Gitee
\
Admin
Controller
Behavior
Boris
Home
Controller
Model
Org
Net
Util
Think
Cache
Driver
Controller
Crypt
Driver
Db
Driver
Image
Driver
Log
Driver
Model
Session
Driver
Storage
Driver
Template
Driver
TagLib
Upload
Driver
Bcs
Qiniu
Tool

\Smarty_Security

This class does contain the security settings

Summary

Methods
Properties
Constants
__construct()
isTrustedPhpFunction()
isTrustedStaticClass()
isTrustedPhpModifier()
isTrustedTag()
isTrustedModifier()
isTrustedStream()
isTrustedResourceDir()
isTrustedPHPDir()
$php_handling
$secure_dir
$trusted_dir
$static_classes
$php_functions
$php_modifiers
$allowed_tags
$disabled_tags
$allowed_modifiers
$disabled_modifiers
$streams
$allow_constants
$allow_super_globals
No constants found
No protected methods found
$_resource_dir
$_template_dir
$_config_dir
$_secure_dir
$_php_resource_dir
$_trusted_dir
N/A
No private methods found
No private properties found
N/A

Properties

$php_handling

$php_handling : integer

This determines how Smarty handles "<?php .

.. ?>" tags in templates. possible values:

  • Smarty::PHP_PASSTHRU -> echo PHP tags as they are
  • Smarty::PHP_QUOTE -> escape tags as entities
  • Smarty::PHP_REMOVE -> remove php tags
  • Smarty::PHP_ALLOW -> execute php tags

Type

integer

$secure_dir

$secure_dir : array

This is the list of template directories that are considered secure.

$template_dir is in this list implicitly.

Type

array

$trusted_dir

$trusted_dir : array

This is an array of directories where trusted php scripts reside.

\$security is disabled during their inclusion/execution.

Type

array

$static_classes

$static_classes : array

This is an array of trusted static classes.

If empty access to all static classes is allowed. If set to 'none' none is allowed.

Type

array

$php_functions

$php_functions : array

This is an array of trusted PHP functions.

If empty all functions are allowed. To disable all PHP functions set $php_functions = null.

Type

array

$php_modifiers

$php_modifiers : array

This is an array of trusted PHP modifers.

If empty all modifiers are allowed. To disable all modifier set $modifiers = null.

Type

array

$allowed_tags

$allowed_tags : array

This is an array of allowed tags.

If empty no restriction by allowed_tags.

Type

array

$disabled_tags

$disabled_tags : array

This is an array of disabled tags.

If empty no restriction by disabled_tags.

Type

array

$allowed_modifiers

$allowed_modifiers : array

This is an array of allowed modifier plugins.

If empty no restriction by allowed_modifiers.

Type

array

$disabled_modifiers

$disabled_modifiers : array

This is an array of disabled modifier plugins.

If empty no restriction by disabled_modifiers.

Type

array

$streams

$streams : array

This is an array of trusted streams.

If empty all streams are allowed. To disable all streams set $streams = null.

Type

array

$allow_constants

$allow_constants : boolean

+ flag if constants can be accessed from template

Type

boolean

$allow_super_globals

$allow_super_globals : boolean

+ flag if super globals can be accessed from template

Type

boolean

$_resource_dir

$_resource_dir : array

Cache for $resource_dir lookups

Type

array

$_template_dir

$_template_dir : array

Cache for $template_dir lookups

Type

array

$_config_dir

$_config_dir : array

Cache for $config_dir lookups

Type

array

$_secure_dir

$_secure_dir : array

Cache for $secure_dir lookups

Type

array

$_php_resource_dir

$_php_resource_dir : array

Cache for $php_resource_dir lookups

Type

array

$_trusted_dir

$_trusted_dir : array

Cache for $trusted_dir lookups

Type

array

Methods

__construct()

__construct(\Smarty  $smarty)

Parameters

\Smarty $smarty

isTrustedPhpFunction()

isTrustedPhpFunction(string  $function_name, object  $compiler) : boolean

Check if PHP function is trusted.

Parameters

string $function_name
object $compiler

compiler object

Throws

\SmartyCompilerException

if php function is not trusted

Returns

boolean —

true if function is trusted

isTrustedStaticClass()

isTrustedStaticClass(string  $class_name, object  $compiler) : boolean

Check if static class is trusted.

Parameters

string $class_name
object $compiler

compiler object

Throws

\SmartyCompilerException

if static class is not trusted

Returns

boolean —

true if class is trusted

isTrustedPhpModifier()

isTrustedPhpModifier(string  $modifier_name, object  $compiler) : boolean

Check if PHP modifier is trusted.

Parameters

string $modifier_name
object $compiler

compiler object

Throws

\SmartyCompilerException

if modifier is not trusted

Returns

boolean —

true if modifier is trusted

isTrustedTag()

isTrustedTag(string  $tag_name, object  $compiler) : boolean

Check if tag is trusted.

Parameters

string $tag_name
object $compiler

compiler object

Throws

\SmartyCompilerException

if modifier is not trusted

Returns

boolean —

true if tag is trusted

isTrustedModifier()

isTrustedModifier(string  $modifier_name, object  $compiler) : boolean

Check if modifier plugin is trusted.

Parameters

string $modifier_name
object $compiler

compiler object

Throws

\SmartyCompilerException

if modifier is not trusted

Returns

boolean —

true if tag is trusted

isTrustedStream()

isTrustedStream(string  $stream_name) : boolean

Check if stream is trusted.

Parameters

string $stream_name

Throws

\SmartyException

if stream is not trusted

Returns

boolean —

true if stream is trusted

isTrustedResourceDir()

isTrustedResourceDir(string  $filepath) : boolean

Check if directory of file resource is trusted.

Parameters

string $filepath

Throws

\SmartyException

if directory is not trusted

Returns

boolean —

true if directory is trusted

isTrustedPHPDir()

isTrustedPHPDir(string  $filepath) : boolean

Check if directory of file resource is trusted.

Parameters

string $filepath

Throws

\SmartyException

if PHP directory is not trusted

Returns

boolean —

true if directory is trusted