Loads security class and enables security
| public enableSecurity ( string | Smarty_Security $security_class = null ) : Smarty | ||
| $security_class | string | Smarty_Security | if a string is used, it must be class-name |
| return | Smarty | current Smarty instance for chaining |
/**
* 构造方法
*
* @return void
*/
protected function __construct()
{
\Yaf_Loader::import(APP_PATH . 'library/Thirdpart/Smarty/libs/Smarty.class.php');
$this->_smarty = new \Smarty();
$this->_smarty->setTemplateDir('');
$this->_smarty->setCompileDir(TMP_PATH . 'smarty-compile/');
$this->_smarty->setCacheDir(TMP_PATH . 'smarty-cache/');
$this->_smarty->setPluginsDir(APP_PATH . 'library/Smarty/Plugins/');
$this->_smarty->left_delimiter = '<!--{';
$this->_smarty->right_delimiter = '}-->';
$this->_smarty->enableSecurity('Comm\\Smarty_Security_Policy');
}
function renderEntries(Search_ResultSet $entries)
{
global $tikipath;
$smarty = new Smarty();
$smarty->setCompileDir($tikipath . 'templates_c');
$smarty->setTemplateDir(null);
$smarty->setTemplateDir(dirname($this->templateFile));
$smarty->setPluginsDir(array($tikipath . TIKI_SMARTY_DIR, SMARTY_DIR . 'plugins'));
$secpol = new Tiki_Security_Policy($smarty);
$secpol->secure_dir[] = dirname($this->templateFile);
$smarty->enableSecurity($secpol);
if ($this->changeDelimiters) {
$smarty->left_delimiter = '{{';
$smarty->right_delimiter = '}}';
}
foreach ($this->data as $key => $value) {
$smarty->assign($key, $value);
}
$smarty->assign('results', $entries);
$smarty->assign('facets', array_map(function ($facet) {
return array('name' => $facet->getName(), 'label' => $facet->getLabel(), 'options' => $facet->getOptions());
}, $entries->getFacets()));
$smarty->assign('count', count($entries));
$smarty->assign('offset', $entries->getOffset());
$smarty->assign('offsetplusone', $entries->getOffset() + 1);
$smarty->assign('offsetplusmaxRecords', $entries->getOffset() + $entries->getMaxRecords());
$smarty->assign('maxRecords', $entries->getMaxRecords());
return $smarty->fetch($this->templateFile);
}
/**
* Ksmarty singleton instance
*
* @return singleton
*/
public static function instance()
{
// Check if the instance already exists
if (Ksmarty::$instance === NULL) {
// Load Smarty
if (!class_exists('Smarty', FALSE)) {
require Kohana::find_file('vendor', 'smarty/Smarty.class');
}
// Initialize Smarty
$s = new Smarty();
// Apply configuration data
$config = Kohana::$config->load('smarty');
$s->compile_dir = $config->compile_dir;
$s->plugins_dir = $config->plugins_dir;
$s->cache_dir = $config->cache_dir;
$s->config_dir = $config->config_dir;
$s->debug_tpl = $config->debug_tpl;
$s->debugging_ctrl = $config->debugging_ctrl;
$s->debugging = $config->debugging;
$s->caching = $config->caching;
$s->force_compile = $config->force_compile;
// Check to see if we're using Smarty 3, in a PHP 4 compatible way
if (!array_key_exists('_version', get_class_vars('Smarty'))) {
// If so, we need to set the security policy using the new method
if ($config->security) {
if ($config->security_policy !== NULL) {
$s->enableSecurity($config->security_policy);
} else {
// Use default settings
$s->enableSecurity();
}
}
} else {
$s->security = $config->security;
}
// Register the autoload filters
$s->autoload_filters = array('pre' => $config->pre_filters, 'post' => $config->post_filters, 'output' => $config->output_filters);
// Create the instance singleton
Ksmarty::$instance = $s;
}
// Return the singleton
return Ksmarty::$instance;
}
private function init($layout)
{
$smarty = new \Smarty();
$smarty->setTemplateDir(App::get('root_dir') . "/template/{$layout}/tpl/");
//$smarty->template_dir = App::get('root_dir')."/template/$layout/tpl/";
$smarty->compile_dir = App::get('runtime_dir') . "/smarty";
$smarty->cache_dir = App::get('runtime_dir') . "/smarty_cache";
$smarty->config_dir = App::get('runtime_dir') . "/smarty_configs";
$smarty->error_reporting = E_ALL & ~E_NOTICE;
$smarty->inheritance_merge_compiled_includes = false;
if (Config::get('web.dev')) {
$smarty->force_compile = true;
$smarty->assign("dev", true);
} else {
$smarty->compile_check = false;
}
//var_dump(__DIR__);
$smarty->addPluginsDir(__DIR__ . '/Smarty/plugins');
$my_security_policy = new \Smarty_Security($smarty);
$my_security_policy->php_modifiers = array();
$my_security_policy->php_functions = array('count', 'in_array', 'is_array', 'time', 'ucfirst', 'mb_strtolower');
$smarty->enableSecurity($my_security_policy);
$this->smarty = $smarty;
}
public function display($content)
{
if (!$this->render) {
if (!headers_sent() && array_count($this->_headers) > 0) {
foreach ($this->_headers as $key => $val) {
header($val);
}
}
http_cache_off();
if (!Cookie::isSaved()) {
cookie()->save();
}
if (wasp_strlen($content) > 102400) {
@ini_set('zlib.output_compression', 1);
}
echo $this->getDebugInfo($content);
return;
}
$templater = new \Smarty();
$templater->enableSecurity('Wasp_Smarty_Security');
$templater->setTemplateDir($this->getThemePath() . DIR_SEP);
$temp_dir = TEMP_DIR . DIR_SEP . 'smarty' . DIR_SEP . $this->getThemeName();
if (!is_dir($temp_dir)) {
wasp_mkdir($temp_dir);
}
$templater->setCompileDir($temp_dir . DIR_SEP);
if (array_count($this->_assigns) > 0) {
foreach ($this->_assigns as $key => $val) {
$templater->assign($key, $val);
}
}
$templater->assign('content', $content);
if (function_exists('memory_get_peak_usage')) {
$templater->assign('max_mem_use', get_mem_use(true));
} else {
$templater->assign('max_mem_use', '-//-');
}
$out = $templater->fetch($this->_layout);
if (!headers_sent() && array_count($this->_headers) > 0) {
foreach ($this->_headers as $key => $val) {
header($val);
}
}
if (!Cookie::isSaved()) {
cookie()->save();
}
if (wasp_strlen($out) > 102400) {
ini_set('zlib.output_compression', 1);
}
unset($templater);
memory_clear();
/**
* Add CSS
*/
if (array_count($this->_css_list) > 0) {
$_ = "\n\t\t<!-- DYNAMIC CSS -->\n";
foreach ($this->_css_list as $key => $val) {
if (preg_match('/^http/is', $val)) {
$_ .= "\t\t<link href=\"{$val}\" rel=\"stylesheet\" type=\"text/css\" />\n";
} else {
$url = $this->getThemeUrl() . '/css/' . $val;
$_ .= "\t\t<link href=\"{$url}\" rel=\"stylesheet\" type=\"text/css\" />\n";
}
}
$out = preg_replace('#\\<\\/head\\>#is', $_ . "</head>\n", $out);
unset($_, $key, $val, $url);
}
/**
* Add JS
*/
if (array_count($this->_js_list) > 0) {
$info = "\n\t\t<!-- :position DYNAMIC JS -->\n";
foreach ($this->_js_list as $pos => $item) {
$_ = str_replace(':position', wasp_strtoupper($pos), "\n\t\t<!-- :position DYNAMIC JS -->\n");
if (array_count($item) > 0) {
foreach ($item as $key => $val) {
if (preg_match('/^http/is', $val)) {
$_ .= "\t\t<script type=\"text/javascript\" src=\"{$val}\"></script>\n";
} else {
$url = $this->getThemeUrl() . '/js/' . $val;
$_ .= "\t\t<script type=\"text/javascript\" src=\"{$url}\"></script>\n";
}
}
$out = preg_replace("#\\<\\/{$pos}\\>#is", $_ . "</{$pos}>\n", $out);
unset($_, $key, $val, $url);
}
}
unset($pos, $item);
}
echo $this->getDebugInfo($out);
}
public static function renderWidget(&$parser, $widgetName)
{
global $IP;
$smarty = new Smarty();
$smarty->left_delimiter = '<!--{';
$smarty->right_delimiter = '}-->';
$smarty->compile_dir = "{$IP}/extensions/Widgets/compiled_templates/";
// registering custom Smarty plugins
$smarty->addPluginsDir("{$IP}/extensions/Widgets/smarty_plugins/");
$smarty->enableSecurity();
// These settings were for Smarty v2 - they don't seem to
// have an equivalent in Smarty v3.
/*
$smarty->security_settings = array(
'IF_FUNCS' => array(
'is_array',
'isset',
'array',
'list',
'count',
'sizeof',
'in_array',
'true',
'false',
'null'
),
'MODIFIER_FUNCS' => array( 'validate' )
);
*/
// Register the Widgets extension functions.
$smarty->registerResource('wiki', array(array('WidgetRenderer', 'wiki_get_template'), array('WidgetRenderer', 'wiki_get_timestamp'), array('WidgetRenderer', 'wiki_get_secure'), array('WidgetRenderer', 'wiki_get_trusted')));
$params = func_get_args();
// The first and second params are the parser and the widget
// name - we already have both.
array_shift($params);
array_shift($params);
$params_tree = array();
foreach ($params as $param) {
$pair = explode('=', $param, 2);
if (count($pair) == 2) {
$key = trim($pair[0]);
$val = trim($pair[1]);
} else {
$key = $param;
$val = true;
}
if ($val == 'false') {
$val = false;
}
/* If the name of the parameter has object notation
a.b.c.d
then we assign stuff to hash of hashes, not scalar
*/
$keys = explode('.', $key);
// $subtree will be moved from top to the bottom and
// at the end will point to the last level.
$subtree =& $params_tree;
// Go through all the keys but the last one.
$last_key = array_pop($keys);
foreach ($keys as $subkey) {
// If next level of subtree doesn't exist yet,
// create an empty one.
if (!array_key_exists($subkey, $subtree)) {
$subtree[$subkey] = array();
}
// move to the lower level
$subtree =& $subtree[$subkey];
}
// last portion of the key points to itself
if (isset($subtree[$last_key])) {
// If this is already an array, push into it;
// otherwise, convert into an array first.
if (!is_array($subtree[$last_key])) {
$subtree[$last_key] = array($subtree[$last_key]);
}
$subtree[$last_key][] = $val;
} else {
// doesn't exist yet, just setting a value
$subtree[$last_key] = $val;
}
}
$smarty->assign($params_tree);
try {
$output = $smarty->fetch("wiki:{$widgetName}");
} catch (Exception $e) {
return '<div class=\\"error\\">' . wfMsgExt('widgets-desc', array('parsemag'), htmlentities($widgetName)) . '</div>';
}
// Hide the widget from the parser.
$output = 'ENCODED_CONTENT ' . self::$mRandomString . base64_encode($output) . ' END_ENCODED_CONTENT';
return $output;
}