PageRenderTime 11ms CodeModel.GetById 2ms app.highlight 5ms RepoModel.GetById 1ms app.codeStats 0ms

/framework/vendor/smarty3/lib/libs/sysplugins/smarty_security.php

http://zoop.googlecode.com/
PHP | 97 lines | 15 code | 10 blank | 72 comment | 0 complexity | a573a4125414521770506a95cce091dd MD5 | raw file
 1<?php
 2/**
 3* Smarty plugin
 4* 
 5* @package Smarty
 6* @subpackage Security
 7* @author Uwe Tews 
 8*/ 
 9
10/**
11* This class does contain the security settings
12*/
13class Smarty_Security {
14    /**
15    * This determines how Smarty handles "<?php ... ?>" tags in templates.
16    * possible values:
17    * <ul>
18    *   <li>SMARTY_PHP_PASSTHRU -> echo PHP tags as they are</li>
19    *   <li>SMARTY_PHP_QUOTE    -> escape tags as entities</li>
20    *   <li>SMARTY_PHP_REMOVE   -> remove php tags</li>
21    *   <li>SMARTY_PHP_ALLOW    -> execute php tags</li>
22    * </ul>
23    * 
24    * @var integer 
25    */
26    public $php_handling = SMARTY_PHP_PASSTHRU;
27
28    /**
29    * This is the list of template directories that are considered secure.
30    * One directory per array element. 
31    * $template_dir is in this list implicitly.
32    * 
33    * @var array 
34    */
35    public $secure_dir = array();
36
37
38    /**
39    * This is an array of directories where trusted php scripts reside.
40    * {@link $security} is disabled during their inclusion/execution.
41    * 
42    * @var array 
43    */
44    public $trusted_dir = array();
45
46
47    /**
48    * This is an array of trusted static classes.
49    *
50    * If empty access to all static classes is allowed.
51    * If set to 'none' none is allowed.
52    * @var array 
53    */
54    public $static_classes = array();
55
56    /**
57    * This is an array of trusted PHP functions.
58    *
59    * If empty all functions are allowed.
60    * If set to 'none' none is allowed.
61    * @var array 
62    */
63    public $php_functions = array('isset', 'empty',
64            'count', 'sizeof','in_array', 'is_array','time','nl2br');
65
66    /**
67    * This is an array of trusted modifers.
68    *
69    * If empty all modifiers are allowed.
70    * If set to 'none' none is allowed.
71    * @var array 
72    */
73    public $modifiers = array('escape','count');
74
75    /**
76    * This is an array of trusted streams.
77    *
78    * If empty all streams are allowed.
79    * If set to 'none' none is allowed.
80    * @var array 
81    */
82    public $streams = array('file');
83    /**
84    + flag if constants can be accessed from template
85    */
86    public $allow_constants = true;
87    /**
88    + flag if super globals can be accessed from template
89    */
90    public $allow_super_globals = true;
91    /**
92    + flag if {php} tag can be executed
93    */
94    public $allow_php_tag = false;
95} 
96
97?>