
| 268 | 475 |
} elseif (in_array($tag_name, $this->allowed_tags) && !in_array($tag_name, $this->disabled_tags)) {
|
| 269 | 476 |
return true; |
| 270 | 477 |
} else {
|
| 271 |
$compiler->trigger_template_error("tag '{$tag_name}' not allowed by security setting", $compiler->lex->taglineno);
|
|
| 478 |
$compiler->trigger_template_error("tag '{$tag_name}' not allowed by security setting", null, true);
|
|
| 272 | 479 |
} |
| 273 | 480 |
|
| 274 | 481 |
return false; // should not, but who knows what happens to the compiler in the future? |
| 275 | 482 |
} |
| 276 | 483 |
|
| 277 | 484 |
/** |
| 485 |
* Check if special $smarty variable is trusted. |
|
| 486 |
* |
|
| 487 |
* @param string $var_name |
|
| 488 |
* @param object $compiler compiler object |
|
| 489 |
* |
|
| 490 |
* @return boolean true if tag is trusted |
|
| 491 |
* @throws SmartyCompilerException if modifier is not trusted |
|
| 492 |
*/ |
|
| 493 |
public function isTrustedSpecialSmartyVar($var_name, $compiler) |
|
| 494 |
{
|
|
| 495 |
if (!in_array($var_name, $this->disabled_special_smarty_vars)) {
|
|
| 496 |
return true; |
|
| 497 |
} else {
|
|
| 498 |
$compiler->trigger_template_error("special variable '\$smarty.{$var_name}' not allowed by security setting", null, true);
|
|
| 499 |
} |
|
| 500 |
|
|
| 501 |
return false; // should not, but who knows what happens to the compiler in the future? |
|
| 502 |
} |
|
| 503 |
|
|
| 504 |
/** |
|
| 505 |
* Check if special $smarty variable is trusted. |
|
| 506 |
* |
|
| 507 |
* @param string $var_name |
|
| 508 |
* @param object $compiler compiler object |
|
| 509 |
* |
|
| 510 |
* @return boolean true if tag is trusted |
|
| 511 |
* @throws SmartyCompilerException if modifier is not trusted |
|
| 512 |
*/ |
|
| 513 |
public function isTrustedSpecialSmartyVar($var_name, $compiler) |
|
| 514 |
{
|
|
| 515 |
if (!in_array($var_name, $this->disabled_special_smarty_vars)) {
|
|
| 516 |
return true; |
|
| 517 |
} else {
|
|
| 518 |
$compiler->trigger_template_error("special variable '\$smarty.{$var_name}' not allowed by security setting", null, true);
|
|
| 519 |
} |
|
| 520 |
|
|
| 521 |
return false; // should not, but who knows what happens to the compiler in the future? |
|
| 522 |
} |
|
| 523 |
|
|
| 524 |
/** |
|
| 278 | 525 |
* Check if modifier plugin is trusted. |
| 279 | 526 |
* |
| 280 | 527 |
* @param string $modifier_name |
| ... | ... | |
| 294 | 541 |
if (empty($this->disabled_modifiers) || !in_array($modifier_name, $this->disabled_modifiers)) {
|
| 295 | 542 |
return true; |
| 296 | 543 |
} else {
|
| 297 |
$compiler->trigger_template_error("modifier '{$modifier_name}' disabled by security setting", $compiler->lex->taglineno);
|
|
| 544 |
$compiler->trigger_template_error("modifier '{$modifier_name}' disabled by security setting", null, true);
|
|
| 298 | 545 |
} |
| 299 |
} elseif (in_array($modifier_name, $this->allowed_modifiers) && !in_array($modifier_name, $this->disabled_modifiers)) {
|
|
| 546 |
} elseif (in_array($modifier_name, $this->allowed_modifiers) && |
|
| 547 |
!in_array($modifier_name, $this->disabled_modifiers) |
|
| 548 |
) {
|
|
| 300 | 549 |
return true; |
| 301 | 550 |
} else {
|
| 302 |
$compiler->trigger_template_error("modifier '{$modifier_name}' not allowed by security setting", $compiler->lex->taglineno);
|
|
| 551 |
$compiler->trigger_template_error("modifier '{$modifier_name}' not allowed by security setting", null, true);
|
|
| 303 | 552 |
} |
| 304 | 553 |
|
| 305 | 554 |
return false; // should not, but who knows what happens to the compiler in the future? |
| 306 | 555 |
} |
| 307 | 556 |
|
| 308 | 557 |
/** |
| 558 |
* Check if constants are enabled or trusted |
|
| 559 |
* |
|
| 560 |
* @param string $const constant name |
|
| 561 |
* @param object $compiler compiler object |
|
| 562 |
* |
|
| 563 |
* @return bool |
|
| 564 |
*/ |
|
| 565 |
public function isTrustedConstant($const, $compiler) |
|
| 566 |
{
|
|
| 567 |
if (in_array($const, array('true', 'false', 'null'))) {
|
|
| 568 |
return true; |
|
| 569 |
} |
|
| 570 |
if (!empty($this->trusted_constants)) {
|
|
| 571 |
if (!in_array($const, $this->trusted_constants)) {
|
|
| 572 |
$compiler->trigger_template_error("Security: access to constant '{$const}' not permitted");
|
|
| 573 |
return false; |
|
| 574 |
} |
|
| 575 |
return true; |
|
| 576 |
} |
|
| 577 |
if ($this->allow_constants) {
|
|
| 578 |
return true; |
|
| 579 |
} |
|
| 580 |
$compiler->trigger_template_error("Security: access to constants not permitted");
|
|
| 581 |
return false; |
|
| 582 |
} |
|
| 583 |
|
|
| 584 |
/** |
|
| 309 | 585 |
* Check if stream is trusted. |
| 310 | 586 |
* |
| 311 | 587 |
* @param string $stream_name |
| ... | ... | |
| 325 | 601 |
/** |
| 326 | 602 |
* Check if directory of file resource is trusted. |
| 327 | 603 |
* |
| 328 |
* @param string $filepath |
|
| 604 |
* @param string $filepath |
|
| 605 |
* @param null|bool $isConfig |
|
| 329 | 606 |
* |
| 330 |
* @return boolean true if directory is trusted
|
|
| 331 |
* @throws SmartyException if directory is not trusted |
|
| 607 |
* @return bool true if directory is trusted |
|
| 608 |
* @throws \SmartyException if directory is not trusted
|
|
| 332 | 609 |
*/ |
| 333 |
public function isTrustedResourceDir($filepath) |
|
| 610 |
public function isTrustedResourceDir($filepath, $isConfig = null)
|
|
| 334 | 611 |
{
|
| 335 |
$_template = false; |
|
| 336 |
$_config = false; |
|
| 337 |
$_secure = false; |
|
| 338 |
|
|
| 339 |
$_template_dir = $this->smarty->getTemplateDir(); |
|
| 340 |
$_config_dir = $this->smarty->getConfigDir(); |
|
| 341 |
|
|
| 342 |
// check if index is outdated |
|
| 343 |
if ((!$this->_template_dir || $this->_template_dir !== $_template_dir) |
|
| 344 |
|| (!$this->_config_dir || $this->_config_dir !== $_config_dir) |
|
| 345 |
|| (!empty($this->secure_dir) && (!$this->_secure_dir || $this->_secure_dir !== $this->secure_dir)) |
|
| 612 |
if ($this->_include_path_status !== $this->smarty->use_include_path) {
|
|
| 613 |
foreach ($this->_include_dir as $directory) {
|
|
| 614 |
unset($this->_resource_dir[$directory]); |
|
| 615 |
} |
|
| 616 |
if ($this->smarty->use_include_path) {
|
|
| 617 |
$this->_include_dir = array(); |
|
| 618 |
$_dirs = $this->smarty->ext->_getIncludePath->getIncludePathDirs($this->smarty); |
|
| 619 |
foreach ($_dirs as $directory) {
|
|
| 620 |
$this->_include_dir[] = $directory; |
|
| 621 |
$this->_resource_dir[$directory] = true; |
|
| 622 |
} |
|
| 623 |
} |
|
| 624 |
$this->_include_path_status = $this->smarty->use_include_path; |
|
| 625 |
} |
|
| 626 |
if ($isConfig !== true && |
|
| 627 |
(!isset($this->smarty->_cache['template_dir_new']) || $this->smarty->_cache['template_dir_new']) |
|
| 346 | 628 |
) {
|
| 347 |
$this->_resource_dir = array(); |
|
| 348 |
$_template = true; |
|
| 349 |
$_config = true; |
|
| 350 |
$_secure = !empty($this->secure_dir); |
|
| 629 |
$_dir = $this->smarty->getTemplateDir(); |
|
| 630 |
if ($this->_template_dir !== $_dir) {
|
|
| 631 |
foreach ($this->_template_dir as $directory) {
|
|
| 632 |
unset($this->_resource_dir[$directory]); |
|
| 351 |
} |
|
| 633 |
} |
|
| 352 |
|
|
| 353 |
// rebuild template dir index |
|
| 354 |
if ($_template) {
|
|
| 355 |
$this->_template_dir = $_template_dir; |
|
| 356 |
foreach ($_template_dir as $directory) {
|
|
| 357 |
$directory = realpath($directory); |
|
| 634 |
foreach ($_dir as $directory) {
|
|
| 358 |
$this->_resource_dir[$directory] = true; |
|
| 359 |
} |
|
| 635 |
$this->_resource_dir[$directory] = true; |
|
| 636 |
} |
|
| 637 |
$this->_template_dir = $_dir; |
|
| 360 |
} |
|
| 638 |
} |
|
| 361 |
|
|
| 362 |
// rebuild config dir index |
|
| 363 |
if ($_config) {
|
|
| 364 |
$this->_config_dir = $_config_dir; |
|
| 365 |
foreach ($_config_dir as $directory) {
|
|
| 366 |
$directory = realpath($directory); |
|
| 639 |
$this->smarty->_cache['template_dir_new'] = false; |
|
| 640 |
} |
|
| 641 |
if ($isConfig !== false && |
|
| 642 |
(!isset($this->smarty->_cache['config_dir_new']) || $this->smarty->_cache['config_dir_new']) |
|
| 643 |
) {
|
|
| 644 |
$_dir = $this->smarty->getConfigDir(); |
|
| 645 |
if ($this->_config_dir !== $_dir) {
|
|
| 646 |
foreach ($this->_config_dir as $directory) {
|
|
| 647 |
unset($this->_resource_dir[$directory]); |
|
| 648 |
} |
|
| 649 |
foreach ($_dir as $directory) {
|
|
| 367 |
$this->_resource_dir[$directory] = true; |
|
| 368 |
} |
|
| 650 |
$this->_resource_dir[$directory] = true; |
|
| 651 |
} |
|
| 652 |
$this->_config_dir = $_dir; |
|
| 369 |
} |
|
| 653 |
} |
|
| 370 |
|
|
| 371 |
// rebuild secure dir index |
|
| 372 |
if ($_secure) {
|
|
| 373 |
$this->_secure_dir = $this->secure_dir; |
|
| 654 |
$this->smarty->_cache['config_dir_new'] = false; |
|
| 655 |
} |
|
| 656 |
if ($this->_secure_dir !== (array) $this->secure_dir) {
|
|
| 657 |
foreach ($this->_secure_dir as $directory) {
|
|
| 658 |
unset($this->_resource_dir[$directory]); |
|
| 659 |
} |
|
| 374 | 660 |
foreach ((array) $this->secure_dir as $directory) {
|
| 375 |
$directory = realpath($directory);
|
|
| 661 |
$directory = $this->smarty->_realpath($directory . DS, true);
|
|
| 376 | 662 |
$this->_resource_dir[$directory] = true; |
| 377 | 663 |
} |
| 664 |
$this->_secure_dir = (array) $this->secure_dir; |
|
| 378 | 665 |
} |
| 379 |
|
|
| 380 |
$_filepath = realpath($filepath); |
|
| 381 |
$directory = dirname($_filepath); |
|
| 382 |
$_directory = array(); |
|
| 383 |
while (true) {
|
|
| 384 |
// remember the directory to add it to _resource_dir in case we're successful |
|
| 385 |
$_directory[$directory] = true; |
|
| 386 |
// test if the directory is trusted |
|
| 387 |
if (isset($this->_resource_dir[$directory])) {
|
|
| 388 |
// merge sub directories of current $directory into _resource_dir to speed up subsequent lookup |
|
| 389 |
$this->_resource_dir = array_merge($this->_resource_dir, $_directory); |
|
| 390 |
|
|
| 666 |
$this->_resource_dir = $this->_checkDir($filepath, $this->_resource_dir); |
|
| 391 |
return true; |
|
| 392 |
} |
|
| 667 |
return true; |
|
| 668 |
} |
|
| 393 |
// abort if we've reached root |
|
| 394 |
if (($pos = strrpos($directory, DS)) === false || !isset($directory[1])) {
|
|
| 395 |
break; |
|
| 396 |
} |
|
| 397 |
// bubble up one level |
|
| 398 |
$directory = substr($directory, 0, $pos); |
|
| 399 |
} |
|
| 400 | 669 |
|
| 401 |
// give up |
|
| 402 |
throw new SmartyException("directory '{$_filepath}' not allowed by security setting");
|
|
| 403 |
} |
|
| 404 |
|
|
| 405 | 670 |
/** |
| 406 | 671 |
* Check if URI (e.g. {fetch} or {html_image}) is trusted
|
| 407 | 672 |
* To simplify things, isTrustedUri() resolves all input to "{$PROTOCOL}://{$HOSTNAME}".
|
| ... | ... | |
| 432 | 697 |
/** |
| 433 | 698 |
* Check if directory of file resource is trusted. |
| 434 | 699 |
* |
| 435 |
* @param string $filepath |
|
| 700 |
* @param string $filepath |
|
| 701 |
* @param null|bool $isConfig |
|
| 436 | 702 |
* |
| 437 | 703 |
* @return boolean true if directory is trusted |
| 438 | 704 |
* @throws SmartyException if PHP directory is not trusted |
| ... | ... | |
| 449 | 715 |
|
| 450 | 716 |
$this->_trusted_dir = $this->trusted_dir; |
| 451 | 717 |
foreach ((array) $this->trusted_dir as $directory) {
|
| 452 |
$directory = realpath($directory);
|
|
| 718 |
$directory = $this->smarty->_realpath($directory . DS, true);
|
|
| 453 | 719 |
$this->_php_resource_dir[$directory] = true; |
| 454 | 720 |
} |
| 455 | 721 |
} |
| 456 | 722 |
|
| 457 |
$_filepath = realpath($filepath); |
|
| 458 |
$directory = dirname($_filepath); |
|
| 723 |
$this->_php_resource_dir = $this->_checkDir($this->smarty->_realpath($filepath, true), $this->_php_resource_dir); |
|
| 724 |
return true; |
|
| 725 |
} |
|
| 726 |
|
|
| 727 |
/** |
|
| 728 |
* Start template processing |
|
| 729 |
* |
|
| 730 |
* @param $template |
