PageRenderTime 14ms CodeModel.GetById 8ms app.highlight 3ms RepoModel.GetById 1ms app.codeStats 0ms

/framework/vendor/smarty3/lib/libs/sysplugins/smarty_internal_security_handler.php

http://zoop.googlecode.com/
PHP | 146 lines | 89 code | 5 blank | 52 comment | 32 complexity | 06383b42cc0bd8daa29de343f7383d68 MD5 | raw file
  1<?php
  2/**
  3* Smarty Internal Plugin Security Handler
  4* 
  5* @package Smarty
  6* @subpackage Security
  7* @author Uwe Tews 
  8*/
  9/**
 10* This class contains all methods for security checking
 11*/
 12class Smarty_Internal_Security_Handler {
 13    function __construct($smarty)
 14    {
 15        $this->smarty = $smarty;
 16    } 
 17    /**
 18    * Check if PHP function is trusted.
 19    * 
 20    * @param string $function_name 
 21    * @param object $compiler compiler object
 22    * @return boolean true if function is trusted
 23    */
 24    function isTrustedPhpFunction($function_name, $compiler)
 25    {
 26        if (empty($this->smarty->security_policy->php_functions) || in_array($function_name, $this->smarty->security_policy->php_functions)) {
 27            return true;
 28        } else {
 29            $compiler->trigger_template_error ("PHP function '{$function_name}' not allowed by security setting");
 30            return false;
 31        } 
 32    } 
 33
 34    /**
 35    * Check if static class is trusted.
 36    * 
 37    * @param string $class_name 
 38    * @param object $compiler compiler object
 39    * @return boolean true if class is trusted
 40    */
 41    function isTrustedStaticClass($class_name, $compiler)
 42    {
 43        if (empty($this->smarty->security_policy->static_classes) || in_array($class_name, $this->smarty->security_policy->static_classes)) {
 44            return true;
 45        } else {
 46            $compiler->trigger_template_error ("access to static class '{$class_name}' not allowed by security setting");
 47            return false;
 48        } 
 49    } 
 50    /**
 51    * Check if modifier is trusted.
 52    * 
 53    * @param string $modifier_name 
 54    * @param object $compiler compiler object
 55    * @return boolean true if modifier is trusted
 56    */
 57    function isTrustedModifier($modifier_name, $compiler)
 58    {
 59        if (empty($this->smarty->security_policy->modifiers) || in_array($modifier_name, $this->smarty->security_policy->modifiers)) {
 60            return true;
 61        } else {
 62            $compiler->trigger_template_error ("modifier '{$modifier_name}' not allowed by security setting");
 63            return false;
 64        } 
 65    } 
 66    /**
 67    * Check if stream is trusted.
 68    * 
 69    * @param string $stream_name 
 70    * @param object $compiler compiler object
 71    * @return boolean true if stream is trusted
 72    */
 73    function isTrustedStream($stream_name)
 74    {
 75        if (empty($this->smarty->security_policy->streams) || in_array($stream_name, $this->smarty->security_policy->streams)) {
 76            return true;
 77        } else {
 78            throw new Exception ("stream '{$stream_name}' not allowed by security setting");
 79            return false;
 80        } 
 81    } 
 82
 83    /**
 84    * Check if directory of file resource is trusted.
 85    * 
 86    * @param string $filepath 
 87    * @param object $compiler compiler object
 88    * @return boolean true if directory is trusted
 89    */
 90    function isTrustedResourceDir($filepath)
 91    {
 92        $_rp = realpath($filepath);
 93        if (isset($this->smarty->template_dir)) {
 94            foreach ((array)$this->smarty->template_dir as $curr_dir) {
 95                if (($_cd = realpath($curr_dir)) !== false &&
 96                        strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
 97                        (strlen($_rp) == strlen($_cd) || substr($_rp, strlen($_cd), 1) == DS)) {
 98                    return true;
 99                } 
100            } 
101        } 
102        if (!empty($this->smarty->security_policy->secure_dir)) {
103            foreach ((array)$this->smarty->security_policy->secure_dir as $curr_dir) {
104                if (($_cd = realpath($curr_dir)) !== false) {
105                    if ($_cd == $_rp) {
106                        return true;
107                    } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
108                            (strlen($_rp) == strlen($_cd) || substr($_rp, strlen($_cd), 1) == DS)) {
109                        return true;
110                    } 
111                } 
112            } 
113        } 
114
115        throw new Exception ("directory '{$_rp}' not allowed by security setting");
116        return false;
117    } 
118    /**
119    * Check if directory of file resource is trusted.
120    * 
121    * @param string $filepath 
122    * @param object $compiler compiler object
123    * @return boolean true if directory is trusted
124    */
125    function isTrustedPHPDir($filepath)
126    {
127        $_rp = realpath($filepath);
128        if (!empty($this->smarty->security_policy->trusted_dir)) {
129            foreach ((array)$this->smarty->security_policy->trusted_dir as $curr_dir) {
130                if (($_cd = realpath($curr_dir)) !== false) {
131                    if ($_cd == $_rp) {
132                        return true;
133                    } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
134                            substr($_rp, strlen($_cd), 1) == DS) {
135                        return true;
136                    } 
137                } 
138            } 
139        } 
140
141        throw new Exception ("directory '{$_rp}' not allowed by security setting");
142        return false;
143    } 
144} 
145
146?>