Class Smarty_Security
This class does contain the security settings
Author: Uwe Tews
Located at tpl/smarty/sysplugins/smarty_security.php
Methods summary
public
|
|
public
boolean
|
|
public
boolean
|
|
public
boolean
|
#
isTrustedStaticClassAccess( string $class_name, string $params, object $compiler )
Check if static class method/property is trusted. |
public
boolean
|
|
public
boolean
|
|
public
boolean
|
#
isTrustedSpecialSmartyVar( string $var_name, object $compiler )
Check if special $smarty variable is trusted. |
public
boolean
|
|
public
boolean
|
|
public
boolean
|
|
public
boolean
|
#
isTrustedResourceDir( string $filepath, null|boolean $isConfig = null )
Check if directory of file resource is trusted. |
public
boolean
|
#
isTrustedUri( string $uri )
Check if URI (e.g. {fetch} or {html_image}) is trusted
To simplify things, isTrustedUri() resolves all input to "{$PROTOCOL}://{$HOSTNAME}".
So "http://username:password@hello.world.example.org:8080/some-path?some=query-string"
is reduced to "http://hello.world.example.org" prior to applying the patters from |
public
boolean
|
|
public static
|
#
enableSecurity(
Loads security class and enables security |
public
|
|
public
|
|
public
|
#
registerCallBacks(
Register callback functions call at start/end of template rendering |
Properties summary
public
integer
|
$php_handling
This determines how Smarty handles "" tags in templates. possible values:
|
|
public
array
|
$secure_dir
This is the list of template directories that are considered secure. $template_dir is in this list implicitly. |
#
array()
|
public
array
|
$trusted_dir
This is an array of directories where trusted php scripts reside. $security is disabled during their inclusion/execution. |
#
array()
|
public
array
|
$trusted_uri
List of regular expressions (PCRE) that include trusted URIs |
#
array()
|
public
array
|
$trusted_constants
List of trusted constants names |
#
array()
|
public
array
|
$static_classes
This is an array of trusted static classes. If empty access to all static classes is allowed. If set to 'none' none is allowed. |
#
array()
|
public
array
|
$trusted_static_methods
This is an nested array of trusted classes and static methods. If empty access to all static classes and methods is allowed. Format: array ( 'class_1' => array('method_1', 'method_2'), // allowed methods listed 'class_2' => array(), // all methods of class allowed ) If set to null none is allowed. |
#
array()
|
public
array
|
$trusted_static_properties
This is an array of trusted static properties. If empty access to all static classes and properties is allowed. Format: array ( 'class_1' => array('prop_1', 'prop_2'), // allowed properties listed 'class_2' => array(), // all properties of class allowed ) If set to null none is allowed. |
#
array()
|
public
array
|
$php_functions
This is an array of trusted PHP functions. If empty all functions are allowed. To disable all PHP functions set $php_functions = null. |
#
array('isset', 'empty', 'count', 'sizeof', 'in_array', 'is_array', 'time',)
|
public
array
|
$php_modifiers
This is an array of trusted PHP modifiers. If empty all modifiers are allowed. To disable all modifier set $php_modifiers = null. |
#
array('escape', 'count', 'nl2br',)
|
public
array
|
$allowed_tags
This is an array of allowed tags. If empty no restriction by allowed_tags. |
#
array()
|
public
array
|
$disabled_tags
This is an array of disabled tags. If empty no restriction by disabled_tags. |
#
array()
|
public
array
|
$allowed_modifiers
This is an array of allowed modifier plugins. If empty no restriction by allowed_modifiers. |
#
array()
|
public
array
|
$disabled_modifiers
This is an array of disabled modifier plugins. If empty no restriction by disabled_modifiers. |
#
array()
|
public
array
|
$disabled_special_smarty_vars
This is an array of disabled special $smarty variables. |
#
array()
|
public
array
|
$streams
This is an array of trusted streams. If empty all streams are allowed. To disable all streams set $streams = null. |
#
array('file')
|
public
boolean
|
$allow_constants
|
#
true
|
public
boolean
|
$allow_super_globals
|
#
true
|
public
integer
|
$max_template_nesting
max template nesting level |
#
0
|
protected
array
|
$_resource_dir
Cache for $resource_dir lookup |
#
array()
|
protected
array
|
$_template_dir
Cache for $template_dir lookup |
#
array()
|
protected
array
|
$_config_dir
Cache for $config_dir lookup |
#
array()
|
protected
array
|
$_secure_dir
Cache for $secure_dir lookup |
#
array()
|
protected
array
|
$_php_resource_dir
Cache for $php_resource_dir lookup |
#
null
|
protected
array
|
$_trusted_dir
Cache for $trusted_dir lookup |
#
null
|
protected
boolean
|
$_include_path_status
Cache for include path status |
#
false
|
protected
array
|
$_include_dir
Cache for $_include_array lookup |
#
array()
|