|
| 731 |
* |
|
| 732 |
* @throws SmartyException |
|
| 733 |
*/ |
|
| 734 |
public function startTemplate($template) |
|
| 735 |
{
|
|
| 736 |
if ($this->max_template_nesting > 0 && $this->_current_template_nesting ++ >= $this->max_template_nesting) {
|
|
| 737 |
throw new SmartyException("maximum template nesting level of '{$this->max_template_nesting}' exceeded when calling '{$template->template_resource}'");
|
|
| 738 |
} |
|
| 739 |
} |
|
| 740 |
|
|
| 741 |
/** |
|
| 742 |
* Exit template processing |
|
| 743 |
* |
|
| 744 |
* @internal param $template |
|
| 745 |
*/ |
|
| 746 |
public function exitTemplate() |
|
| 747 |
{
|
|
| 748 |
if ($this->max_template_nesting > 0) {
|
|
| 749 |
$this->_current_template_nesting --; |
|
| 750 |
} |
|
| 751 |
} |
|
| 752 |
|
|
| 753 |
/** |
|
| 754 |
* Check if file is inside a valid directory |
|
| 755 |
* |
|
| 756 |
* @param string $filepath |
|
| 757 |
* @param array $dirs valid directories |
|
| 758 |
* |
|
| 759 |
* @return array |
|
| 760 |
* @throws \SmartyException |
|
| 761 |
*/ |
|
| 762 |
private function _checkDir($filepath, $dirs) |
|
| 763 |
{
|
|
| 764 |
$directory = dirname($filepath) . DS; |
|
| 459 | 765 |
$_directory = array(); |
| 460 | 766 |
while (true) {
|
| 461 | 767 |
// remember the directory to add it to _resource_dir in case we're successful |
| 462 |
$_directory[] = $directory;
|
|
| 768 |
$_directory[$directory] = true;
|
|
| 463 | 769 |
// test if the directory is trusted |
| 464 |
if (isset($this->_php_resource_dir[$directory])) {
|
|
| 770 |
if (isset($dirs[$directory])) {
|
|
| 465 | 771 |
// merge sub directories of current $directory into _resource_dir to speed up subsequent lookup |
| 466 |
$this->_php_resource_dir = array_merge($this->_php_resource_dir, $_directory);
|
|
| 772 |
$dirs = array_merge($dirs, $_directory);
|
|
| 467 | 773 |
|
| 468 |
return true;
|
|
| 774 |
return $dirs;
|
|
| 469 | 775 |
} |
| 470 | 776 |
// abort if we've reached root |
| 471 |
if (($pos = strrpos($directory, DS)) === false || !isset($directory[2])) {
|
|
| 777 |
if (!preg_match('#[\\\/][^\\\/]+[\\\/]$#', $directory)) {
|
|
| 472 | 778 |
break; |
| 473 | 779 |
} |
| 474 | 780 |
// bubble up one level |
| 475 |
$directory = substr($directory, 0, $pos);
|
|
| 781 |
$directory = preg_replace('#[\\\/][^\\\/]+[\\\/]$#', DS, $directory);
|
|
| 476 | 782 |
} |
| 477 | 783 |
|
| 478 |
throw new SmartyException("directory '{$_filepath}' not allowed by security setting");
|
|
| 784 |
// give up |
|
| 785 |
throw new SmartyException("directory '{$filepath}' not allowed by security setting");
|
|
| 786 |
} |
|
| 787 |
|
|
| 788 |
/** |
|
| 789 |
* Loads security class and enables security |
|
| 790 |
* |
|
| 791 |
* @param \Smarty $smarty |
|
| 792 |
* @param string|Smarty_Security $security_class if a string is used, it must be class-name |
|
| 793 |
* |
|
| 794 |
* @return \Smarty current Smarty instance for chaining |
|
| 795 |
* @throws \SmartyException when an invalid class name is provided |
|
| 796 |
*/ |
|
| 797 |
public static function enableSecurity(Smarty $smarty, $security_class) |
|
| 798 |
{
|
|
| 799 |
if ($security_class instanceof Smarty_Security) {
|
|
| 800 |
$smarty->security_policy = $security_class; |
|
| 801 |
return; |
|
| 802 |
} elseif (is_object($security_class)) {
|
|
| 803 |
throw new SmartyException("Class '" . get_class($security_class) . "' must extend Smarty_Security.");
|
|
| 804 |
} |
|
| 805 |
if ($security_class == null) {
|
|
| 806 |
$security_class = $smarty->security_class; |
|
| 807 |
} |
|
| 808 |
if (!class_exists($security_class)) {
|
|
| 809 |
throw new SmartyException("Security class '$security_class' is not defined");
|
|
| 810 |
} elseif ($security_class !== 'Smarty_Security' && !is_subclass_of($security_class, 'Smarty_Security')) {
|
|
| 811 |
throw new SmartyException("Class '$security_class' must extend Smarty_Security.");
|
|
| 812 |
} else {
|
|
| 813 |
$smarty->security_policy = new $security_class($smarty); |
|
| 814 |
} |
|
| 815 |
return; |
|
| 479 | 816 |
} |
| 480 | 817 |
} |
| src/includes/classes/Smarty/sysplugins/smarty_internal_compile_private_special_variable.php (revision Shelved version) | ||
|---|---|---|
| 19 | 19 |
/** |
| 20 | 20 |
* Compiles code for the special $smarty variables |
| 21 | 21 |
* |
| 22 |
* @param array $args array with attributes from parser
|
|
| 22 |
* @param array $args array with attributes from parser |
|
| 23 |
* @param object $compiler compiler object
|
|
| 23 |
* @param \Smarty_Internal_TemplateCompilerBase $compiler compiler object
|
|
| 24 |
* @param $parameter |
|
| 24 |
* @param $parameter
|
|
| 25 | 25 |
* |
| 26 | 26 |
* @return string compiled code |
| 27 |
* @throws \SmartyCompilerException |
|
| 27 | 28 |
*/ |
| 28 |
public function compile($args, $compiler, $parameter) |
|
| 29 |
public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler, $parameter)
|
|
| 29 | 30 |
{
|
| 30 | 31 |
$_index = preg_split("/\]\[/", substr($parameter, 1, strlen($parameter) - 2));
|
| 31 |
$compiled_ref = ' '; |
|
| 32 |
$variable = trim($_index[0], "'"); |
|
| 32 |
$variable = strtolower($compiler->getId($_index[ 0 ])); |
|
| 33 |
if ($variable === false) {
|
|
| 34 |
$compiler->trigger_template_error("special \$Smarty variable name index can not be variable", null, true);
|
|
| 35 |
} |
|
| 36 |
if (!isset($compiler->smarty->security_policy) || |
|
| 37 |
$compiler->smarty->security_policy->isTrustedSpecialSmartyVar($variable, $compiler) |
|
| 38 |
) {
|
|
| 33 |
switch ($variable) {
|
|
| 34 |
case 'foreach': |
|
| 39 |
switch ($variable) {
|
|
| 40 |
case 'foreach': |
|
| 35 |
return "\$_smarty_tpl->getVariable('smarty')->value$parameter";
|
|
| 36 |
case 'section': |
|
| 41 |
case 'section': |
|
| 37 |
return "\$_smarty_tpl->getVariable('smarty')->value$parameter";
|
|
| 42 |
if (!isset($compiler->_tag_objects[ $variable ])) {
|
|
| 43 |
$class = 'Smarty_Internal_Compile_' . ucfirst($variable); |
|
| 44 |
$compiler->_tag_objects[ $variable ] = new $class; |
|
| 45 |
} |
|
| 46 |
return $compiler->_tag_objects[ $variable ]->compileSpecialVariable(array(), $compiler, $_index); |
|
| 38 |
case 'capture': |
|
| 47 |
case 'capture': |
|
| 39 |
return "Smarty::\$_smarty_vars$parameter"; |
|
| 48 |
if (class_exists('Smarty_Internal_Compile_Capture')) {
|
|
| 49 |
return Smarty_Internal_Compile_Capture::compileSpecialVariable(array(), $compiler, $_index); |
|
| 50 |
} |
|
| 51 |
return ''; |
|
| 40 |
case 'now': |
|
| 41 |
return 'time()'; |
|
| 42 |
case 'cookies': |
|
| 52 |
case 'now': |
|
| 53 |
return 'time()'; |
|
| 54 |
case 'cookies': |
|
| 43 |
if (isset($compiler->smarty->security_policy) && !$compiler->smarty->security_policy->allow_super_globals) {
|
|
| 55 |
if (isset($compiler->smarty->security_policy) && |
|
| 56 |
!$compiler->smarty->security_policy->allow_super_globals |
|
| 57 |
) {
|
|
| 44 |
$compiler->trigger_template_error("(secure mode) super globals not permitted");
|
|
| 45 |
break; |
|
| 46 |
} |
|
| 47 |
$compiled_ref = '$_COOKIE'; |
|
| 48 |
break; |
|
| 58 |
$compiler->trigger_template_error("(secure mode) super globals not permitted");
|
|
| 59 |
break; |
|
| 60 |
} |
|
| 61 |
$compiled_ref = '$_COOKIE'; |
|
| 62 |
break; |
|
| 49 |
|
|
| 50 |
case 'get': |
|
| 51 |
case 'post': |
|
| 52 |
case 'env': |
|
| 53 |
case 'server': |
|
| 54 |
case 'session': |
|
| 55 |
case 'request': |
|
| 63 |
case 'get': |
|
| 64 |
case 'post': |
|
| 65 |
case 'env': |
|
| 66 |
case 'server': |
|
| 67 |
case 'session': |
|
| 68 |
case 'request': |
|
| 56 |
if (isset($compiler->smarty->security_policy) && !$compiler->smarty->security_policy->allow_super_globals) {
|
|
| 69 |
if (isset($compiler->smarty->security_policy) && |
|
| 70 |
!$compiler->smarty->security_policy->allow_super_globals |
|
| 71 |
) {
|
|
| 57 |
$compiler->trigger_template_error("(secure mode) super globals not permitted");
|
|
| 58 |
break; |
|
| 59 |
} |
|
| 60 |
$compiled_ref = '$_' . strtoupper($variable); |
|
| 61 |
break; |
|
| 72 |
$compiler->trigger_template_error("(secure mode) super globals not permitted");
|
|
| 73 |
break; |
|
| 74 |
} |
|
| 75 |
$compiled_ref = '$_' . strtoupper($variable); |
|
| 76 |
break; |
|
| 62 | 77 |
|
| 63 |
case 'template': |
|
| 64 |
return 'basename($_smarty_tpl->source->filepath)'; |
|
| 78 |
case 'template':
|
|
| 79 |
return 'basename($_smarty_tpl->source->filepath)';
|
|
| 65 | 80 |
|
| 66 |
case 'template_object': |
|
| 67 |
return '$_smarty_tpl'; |
|
| 81 |
case 'template_object':
|
|
| 82 |
return '$_smarty_tpl';
|
|
| 68 | 83 |
|
| 69 |
case 'current_dir': |
|
| 70 |
return 'dirname($_smarty_tpl->source->filepath)'; |
|
| 84 |
case 'current_dir':
|
|
| 85 |
return 'dirname($_smarty_tpl->source->filepath)';
|
|
| 71 | 86 |
|
| 72 |
case 'version': |
|
| 87 |
case 'version': |
|
| 73 |
$_version = Smarty::SMARTY_VERSION; |
|
| 88 |
return "Smarty::SMARTY_VERSION"; |
|
| 74 | 89 |
|
| 75 |
return "'$_version'"; |
|
| 76 |
|
|
| 77 |
case 'const': |
|
| 90 |
case 'const': |
|
| 78 |
if (isset($compiler->smarty->security_policy) && !$compiler->smarty->security_policy->allow_constants) {
|
|
| 91 |
if (isset($compiler->smarty->security_policy) && |
|
| 92 |
!$compiler->smarty->security_policy->allow_constants |
|
| 93 |
) {
|
|
| 79 |
$compiler->trigger_template_error("(secure mode) constants not permitted");
|
|
| 80 |
break; |
|
| 81 |
} |
|
| 94 |
$compiler->trigger_template_error("(secure mode) constants not permitted");
|
|
| 95 |
break; |
|
| 96 |
} |
|
| 82 |
|
|
| 97 |
if (strpos($_index[ 1 ], '$') === false && strpos($_index[ 1 ], '\'') === false) {
|
|
| 98 |
return "@constant('{$_index[1]}')";
|
|
| 99 |
} else {
|
|
| 83 |
return "@constant({$_index[1]})";
|
|
| 100 |
return "@constant({$_index[1]})";
|
|
| 101 |
} |
|
| 84 | 102 |
|
| 85 |
case 'config': |
|
| 103 |
case 'config': |
|
| 86 |
if (isset($_index[2])) {
|
|
| 104 |
if (isset($_index[ 2 ])) {
|
|
| 87 |
return "(is_array(\$tmp = \$_smarty_tpl->getConfigVariable($_index[1])) ? \$tmp[$_index[2]] : null)"; |
|
| 105 |
return "(is_array(\$tmp = \$_smarty_tpl->smarty->ext->configload->_getConfigVariable(\$_smarty_tpl, $_index[1])) ? \$tmp[$_index[2]] : null)"; |
|
| 88 |
} else {
|
|
| 106 |
} else {
|
|
| 89 |
return "\$_smarty_tpl->getConfigVariable($_index[1])"; |
|
| 107 |
return "\$_smarty_tpl->smarty->ext->configload->_getConfigVariable(\$_smarty_tpl, $_index[1])"; |
|
| 90 |
} |
|
| 91 |
case 'ldelim': |
|
| 108 |
} |
|
| 109 |
case 'ldelim': |
|
| 92 |
$_ldelim = $compiler->smarty->left_delimiter; |
|
| 93 |
|
|
| 94 |
return "'$_ldelim'"; |
|
| 95 |
|
|
| 110 |
return "\$_smarty_tpl->smarty->left_delimiter"; |
|
| 96 |
case 'rdelim': |
|
| 111 |
case 'rdelim': |
|
| 97 |
$_rdelim = $compiler->smarty->right_delimiter; |
|
| 98 |
|
|
| 99 |
return "'$_rdelim'"; |
|
| 100 |
|
|
| 112 |
return "\$_smarty_tpl->smarty->right_delimiter"; |
|
| 101 |
default: |
|
| 113 |
default: |
|
| 102 |
$compiler->trigger_template_error('$smarty.' . trim($_index[0], "'") . ' is invalid');
|
|
| 114 |
$compiler->trigger_template_error('$smarty.' . trim($_index[ 0 ], "'") . ' is not defined');
|
|
| 103 |
break; |
|
| 104 |
} |
|
| 115 |
break; |
|
| 116 |
} |
|
| 105 |
if (isset($_index[1])) {
|
|
| 117 |
if (isset($_index[ 1 ])) {
|
|
| 106 |
array_shift($_index); |
|
| 107 |
foreach ($_index as $_ind) {
|
|
| 108 |
$compiled_ref = $compiled_ref . "[$_ind]"; |
|
| 109 |
} |
|
| 110 |
} |
|
| 118 |
array_shift($_index); |
|
| 119 |
foreach ($_index as $_ind) {
|
|
| 120 |
$compiled_ref = $compiled_ref . "[$_ind]"; |
|
| 121 |
} |
|
| 122 |
} |
|
| 111 |
|
|
| 112 |
return $compiled_ref; |
|
| 123 |
return $compiled_ref; |
|
| 124 |
} |
|
| 113 | 125 |
} |
| 114 | 126 |
} |
| src/includes/classes/Smarty/sysplugins/smarty_internal_method_gettemplatevars.php (revision Shelved version) | ||
|---|---|---|
| 1 |
