enableSecurity() public method

Loads security class and enables security
public enableSecurity ( string | Smarty_Security $security_class = null ) : Smarty
$security_class string | Smarty_Security if a string is used, it must be class-name
return Smarty current Smarty instance for chaining
Exemplo n.º 1
0
 /**
  * 构造方法
  *
  * @return void
  */
 protected function __construct()
 {
     \Yaf_Loader::import(APP_PATH . 'library/Thirdpart/Smarty/libs/Smarty.class.php');
     $this->_smarty = new \Smarty();
     $this->_smarty->setTemplateDir('');
     $this->_smarty->setCompileDir(TMP_PATH . 'smarty-compile/');
     $this->_smarty->setCacheDir(TMP_PATH . 'smarty-cache/');
     $this->_smarty->setPluginsDir(APP_PATH . 'library/Smarty/Plugins/');
     $this->_smarty->left_delimiter = '<!--{';
     $this->_smarty->right_delimiter = '}-->';
     $this->_smarty->enableSecurity('Comm\\Smarty_Security_Policy');
 }
Exemplo n.º 2
0
 function renderEntries(Search_ResultSet $entries)
 {
     global $tikipath;
     $smarty = new Smarty();
     $smarty->setCompileDir($tikipath . 'templates_c');
     $smarty->setTemplateDir(null);
     $smarty->setTemplateDir(dirname($this->templateFile));
     $smarty->setPluginsDir(array($tikipath . TIKI_SMARTY_DIR, SMARTY_DIR . 'plugins'));
     $secpol = new Tiki_Security_Policy($smarty);
     $secpol->secure_dir[] = dirname($this->templateFile);
     $smarty->enableSecurity($secpol);
     if ($this->changeDelimiters) {
         $smarty->left_delimiter = '{{';
         $smarty->right_delimiter = '}}';
     }
     foreach ($this->data as $key => $value) {
         $smarty->assign($key, $value);
     }
     $smarty->assign('results', $entries);
     $smarty->assign('facets', array_map(function ($facet) {
         return array('name' => $facet->getName(), 'label' => $facet->getLabel(), 'options' => $facet->getOptions());
     }, $entries->getFacets()));
     $smarty->assign('count', count($entries));
     $smarty->assign('offset', $entries->getOffset());
     $smarty->assign('offsetplusone', $entries->getOffset() + 1);
     $smarty->assign('offsetplusmaxRecords', $entries->getOffset() + $entries->getMaxRecords());
     $smarty->assign('maxRecords', $entries->getMaxRecords());
     return $smarty->fetch($this->templateFile);
 }
Exemplo n.º 3
0
 /**
  * Ksmarty singleton instance 
  *
  * @return  singleton
  */
 public static function instance()
 {
     // Check if the instance already exists
     if (Ksmarty::$instance === NULL) {
         // Load Smarty
         if (!class_exists('Smarty', FALSE)) {
             require Kohana::find_file('vendor', 'smarty/Smarty.class');
         }
         // Initialize Smarty
         $s = new Smarty();
         // Apply configuration data
         $config = Kohana::$config->load('smarty');
         $s->compile_dir = $config->compile_dir;
         $s->plugins_dir = $config->plugins_dir;
         $s->cache_dir = $config->cache_dir;
         $s->config_dir = $config->config_dir;
         $s->debug_tpl = $config->debug_tpl;
         $s->debugging_ctrl = $config->debugging_ctrl;
         $s->debugging = $config->debugging;
         $s->caching = $config->caching;
         $s->force_compile = $config->force_compile;
         // Check to see if we're using Smarty 3, in a PHP 4 compatible way
         if (!array_key_exists('_version', get_class_vars('Smarty'))) {
             // If so, we need to set the security policy using the new method
             if ($config->security) {
                 if ($config->security_policy !== NULL) {
                     $s->enableSecurity($config->security_policy);
                 } else {
                     // Use default settings
                     $s->enableSecurity();
                 }
             }
         } else {
             $s->security = $config->security;
         }
         // Register the autoload filters
         $s->autoload_filters = array('pre' => $config->pre_filters, 'post' => $config->post_filters, 'output' => $config->output_filters);
         // Create the instance singleton
