Overview

Packages

  • CONTENIDO
  • Core
    • Authentication
    • Backend
    • Cache
    • CEC
    • Chain
    • ContentType
    • Database
    • Debug
    • Exception
    • Frontend
      • Search
      • URI
      • Util
    • GenericDB
      • Model
    • GUI
      • HTML
    • I18N
    • LayoutHandler
    • Log
    • Security
    • Session
    • Util
    • Validation
    • Versioning
    • XML
  • Module
    • ContentRssCreator
    • ContentSitemapHtml
    • ContentSitemapXml
    • ContentUserForum
    • NavigationTop
    • ScriptCookieDirective
  • mpAutoloaderClassMap
  • None
  • Plugin
    • ContentAllocation
    • CronjobOverview
    • FormAssistant
    • FrontendLogic
    • FrontendUsers
    • Linkchecker
    • ModRewrite
    • Newsletter
    • Repository
      • FrontendNavigation
      • KeywordDensity
    • SearchSolr
    • SmartyWrapper
    • UrlShortener
    • UserForum
    • Workflow
  • PluginManager
  • Setup
    • Form
    • GUI
    • Helper
      • Environment
      • Filesystem
      • MySQL
      • PHP
    • UpgradeJob
  • Smarty
    • Cacher
    • Compiler
    • Config
    • Debug
    • PluginsBlock
    • PluginsFilter
    • PluginsFunction
    • PluginsInternal
    • PluginsModifier
    • PluginsModifierCompiler
    • PluginsShared
    • Security
    • Template
    • TemplateResources
  • Swift
    • ByteStream
    • CharacterStream
    • Encoder
    • Events
    • KeyCache
    • Mailer
    • Mime
    • Plugins
    • Transport

Classes

  • Smarty_Internal_Utility
  • Smarty_Security
  • Overview
  • Package
  • Class
  • Todo
  • Download

Class Smarty_Security

This class does contain the security settings

Package: Smarty\Security
Author: Uwe Tews
Located at plugins/smarty/smarty_source/sysplugins/smarty_security.php
Methods summary
public
# __construct( Smarty $smarty )

Parameters

$smarty
public boolean
# isTrustedPhpFunction( string $function_name, object $compiler )

Check if PHP function is trusted.

Check if PHP function is trusted.

Parameters

$function_name
$compiler
compiler object

Returns

boolean
true if function is trusted

Throws

SmartyCompilerException
if php function is not trusted
public boolean
# isTrustedStaticClass( string $class_name, object $compiler )

Check if static class is trusted.

Check if static class is trusted.

Parameters

$class_name
$compiler
compiler object

Returns

boolean
true if class is trusted

Throws

SmartyCompilerException
if static class is not trusted
public boolean
# isTrustedPhpModifier( string $modifier_name, object $compiler )

Check if PHP modifier is trusted.

Check if PHP modifier is trusted.

Parameters

$modifier_name
$compiler
compiler object

Returns

boolean
true if modifier is trusted

Throws

SmartyCompilerException
if modifier is not trusted
public boolean
# isTrustedTag( string $tag_name, object $compiler )

Check if tag is trusted.

Check if tag is trusted.

Parameters

$tag_name
$compiler
compiler object

Returns

boolean
true if tag is trusted

Throws

SmartyCompilerException
if modifier is not trusted
public boolean
# isTrustedModifier( string $modifier_name, object $compiler )

Check if modifier plugin is trusted.

Check if modifier plugin is trusted.

Parameters

$modifier_name
$compiler
compiler object

Returns

boolean
true if tag is trusted

Throws

SmartyCompilerException
if modifier is not trusted
public boolean
# isTrustedStream( string $stream_name )

Check if stream is trusted.

Check if stream is trusted.

Parameters

$stream_name

Returns

boolean
true if stream is trusted

Throws

SmartyException
if stream is not trusted
public boolean
# isTrustedResourceDir( string $filepath )

Check if directory of file resource is trusted.

Check if directory of file resource is trusted.

Parameters

$filepath

Returns

boolean
true if directory is trusted

Throws

SmartyException
if directory is not trusted
public boolean
# isTrustedUri( string $uri )

Check if URI (e.g. {fetch} or {html_image}) is trusted To simplify things, isTrustedUri() resolves all input to "{$PROTOCOL}://{$HOSTNAME}". So "http://username:password@hello.world.example.org:8080/some-path?some=query-string" is reduced to "http://hello.world.example.org" prior to applying the patters from Smarty_Security::$trusted_uri.

Check if URI (e.g. {fetch} or {html_image}) is trusted To simplify things, isTrustedUri() resolves all input to "{$PROTOCOL}://{$HOSTNAME}". So "http://username:password@hello.world.example.org:8080/some-path?some=query-string" is reduced to "http://hello.world.example.org" prior to applying the patters from Smarty_Security::$trusted_uri.

Parameters

$uri

Returns

boolean
true if URI is trusted

Throws

SmartyException
if URI is not trusted

Uses


for list of patterns to match against $uri
public boolean
# isTrustedPHPDir( string $filepath )

Check if directory of file resource is trusted.

Check if directory of file resource is trusted.

Parameters

$filepath

Returns

boolean
true if directory is trusted

Throws

SmartyException
if PHP directory is not trusted
Properties summary
public integer $php_handling

This determines how Smarty handles "" tags in templates. possible values:

  • Smarty::PHP_PASSTHRU -> echo PHP tags as they are
  • Smarty::PHP_QUOTE -> escape tags as entities
  • Smarty::PHP_REMOVE -> remove php tags
  • Smarty::PHP_ALLOW -> execute php tags

This determines how Smarty handles "" tags in templates. possible values:

  • Smarty::PHP_PASSTHRU -> echo PHP tags as they are
  • Smarty::PHP_QUOTE -> escape tags as entities
  • Smarty::PHP_REMOVE -> remove php tags
  • Smarty::PHP_ALLOW -> execute php tags
# Smarty::PHP_PASSTHRU
public array $secure_dir

This is the list of template directories that are considered secure. $template_dir is in this list implicitly.

This is the list of template directories that are considered secure. $template_dir is in this list implicitly.
# array()
public array $trusted_dir

This is an array of directories where trusted php scripts reside. $security is disabled during their inclusion/execution.

This is an array of directories where trusted php scripts reside. $security is disabled during their inclusion/execution.
# array()
public array $trusted_uri

List of regular expressions (PCRE) that include trusted URIs

List of regular expressions (PCRE) that include trusted URIs

Used by

Smarty_Security::isTrustedUri()
for list of patterns to match against $uri
# array()
public array $static_classes

This is an array of trusted static classes. If empty access to all static classes is allowed. If set to 'none' none is allowed.

This is an array of trusted static classes. If empty access to all static classes is allowed. If set to 'none' none is allowed.
# array()
public array $php_functions

This is an array of trusted PHP functions. If empty all functions are allowed. To disable all PHP functions set $php_functions = null.

This is an array of trusted PHP functions. If empty all functions are allowed. To disable all PHP functions set $php_functions = null.
# array( 'isset', 'empty', 'count', 'sizeof', 'in_array', 'is_array', 'time', 'nl2br', )
public array $php_modifiers

This is an array of trusted PHP modifiers. If empty all modifiers are allowed. To disable all modifier set $php_modifiers = null.

This is an array of trusted PHP modifiers. If empty all modifiers are allowed. To disable all modifier set $php_modifiers = null.
# array( 'escape', 'count' )
public array $allowed_tags

This is an array of allowed tags. If empty no restriction by allowed_tags.

This is an array of allowed tags. If empty no restriction by allowed_tags.
# array()
public array $disabled_tags

This is an array of disabled tags. If empty no restriction by disabled_tags.

This is an array of disabled tags. If empty no restriction by disabled_tags.
# array()
public array $allowed_modifiers

This is an array of allowed modifier plugins. If empty no restriction by allowed_modifiers.

This is an array of allowed modifier plugins. If empty no restriction by allowed_modifiers.
# array()
public array $disabled_modifiers

This is an array of disabled modifier plugins. If empty no restriction by disabled_modifiers.

This is an array of disabled modifier plugins. If empty no restriction by disabled_modifiers.
# array()
public array $streams

This is an array of trusted streams. If empty all streams are allowed. To disable all streams set $streams = null.

This is an array of trusted streams. If empty all streams are allowed. To disable all streams set $streams = null.
# array('file')
public boolean $allow_constants
  • flag if constants can be accessed from template
  • flag if constants can be accessed from template
# true
public boolean $allow_super_globals
  • flag if super globals can be accessed from template
  • flag if super globals can be accessed from template
# true
protected array $_resource_dir

Cache for $resource_dir lookup

Cache for $resource_dir lookup
# null
protected array $_template_dir

Cache for $template_dir lookup

Cache for $template_dir lookup
# null
protected array $_config_dir

Cache for $config_dir lookup

Cache for $config_dir lookup
# null
protected array $_secure_dir

Cache for $secure_dir lookup

Cache for $secure_dir lookup
# null
protected array $_php_resource_dir

Cache for $php_resource_dir lookup

Cache for $php_resource_dir lookup
# null
protected array $_trusted_dir

Cache for $trusted_dir lookup

Cache for $trusted_dir lookup
# null
CMS CONTENIDO 4.9.7 API documentation generated by ApiGen