<?php |
|
| 2 |
|
|
| 3 |
/** |
|
| 4 |
* Smarty Method GetTemplateVars |
|
| 5 |
* |
|
| 6 |
* Smarty::getTemplateVars() method |
|
| 7 |
* |
|
| 8 |
* @package Smarty |
|
| 9 |
* @subpackage PluginsInternal |
|
| 10 |
* @author Uwe Tews |
|
| 11 |
*/ |
|
| 12 |
class Smarty_Internal_Method_GetTemplateVars |
|
| 13 |
{
|
|
| 14 |
/** |
|
| 15 |
* Valid for all objects |
|
| 16 |
* |
|
| 17 |
* @var int |
|
| 18 |
*/ |
|
| 19 |
public $objMap = 7; |
|
| 20 |
|
|
| 21 |
/** |
|
| 22 |
* Returns a single or all template variables |
|
| 23 |
* |
|
| 24 |
* @api Smarty::getTemplateVars() |
|
| 25 |
* @link http://www.smarty.net/docs/en/api.get.template.vars.tpl |
|
| 26 |
* |
|
| 27 |
* @param \Smarty_Internal_Data|\Smarty_Internal_Template|\Smarty $data |
|
| 28 |
* @param string $varName variable name or null |
|
| 29 |
* @param \Smarty_Internal_Data|\Smarty_Internal_Template|\Smarty $_ptr optional pointer to data object |
|
| 30 |
* @param bool $searchParents include parent templates? |
|
| 31 |
* |
|
| 32 |
* @return mixed variable value or or array of variables |
|
| 33 |
*/ |
|
| 34 |
public function getTemplateVars(Smarty_Internal_Data $data, $varName = null, Smarty_Internal_Data $_ptr = null, $searchParents = true) |
|
| 35 |
{
|
|
| 36 |
if (isset($varName)) {
|
|
| 37 |
$_var = $this->_getVariable($data, $varName, $_ptr, $searchParents, false); |
|
| 38 |
if (is_object($_var)) {
|
|
| 39 |
return $_var->value; |
|
| 40 |
} else {
|
|
| 41 |
return null; |
|
| 42 |
} |
|
| 43 |
} else {
|
|
| 44 |
$_result = array(); |
|
| 45 |
if ($_ptr === null) {
|
|
| 46 |
$_ptr = $data; |
|
| 47 |
} |
|
| 48 |
while ($_ptr !== null) {
|
|
| 49 |
foreach ($_ptr->tpl_vars AS $key => $var) {
|
|
| 50 |
if (!array_key_exists($key, $_result)) {
|
|
| 51 |
$_result[$key] = $var->value; |
|
| 52 |
} |
|
| 53 |
} |
|
| 54 |
// not found, try at parent |
|
| 55 |
if ($searchParents) {
|
|
| 56 |
$_ptr = $_ptr->parent; |
|
| 57 |
} else {
|
|
| 58 |
$_ptr = null; |
|
| 59 |
} |
|
| 60 |
} |
|
| 61 |
if ($searchParents && isset(Smarty::$global_tpl_vars)) {
|
|
| 62 |
foreach (Smarty::$global_tpl_vars AS $key => $var) {
|
|
| 63 |
if (!array_key_exists($key, $_result)) {
|
|
| 64 |
$_result[$key] = $var->value; |
|
| 65 |
} |
|
| 66 |
} |
|
| 67 |
} |
|
| 68 |
return $_result; |
|
| 69 |
} |
|
| 70 |
} |
|
| 71 |
|
|
| 72 |
/** |
|
| 73 |
* gets the object of a Smarty variable |
|
| 74 |
* |
|
| 75 |
* @param \Smarty_Internal_Data|\Smarty_Internal_Template|\Smarty $data |
|
| 76 |
* @param string $varName the name of the Smarty variable |
|
| 77 |
* @param \Smarty_Internal_Data|\Smarty_Internal_Template|\Smarty $_ptr optional pointer to data object |
|
| 78 |
* @param bool $searchParents search also in parent data |
|
| 79 |
* @param bool $errorEnable |
|
| 80 |
* |
|
| 81 |
* @return \Smarty_Variable |
|
| 82 |
*/ |
|
| 83 |
public function _getVariable(Smarty_Internal_Data $data, $varName, Smarty_Internal_Data $_ptr = null, $searchParents = true, $errorEnable = true) |
|
| 84 |
{
|
|
| 85 |
if ($_ptr === null) {
|
|
| 86 |
$_ptr = $data; |
|
| 87 |
} |
|
| 88 |
while ($_ptr !== null) {
|
|
| 89 |
if (isset($_ptr->tpl_vars[$varName])) {
|
|
| 90 |
// found it, return it |
|
| 91 |
return $_ptr->tpl_vars[$varName]; |
|
| 92 |
} |
|
| 93 |
// not found, try at parent |
|
| 94 |
if ($searchParents) {
|
|
| 95 |
$_ptr = $_ptr->parent; |
|
| 96 |
} else {
|
|
| 97 |
$_ptr = null; |
|
| 98 |
} |
|
| 99 |
} |
|
| 100 |
if (isset(Smarty::$global_tpl_vars[$varName])) {
|
|
| 101 |
// found it, return it |
|
| 102 |
return Smarty::$global_tpl_vars[$varName]; |
|
| 103 |
} |
|
| 104 |
/* @var \Smarty $smarty */ |
|
| 105 |
$smarty = isset($data->smarty) ? $data->smarty : $data; |
|
| 106 |
if ($smarty->error_unassigned && $errorEnable) {
|
|
| 107 |
// force a notice |
|
| 108 |
$x = $$varName; |
|
| 109 |
} |
|
| 110 |
|
|
| 111 |
return new Smarty_Undefined_Variable; |
|
| 112 |
} |
|
| 113 |
|
|
| 114 |