         Ksmarty::$instance = $s;
     }
     // Return the singleton
     return Ksmarty::$instance;
 }
Exemplo n.º 4
0
 private function init($layout)
 {
     $smarty = new \Smarty();
     $smarty->setTemplateDir(App::get('root_dir') . "/template/{$layout}/tpl/");
     //$smarty->template_dir	= App::get('root_dir')."/template/$layout/tpl/";
     $smarty->compile_dir = App::get('runtime_dir') . "/smarty";
     $smarty->cache_dir = App::get('runtime_dir') . "/smarty_cache";
     $smarty->config_dir = App::get('runtime_dir') . "/smarty_configs";
     $smarty->error_reporting = E_ALL & ~E_NOTICE;
     $smarty->inheritance_merge_compiled_includes = false;
     if (Config::get('web.dev')) {
         $smarty->force_compile = true;
         $smarty->assign("dev", true);
     } else {
         $smarty->compile_check = false;
     }
     //var_dump(__DIR__);
     $smarty->addPluginsDir(__DIR__ . '/Smarty/plugins');
     $my_security_policy = new \Smarty_Security($smarty);
     $my_security_policy->php_modifiers = array();
     $my_security_policy->php_functions = array('count', 'in_array', 'is_array', 'time', 'ucfirst', 'mb_strtolower');
     $smarty->enableSecurity($my_security_policy);
     $this->smarty = $smarty;
 }
Exemplo n.º 5
0
 public function display($content)
 {
     if (!$this->render) {
         if (!headers_sent() && array_count($this->_headers) > 0) {
             foreach ($this->_headers as $key => $val) {
                 header($val);
             }
         }
         http_cache_off();
         if (!Cookie::isSaved()) {
             cookie()->save();
         }
         if (wasp_strlen($content) > 102400) {
             @ini_set('zlib.output_compression', 1);
         }
         echo $this->getDebugInfo($content);
         return;
     }
     $templater = new \Smarty();
     $templater->enableSecurity('Wasp_Smarty_Security');
     $templater->setTemplateDir($this->getThemePath() . DIR_SEP);
     $temp_dir = TEMP_DIR . DIR_SEP . 'smarty' . DIR_SEP . $this->getThemeName();
     if (!is_dir($temp_dir)) {
         wasp_mkdir($temp_dir);
     }
     $templater->setCompileDir($temp_dir . DIR_SEP);
     if (array_count($this->_assigns) > 0) {
         foreach ($this->_assigns as $key => $val) {
             $templater->assign($key, $val);
         }
     }
     $templater->assign('content', $content);
     if (function_exists('memory_get_peak_usage')) {
         $templater->assign('max_mem_use', get_mem_use(true));
     } else {
         $templater->assign('max_mem_use', '-//-');
     }
     $out = $templater->fetch($this->_layout);
     if (!headers_sent() && array_count($this->_headers) > 0) {
         foreach ($this->_headers as $key => $val) {
             header($val);
         }
     }
     if (!Cookie::isSaved()) {
         cookie()->save();
     }
     if (wasp_strlen($out) > 102400) {
         ini_set('zlib.output_compression', 1);
     }
     unset($templater);
     memory_clear();
     /**
      * Add CSS
      */
     if (array_count($this->_css_list) > 0) {
         $_ = "\n\t\t<!-- DYNAMIC CSS -->\n";
         foreach ($this->_css_list as $key => $val) {
             if (preg_match('/^http/is', $val)) {
                 $_ .= "\t\t<link href=\"{$val}\" rel=\"stylesheet\" type=\"text/css\" />\n";
             } else {
                 $url = $this->getThemeUrl() . '/css/' . $val;
                 $_ .= "\t\t<link href=\"{$url}\" rel=\"stylesheet\" type=\"text/css\" />\n";
             }
         }
         $out = preg_replace('#\\<\\/head\\>#is', $_ . "</head>\n", $out);
         unset($_, $key, $val, $url);
     }
     /**
      * Add JS
      */
     if (array_count($this->_js_list) > 0) {
         $info = "\n\t\t<!-- :position DYNAMIC JS -->\n";
         foreach ($this->_js_list as $pos => $item) {
             $_ = str_replace(':position', wasp_strtoupper($pos), "\n\t\t<!-- :position DYNAMIC JS -->\n");
             if (array_count($item) > 0) {
                 foreach ($item as $key => $val) {
                     if (preg_match('/^http/is', $val)) {
