Update to Smarty 3.1.15

2013-10-09 19:08:38 +02:00 · 2013-10-09 19:08:38 +02:00 · 1c9cd9208f
commit 1c9cd9208f
parent bea18b03e2
119 changed files with 5232 additions and 4641 deletions
--- a/onyx/modules/templates/smarty/sysplugins/smarty_security.php
+++ b/onyx/modules/templates/smarty/sysplugins/smarty_security.php
@ -6,21 +6,21 @@
 * @subpackage Security
 * @author Uwe Tews
 */
- 
+
 /*
 * FIXME: Smarty_Security API
 *      - getter and setter instead of public properties would allow cultivating an internal cache properly
 *      - current implementation of isTrustedResourceDir() assumes that Smarty::$template_dir and Smarty::$config_dir are immutable
 *        the cache is killed every time either of the variables change. That means that two distinct Smarty objects with differing
- *        $template_dir or $config_dir should NOT share the same Smarty_Security instance, 
- *        as this would lead to (severe) performance penalty! how should this be handled? 
+ *        $template_dir or $config_dir should NOT share the same Smarty_Security instance,
+ *        as this would lead to (severe) performance penalty! how should this be handled?
 */

 /**
 * This class does contain the security settings
 */
-class Smarty_Security {
-
+class Smarty_Security
+{
    /**
     * This determines how Smarty handles "<?php ... ?>" tags in templates.
     * possible values:
@ -77,7 +77,7 @@ class Smarty_Security {
        'nl2br',
    );
    /**
-     * This is an array of trusted PHP modifers.
+     * This is an array of trusted PHP modifiers.
     *
     * If empty all modifiers are allowed.
     * To disable all modifier set $modifiers = null.
@ -164,8 +164,7 @@ class Smarty_Security {
     * @var array
     */
    protected $_trusted_dir = null;
-    
-    
+
    /**
     * @param Smarty $smarty
     */
@ -173,13 +172,13 @@ class Smarty_Security {
    {
        $this->smarty = $smarty;
    }
-    
+
    /**
     * Check if PHP function is trusted.
     *
-     * @param string $function_name
-     * @param object $compiler compiler object
-     * @return boolean true if function is trusted
+     * @param  string                  $function_name
+     * @param  object                  $compiler      compiler object
+     * @return boolean                 true if function is trusted
     * @throws SmartyCompilerException if php function is not trusted
     */
    public function isTrustedPhpFunction($function_name, $compiler)
@ -189,15 +188,16 @@ class Smarty_Security {
        }

        $compiler->trigger_template_error("PHP function '{$function_name}' not allowed by security setting");
+
        return false; // should not, but who knows what happens to the compiler in the future?
    }

    /**
     * Check if static class is trusted.
     *
-     * @param string $class_name
-     * @param object $compiler compiler object
-     * @return boolean true if class is trusted
+     * @param  string                  $class_name
+     * @param  object                  $compiler   compiler object
+     * @return boolean                 true if class is trusted
     * @throws SmartyCompilerException if static class is not trusted
     */
    public function isTrustedStaticClass($class_name, $compiler)
@ -207,15 +207,16 @@ class Smarty_Security {
        }

        $compiler->trigger_template_error("access to static class '{$class_name}' not allowed by security setting");
+
        return false; // should not, but who knows what happens to the compiler in the future?
    }

    /**
     * Check if PHP modifier is trusted.
     *
-     * @param string $modifier_name
-     * @param object $compiler compiler object
-     * @return boolean true if modifier is trusted
+     * @param  string                  $modifier_name
+     * @param  object                  $compiler      compiler object
+     * @return boolean                 true if modifier is trusted
     * @throws SmartyCompilerException if modifier is not trusted
     */
    public function isTrustedPhpModifier($modifier_name, $compiler)
@ -225,15 +226,16 @@ class Smarty_Security {
        }

        $compiler->trigger_template_error("modifier '{$modifier_name}' not allowed by security setting");
+
        return false; // should not, but who knows what happens to the compiler in the future?
    }

    /**
     * Check if tag is trusted.
     *
-     * @param string $tag_name
-     * @param object $compiler compiler object
-     * @return boolean true if tag is trusted
+     * @param  string                  $tag_name
+     * @param  object                  $compiler compiler object
+     * @return boolean                 true if tag is trusted
     * @throws SmartyCompilerException if modifier is not trusted
     */
    public function isTrustedTag($tag_name, $compiler)
@ -250,20 +252,21 @@ class Smarty_Security {
            } else {
                $compiler->trigger_template_error("tag '{$tag_name}' disabled by security setting", $compiler->lex->taglineno);
            }
-        } else if (in_array($tag_name, $this->allowed_tags) && !in_array($tag_name, $this->disabled_tags)) {
+        } elseif (in_array($tag_name, $this->allowed_tags) && !in_array($tag_name, $this->disabled_tags)) {
            return true;
        } else {
            $compiler->trigger_template_error("tag '{$tag_name}' not allowed by security setting", $compiler->lex->taglineno);
        }
+
        return false; // should not, but who knows what happens to the compiler in the future?
    }

    /**
     * Check if modifier plugin is trusted.
     *
-     * @param string $modifier_name
-     * @param object $compiler compiler object
-     * @return boolean true if tag is trusted
+     * @param  string                  $modifier_name
+     * @param  object                  $compiler      compiler object
+     * @return boolean                 true if tag is trusted
     * @throws SmartyCompilerException if modifier is not trusted
     */
    public function isTrustedModifier($modifier_name, $compiler)
@ -279,19 +282,20 @@ class Smarty_Security {
            } else {
                $compiler->trigger_template_error("modifier '{$modifier_name}' disabled by security setting", $compiler->lex->taglineno);
            }
-        } else if (in_array($modifier_name, $this->allowed_modifiers) && !in_array($modifier_name, $this->disabled_modifiers)) {
+        } elseif (in_array($modifier_name, $this->allowed_modifiers) && !in_array($modifier_name, $this->disabled_modifiers)) {
            return true;
        } else {
            $compiler->trigger_template_error("modifier '{$modifier_name}' not allowed by security setting", $compiler->lex->taglineno);
        }
+
        return false; // should not, but who knows what happens to the compiler in the future?
    }

    /**
     * Check if stream is trusted.
     *
-     * @param string $stream_name
-     * @return boolean true if stream is trusted
+     * @param  string          $stream_name
+     * @return boolean         true if stream is trusted
     * @throws SmartyException if stream is not trusted
     */
    public function isTrustedStream($stream_name)
@ -306,8 +310,8 @@ class Smarty_Security {
    /**
     * Check if directory of file resource is trusted.
     *
-     * @param string $filepath
-     * @return boolean true if directory is trusted
+     * @param  string          $filepath
+     * @return boolean         true if directory is trusted
     * @throws SmartyException if directory is not trusted
     */
    public function isTrustedResourceDir($filepath)
@ -367,6 +371,7 @@ class Smarty_Security {
            if (isset($this->_resource_dir[$directory])) {
                // merge sub directories of current $directory into _resource_dir to speed up subsequent lookups
                $this->_resource_dir = array_merge($this->_resource_dir, $_directory);
+
                return true;
            }
            // abort if we've reached root
@ -380,15 +385,15 @@ class Smarty_Security {
        // give up
        throw new SmartyException("directory '{$_filepath}' not allowed by security setting");
    }
-    
+
    /**
     * Check if URI (e.g. {fetch} or {html_image}) is trusted
     *
     * To simplify things, isTrustedUri() resolves all input to "{$PROTOCOL}://{$HOSTNAME}".
     * So "http://username:password@hello.world.example.org:8080/some-path?some=query-string"
     * is reduced to "http://hello.world.example.org" prior to applying the patters from {@link $trusted_uri}.
-     * @param string $uri 
-     * @return boolean true if URI is trusted
+     * @param  string          $uri
+     * @return boolean         true if URI is trusted
     * @throws SmartyException if URI is not trusted
     * @uses $trusted_uri for list of patterns to match against $uri
     */
@ -403,15 +408,15 @@ class Smarty_Security {
                }
            }
        }
-        
+
        throw new SmartyException("URI '{$uri}' not allowed by security setting");
    }
-    
+
    /**
     * Check if directory of file resource is trusted.
     *
-     * @param string $filepath
-     * @return boolean true if directory is trusted
+     * @param  string          $filepath
+     * @return boolean         true if directory is trusted
     * @throws SmartyException if PHP directory is not trusted
     */
    public function isTrustedPHPDir($filepath)
@ -441,6 +446,7 @@ class Smarty_Security {
            if (isset($this->_php_resource_dir[$directory])) {
                // merge sub directories of current $directory into _resource_dir to speed up subsequent lookups
                $this->_php_resource_dir = array_merge($this->_php_resource_dir, $_directory);
+
                return true;
            }
            // abort if we've reached root
@ -455,5 +461,3 @@ class Smarty_Security {
    }

 }
-
-?>