/**
* needs a proper description
* @param Smarty $smarty
*/
function __construct($smarty)
{
if (class_exists("TikiLib")) {
$tikilib = TikiLib::lib('tiki');
}
parent::__construct($smarty);
$functions = array();
$modifiers = array();
$dirs = array();
//With phpunit and command line these don't exist yet for some reason
if (isset($tikilib) && method_exists($tikilib, "get_preference")) {
$functions = array_filter($tikilib->get_preference('smarty_security_functions', array(), true));
$modifiers = array_filter($tikilib->get_preference('smarty_security_modifiers', array(), true));
$dirs = array_filter($tikilib->get_preference('smarty_security_dirs', array(), true));
$cdns = preg_split('/\\s+/', $tikilib->get_preference('tiki_cdn', ''));
$cdns_ssl = preg_split('/\\s+/', $tikilib->get_preference('tiki_cdn_ssl', ''));
$cdn_uri = array_filter(array_merge($cdns, $cdns_ssl));
foreach ($cdn_uri as $uri) {
$this->trusted_uri[] = '#' . preg_quote($uri) . '$#';
}
}
$functions = isset($functions) ? $functions : array();
$modifiers = isset($modifiers) ? $modifiers : array();
$this->php_modifiers = array_merge(array('nl2br', 'escape', 'count', 'addslashes', 'ucfirst', 'ucwords', 'urlencode', 'md5', 'implode', 'explode', 'is_array', 'htmlentities', 'var_dump', 'strip_tags', 'json_encode', 'stristr', 'tra'), $modifiers);
$this->php_functions = array_merge(array('isset', 'empty', 'count', 'sizeof', 'in_array', 'is_array', 'time', 'nl2br', 'tra', 'strlen', 'strstr', 'strtolower', 'basename', 'ereg', 'array_key_exists', 'preg_match', 'json_encode', 'stristr', 'is_numeric', 'array', 'zone_is_empty'), $functions);
$this->secure_dir = array_merge($this->secure_dir, $dirs);
}
public function __construct($smarty)
{
parent::__construct($smarty);
$config = cmsms()->GetConfig();
$this->allow_php_tag = $config['use_smarty_php_tags'];
$this->php_functions = array('isset', 'empty', 'count', 'sizeof', 'in_array', 'is_array', 'time', 'lang', 'nl2br', 'file_exists', 'is_string', 'is_object', 'is_file', 'print_r', 'var_dump', 'htmlspecialchars', 'htmlspecialchars_decode');
}
public function __construct($smarty)
{
parent::__construct($smarty);
$this->secure_dir = array(OW_DIR_THEME, OW_DIR_SYSTEM_PLUGIN, OW_DIR_PLUGIN);
$this->php_functions = array('array', 'list', 'isset', 'empty', 'count', 'sizeof', 'in_array', 'is_array', 'true', 'false', 'null', 'strstr');
$this->php_modifiers = array('count');
$this->allow_constants = false;
$this->allow_super_globals = false;
$this->static_classes = null;
}
/**
* Loads security class and enables security
*
* @param string|Smarty_Security $security_class if a string is used, it must be class-name
*
* @return Smarty current Smarty instance for chaining
* @throws SmartyException when an invalid class name is provided
*/
public function enableSecurity($security_class = null)
{
Smarty_Security::enableSecurity($this, $security_class);
return $this;
}
function yy_r110()
{
if (!in_array(strtolower($this->yystack[$this->yyidx + -2]->minor), array('self', 'parent')) && (!$this->security || $this->security->isTrustedStaticClassAccess($this->yystack[$this->yyidx + -2]->minor, $this->yystack[$this->yyidx + 0]->minor, $this->compiler))) {
if (isset($this->smarty->registered_classes[$this->yystack[$this->yyidx + -2]->minor])) {
$this->_retvalue = $this->smarty->registered_classes[$this->yystack[$this->yyidx + -2]->minor] . '::' . $this->yystack[$this->yyidx + 0]->minor[0] . $this->yystack[$this->yyidx + 0]->minor[1];
} else {
$this->_retvalue = $this->yystack[$this->yyidx + -2]->minor . '::' . $this->yystack[$this->yyidx + 0]->minor[0] . $this->yystack[$this->yyidx + 0]->minor[1];
}
} else {
$this->compiler->trigger_template_error("static class '" . $this->yystack[$this->yyidx + -2]->minor . "' is undefined or not allowed by security setting");
}
}
function yy_r155()
{
if (!$this->security || $this->security->isTrustedPhpFunction($this->yystack[$this->yyidx + -3]->minor, $this->compiler)) {
if (strcasecmp($this->yystack[$this->yyidx + -3]->minor, 'isset') === 0 || strcasecmp($this->yystack[$this->yyidx + -3]->minor, 'empty') === 0 || strcasecmp($this->yystack[$this->yyidx + -3]->minor, 'array') === 0 || is_callable($this->yystack[$this->yyidx + -3]->minor)) {
$func_name = strtolower($this->yystack[$this->yyidx + -3]->minor);
if ($func_name == 'isset') {
if (count($this->yystack[$this->yyidx + -1]->minor) == 0) {
$this->compiler->trigger_template_error('Illegal number of paramer in "isset()"');
}
$par = implode(',', $this->yystack[$this->yyidx + -1]->minor);
if (strncasecmp($par, '$_smarty_tpl->smarty->ext->_config->_getConfigVariable', strlen('$_smarty_tpl->smarty->ext->_config->_getConfigVariable')) === 0) {
$prefixVar = $this->compiler->getNewPrefixVariable();
$this->compiler->appendPrefixCode("<?php {$prefixVar}" . '=' . str_replace(')', ', false)', $par) . ';?>');
$isset_par = $prefixVar;
} else {
$isset_par = str_replace("')->value", "',null,true,false)->value", $par);
}
$this->_retvalue = $this->yystack[$this->yyidx + -3]->minor . "(" . $isset_par . ")";
} elseif (in_array($func_name, array('empty', 'reset', 'current', 'end', 'prev', 'next'))) {
if (count($this->yystack[$this->yyidx + -1]->minor) != 1) {
$this->compiler->trigger_template_error('Illegal number of paramer in "empty()"');
}
if ($func_name == 'empty') {
$this->_retvalue = $func_name . '(' . str_replace("')->value", "',null,true,false)->value", $this->yystack[$this->yyidx + -1]->minor[0]) . ')';
} else {
$this->_retvalue = $func_name . '(' . $this->yystack[$this->yyidx + -1]->minor[0] . ')';
}
} else {
$this->_retvalue = $this->yystack[$this->yyidx + -3]->minor . "(" . implode(',', $this->yystack[$this->yyidx + -1]->minor) . ")";
}
} else {
$this->compiler->trigger_template_error("unknown function \"" . $this->yystack[$this->yyidx + -3]->minor . "\"");
}
}
}
function yy_r64()
{
if (defined($this->yystack[$this->yyidx + 0]->minor)) {
if ($this->security) {
$this->security->isTrustedConstant($this->yystack[$this->yyidx + 0]->minor, $this->compiler);
}
$this->_retvalue = [$this->yystack[$this->yyidx + -2]->minor => $this->yystack[$this->yyidx + 0]->minor];
} else {
$this->_retvalue = [$this->yystack[$this->yyidx + -2]->minor => '\'' . $this->yystack[$this->yyidx + 0]->minor . '\''];
}
}
public function __construct($smarty)
{
parent::__construct($smarty);
$this->secure_dir[] = dirname(__FILE__);
}