} |
|
| src/includes/classes/Smarty/sysplugins/smarty_internal_compile_config_load.php (revision Shelved version) | ||
|---|---|---|
| 23 | 23 |
* @see Smarty_Internal_CompileBase |
| 24 | 24 |
*/ |
| 25 | 25 |
public $required_attributes = array('file');
|
| 26 |
|
|
| 26 | 27 |
/** |
| 27 | 28 |
* Attribute definition: Overwrites base class. |
| 28 | 29 |
* |
| ... | ... | |
| 30 | 31 |
* @see Smarty_Internal_CompileBase |
| 31 | 32 |
*/ |
| 32 | 33 |
public $shorttag_order = array('file', 'section');
|
| 34 |
|
|
| 33 | 35 |
/** |
| 34 | 36 |
* Attribute definition: Overwrites base class. |
| 35 | 37 |
* |
| 36 | 38 |
* @var array |
| 37 | 39 |
* @see Smarty_Internal_CompileBase |
| 38 | 40 |
*/ |
| 39 |
public $optional_attributes = array('section', 'scope');
|
|
| 41 |
public $optional_attributes = array('section', 'scope', 'bubble_up');
|
|
| 40 | 42 |
|
| 41 | 43 |
/** |
| 44 |
* Valid scope names |
|
| 45 |
* |
|
| 46 |
* @var array |
|
| 47 |
*/ |
|
| 48 |
public $valid_scopes = array('local' => true, 'parent' => true, 'root' => true, 'global' => true,
|
|
| 49 |
'smarty' => true, 'tpl_root' => true); |
|
| 50 |
|
|
| 51 |
/** |
|
| 52 |
* Valid scope names |
|
| 53 |
* |
|
| 54 |
* @var array |
|
| 55 |
*/ |
|
| 56 |
public $valid_scopes = array('local' => true, 'parent' => true, 'root' => true, 'global' => true,
|
|
| 57 |
'smarty' => true, 'tpl_root' => true); |
|
| 58 |
|
|
| 59 |
/** |
|
| 42 | 60 |
* Compiles code for the {config_load} tag
|
| 43 | 61 |
* |
| 44 |
* @param array $args array with attributes from parser |
|
| 62 |
* @param array $args array with attributes from parser |
|
| 45 |
* @param object $compiler compiler object |
|
| 63 |
* @param \Smarty_Internal_TemplateCompilerBase $compiler compiler object |
|
| 46 | 64 |
* |
| 47 | 65 |
* @return string compiled code |
| 66 |
* @throws \SmartyCompilerException |
|
| 48 | 67 |
*/ |
| 49 |
public function compile($args, $compiler) |
|
| 68 |
public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler)
|
|
| 50 | 69 |
{
|
| 51 |
static $_is_legal_scope = array('local' => true, 'parent' => true, 'root' => true, 'global' => true);
|
|
| 52 | 70 |
// check and get attributes |
| 53 | 71 |
$_attr = $this->getAttributes($compiler, $args); |
| 54 | 72 |
|
| 55 | 73 |
if ($_attr['nocache'] === true) {
|
| 56 |
$compiler->trigger_template_error('nocache option not allowed', $compiler->lex->taglineno);
|
|
| 74 |
$compiler->trigger_template_error('nocache option not allowed', null, true);
|
|
| 57 | 75 |
} |
| 58 | 76 |
|
| 59 | 77 |
// save possible attributes |
| ... | ... | |
| 63 | 81 |
} else {
|
| 64 | 82 |
$section = 'null'; |
| 65 | 83 |
} |
| 66 |
$scope = 'local'; |
|
| 67 |
// scope setup |
|
| 84 |
$_scope = Smarty::SCOPE_LOCAL; |
|
| 68 | 85 |
if (isset($_attr['scope'])) {
|
| 69 | 86 |
$_attr['scope'] = trim($_attr['scope'], "'\""); |
| 70 |
if (isset($_is_legal_scope[$_attr['scope']])) {
|
|
| 71 |
$scope = $_attr['scope']; |
|
| 72 |
} else {
|
|
| 73 |
$compiler->trigger_template_error('illegal value for "scope" attribute', $compiler->lex->taglineno);
|
|
| 87 |
if (!isset($this->valid_scopes[$_attr['scope']])) {
|
|
| 88 |
$compiler->trigger_template_error("illegal value '{$_attr['scope']}' for \"scope\" attribute", null, true);
|
|
| 74 | 89 |
} |
| 90 |
if ($_attr['scope'] != 'local') {
|
|
| 91 |
if ($_attr['scope'] == 'parent') {
|
|
| 92 |
$_scope = Smarty::SCOPE_PARENT; |
|
| 93 |
} elseif ($_attr['scope'] == 'root') {
|
|
| 94 |
$_scope = Smarty::SCOPE_ROOT; |
|
| 95 |
} elseif ($_attr['scope'] == 'global') {
|
|
| 96 |
$_scope = Smarty::SCOPE_GLOBAL; |
|
| 97 |
} elseif ($_attr['scope'] == 'smarty') {
|
|
| 98 |
$_scope = Smarty::SCOPE_SMARTY; |
|
| 99 |
} elseif ($_attr['scope'] == 'tpl_root') {
|
|
| 100 |
$_scope = Smarty::SCOPE_TPL_ROOT; |
|
| 75 |
} |
|
| 101 |
} |
|
| 102 |
$_scope += (isset($_attr['bubble_up']) && $_attr['bubble_up'] == 'false') ? 0 : Smarty::SCOPE_BUBBLE_UP; |
|