[prev in list] [next in list] [prev in thread] [next in thread]
List: smarty-dev
Subject: [SMARTY-DEV] shared.secure_file
From: Roberto Berto <berto () under ! com ! br>
Date: 2002-05-23 18:37:12
[Download RAW message or body]
I got the routine function.fetch in split in two files. I didnt write
anything, only changed the code.
In shared secure file there are a function that return TRUE if file can
be open and FALSE if not.
You can download the files at:
http://opensource.under.com.br/smarty-plugins/function.fetch.php.txt
http://opensource.under.com.br/smarty-plugins/shared.secure_file.php.txt
With shared.secure_file users can create plugins that open files using
Smarty security.
I have a CVS account @php.net, if you approve changes I can send.
The diff is of function.fetch is:
[darkelder@under plugins]$ diff -b function_old.php function.fetch.php
4,10c4,10
< * Smarty plugin
< * -------------------------------------------------------------
< * Type: function
< * Name: fetch
< * Purpose: fetch file, web or ftp data and display results
< * -------------------------------------------------------------
< */
---
> * Smarty plugin
> * -------------------------------------------------------------
> * Type: function
> * Name: fetch
> * Purpose: fetch file, web or ftp data and display results
> * -------------------------------------------------------------
> */
14,16c14,16
<
< if (empty($file)) {
< $smarty->_trigger_plugin_error("parameter 'file' cannot be
empty");
---
> require_once SMARTY_DIR . $smarty->plugins_dir .
> '/shared.secure_file.php'; if
> (smarty_secure_file($file,$smarty) == FALSE){
20,42d19
< if ($smarty->security && !preg_match('!^(http|ftp)://!i', $file))
{
< // fetching file, make sure it comes from secure directory
< foreach ($smarty->secure_dir as $curr_dir) {
< if (substr(realpath($file), 0,
strlen(realpath($curr_dir))) == realpath($curr_dir)) {
< $resource_is_secure = true;
< break;
< }
< }
< if (!$resource_is_secure) {
< $smarty->_trigger_plugin_error("(secure mode) fetch
'$file' is not allowed");
< return;
< }
< // fetch the file
< if($fp = @fopen($file,'r')) {
< while(!feof($fp)) {
< $content .= fgets ($fp,4096);
< }
< fclose($fp);
< } else {
< $smarty->_trigger_plugin_error("fetch cannot read file
'$file'");
< return;
< }
< } else {
190c167
< // ftp fetch
---
> // ftp fetch or local file fetch
202c179
< }
---
>
Atenciosamente,
---------------------------------------------------------
Roberto Bertó, e-Consultor
Cel: 51 91169628
email: berto@under.com.br
UNDER DEVELOPMENT - http://www.UNDER.com.br
Tel/FAX: 51 32270599 Rua Duque de Caxias, 1594 apto. 204
CEP 900010-281 - Porto Alegre - RS
---------------------------------------------------------
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic