'[SMARTY-DEV] shared.secure_file'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       smarty-dev
Subject:    [SMARTY-DEV] shared.secure_file
From:       Roberto Berto <berto () under ! com ! br>
Date:       2002-05-23 18:37:12
[Download RAW message or body]


I got the routine function.fetch in split in two files. I didnt write
anything, only changed the code.

In shared secure file there are a function that return TRUE if file can
be open and FALSE if not.

You can download the files at: 
http://opensource.under.com.br/smarty-plugins/function.fetch.php.txt
http://opensource.under.com.br/smarty-plugins/shared.secure_file.php.txt


With shared.secure_file users can create plugins that open files using
Smarty security.

I have a CVS account @php.net, if you approve changes I can send.


The diff is of function.fetch is:
[darkelder@under plugins]$ diff -b  function_old.php function.fetch.php
4,10c4,10
< * Smarty plugin
< * -------------------------------------------------------------
< * Type:     function
< * Name:     fetch
< * Purpose:  fetch file, web or ftp data and display results
< * -------------------------------------------------------------
< */
---
>  * Smarty plugin
>  * -------------------------------------------------------------
>  * Type:     function
>  * Name:     fetch
>  * Purpose:  fetch file, web or ftp data and display results
>  * -------------------------------------------------------------
>  */
14,16c14,16
<
<     if (empty($file)) {
<         $smarty->_trigger_plugin_error("parameter 'file' cannot be
empty");
---
>         require_once SMARTY_DIR . $smarty->plugins_dir .
>         '/shared.secure_file.php'; if
>         (smarty_secure_file($file,$smarty) == FALSE){
20,42d19
<     if ($smarty->security && !preg_match('!^(http|ftp)://!i', $file))
{
<         // fetching file, make sure it comes from secure directory
<         foreach ($smarty->secure_dir as $curr_dir) {
<             if (substr(realpath($file), 0,
strlen(realpath($curr_dir))) == realpath($curr_dir)) {
<                 $resource_is_secure = true;
<                 break;
<             }
<         }
<         if (!$resource_is_secure) {
<             $smarty->_trigger_plugin_error("(secure mode) fetch
'$file' is not allowed");
<             return;
<         }
<         // fetch the file
<         if($fp = @fopen($file,'r')) {
<             while(!feof($fp)) {
<                 $content .= fgets ($fp,4096);
<             }
<             fclose($fp);
<         } else {
<             $smarty->_trigger_plugin_error("fetch cannot read file
'$file'");
<             return;
<         }
<     } else {
190c167
<             // ftp fetch
---
>                       // ftp fetch or local file fetch
202c179
<     }
---
>









Atenciosamente,

---------------------------------------------------------
Roberto Bertó, e-Consultor
Cel:    51 91169628
email:  berto@under.com.br

UNDER DEVELOPMENT - http://www.UNDER.com.br
Tel/FAX: 51 32270599  Rua Duque de Caxias, 1594 apto. 204
CEP 900010-281 - Porto Alegre - RS
---------------------------------------------------------

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic