00001 <?php
00016
00017
00018 function smarty_core_is_secure($params, &$smarty)
00019 {
00020 if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
00021 return true;
00022 }
00023
00024 if ($params['resource_type'] == 'file') {
00025 $_rp = realpath($params['resource_name']);
00026 if (isset($params['resource_base_path'])) {
00027 foreach ((array)$params['resource_base_path'] as $curr_dir) {
00028 if ( ($_cd = realpath($curr_dir)) !== false &&
00029 strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
00030 $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) {
00031 return true;
00032 }
00033 }
00034 }
00035 if (!empty($smarty->secure_dir)) {
00036 foreach ((array)$smarty->secure_dir as $curr_dir) {
00037 if ( ($_cd = realpath($curr_dir)) !== false) {
00038 if( strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
00039 $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) {
00040 return true;
00041 } elseif ($_cd == $_rp) {
00042 return true;
00043 }
00044 }
00045 }
00046 }
00047 } else {
00048
00049 return call_user_func_array(
00050 $smarty->_plugins['resource'][$params['resource_type']][0][2],
00051 array($params['resource_name'], &$smarty));
00052 }
00053
00054 return false;
00055 }
00056
00057
00058
00059 ?>