5 * @subpackage plugins
\r
9 * determines if a resource is secure or not.
\r
11 * @param string $resource_type
\r
12 * @param string $resource_name
\r
16 // $resource_type, $resource_name
\r
18 function smarty_core_is_secure($params, &$smarty)
\r
20 static $check_template_dir = true;
\r
22 if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
\r
26 $_smarty_secure = false;
\r
27 if ($params['resource_type'] == 'file') {
\r
28 if($check_template_dir) {
\r
29 if (!in_array($smarty->template_dir, $smarty->secure_dir))
\r
30 // add template_dir to secure_dir array
\r
31 array_unshift($smarty->secure_dir, $smarty->template_dir);
\r
32 $check_template_dir = false;
\r
34 if (!empty($smarty->secure_dir)) {
\r
35 $_rp = realpath($params['resource_name']);
\r
36 foreach ((array)$smarty->secure_dir as $curr_dir) {
\r
37 if ( !empty($curr_dir) && is_readable ($curr_dir)) {
\r
38 $_cd = realpath($curr_dir);
\r
39 if (strncmp($_rp, $_cd, strlen($_cd)) == 0
\r
40 && $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) {
\r
41 $_smarty_secure = true;
\r
48 // resource is not on local file system
\r
49 $_smarty_secure = call_user_func_array(
\r
50 $smarty->_plugins['resource'][$params['resource_type']][0][2],
\r
51 array($params['resource_name'], &$_smarty_secure, &$smarty));
\r
54 return $_smarty_secure;
\r
57 /* vim: set expandtab: */
\r