                         $_ .= "\t\t<script type=\"text/javascript\" src=\"{$val}\"></script>\n";
                     } else {
                         $url = $this->getThemeUrl() . '/js/' . $val;
                         $_ .= "\t\t<script type=\"text/javascript\" src=\"{$url}\"></script>\n";
                     }
                 }
                 $out = preg_replace("#\\<\\/{$pos}\\>#is", $_ . "</{$pos}>\n", $out);
                 unset($_, $key, $val, $url);
             }
         }
         unset($pos, $item);
     }
     echo $this->getDebugInfo($out);
 }
Exemplo n.º 6
0
 public static function renderWidget(&$parser, $widgetName)
 {
     global $IP;
     $smarty = new Smarty();
     $smarty->left_delimiter = '<!--{';
     $smarty->right_delimiter = '}-->';
     $smarty->compile_dir = "{$IP}/extensions/Widgets/compiled_templates/";
     // registering custom Smarty plugins
     $smarty->addPluginsDir("{$IP}/extensions/Widgets/smarty_plugins/");
     $smarty->enableSecurity();
     // These settings were for Smarty v2 - they don't seem to
     // have an equivalent in Smarty v3.
     /*
     $smarty->security_settings = array(
     	'IF_FUNCS' => array(
     			'is_array',
     			'isset',
     			'array',
     			'list',
     			'count',
     			'sizeof',
     			'in_array',
     			'true',
     			'false',
     			'null'
     			),
     	'MODIFIER_FUNCS' => array( 'validate' )
     );
     */
     // Register the Widgets extension functions.
     $smarty->registerResource('wiki', array(array('WidgetRenderer', 'wiki_get_template'), array('WidgetRenderer', 'wiki_get_timestamp'), array('WidgetRenderer', 'wiki_get_secure'), array('WidgetRenderer', 'wiki_get_trusted')));
     $params = func_get_args();
     // The first and second params are the parser and the widget
     // name - we already have both.
     array_shift($params);
     array_shift($params);
     $params_tree = array();
     foreach ($params as $param) {
         $pair = explode('=', $param, 2);
         if (count($pair) == 2) {
             $key = trim($pair[0]);
             $val = trim($pair[1]);
         } else {
             $key = $param;
             $val = true;
         }
         if ($val == 'false') {
             $val = false;
         }
         /* If the name of the parameter has object notation
         
         				a.b.c.d
         
         			   then we assign stuff to hash of hashes, not scalar
         
         			*/
         $keys = explode('.', $key);
         // $subtree will be moved from top to the bottom and
         // at the end will point to the last level.
         $subtree =& $params_tree;
         // Go through all the keys but the last one.
         $last_key = array_pop($keys);
         foreach ($keys as $subkey) {
             // If next level of subtree doesn't exist yet,
             // create an empty one.
             if (!array_key_exists($subkey, $subtree)) {
                 $subtree[$subkey] = array();
             }
             // move to the lower level
             $subtree =& $subtree[$subkey];
         }
         // last portion of the key points to itself
         if (isset($subtree[$last_key])) {
             // If this is already an array, push into it;
             // otherwise, convert into an array first.
             if (!is_array($subtree[$last_key])) {
                 $subtree[$last_key] = array($subtree[$last_key]);
             }
             $subtree[$last_key][] = $val;
         } else {
             // doesn't exist yet, just setting a value
             $subtree[$last_key] = $val;
         }
     }
     $smarty->assign($params_tree);
     try {
         $output = $smarty->fetch("wiki:{$widgetName}");
     } catch (Exception $e) {
         return '<div class=\\"error\\">' . wfMsgExt('widgets-desc', array('parsemag'), htmlentities($widgetName)) . '</div>';
     }
     // Hide the widget from the parser.
     $output = 'ENCODED_CONTENT ' . self::$mRandomString . base64_encode($output) . ' END_ENCODED_CONTENT';
     return $output;
 }