Пример #1
0
 public function testGetSetSecurityPolicy()
 {
     $dwoo = new Dwoo(DWOO_COMPILE_DIR, DWOO_CACHE_DIR);
     $policy = new Dwoo_Security_Policy();
     $policy->setConstantHandling(Dwoo_Security_Policy::CONST_ALLOW);
     $dwoo->setSecurityPolicy($policy);
     $this->assertEquals($policy, $dwoo->getSecurityPolicy());
     $this->assertEquals($policy->getConstantHandling(), $dwoo->getSecurityPolicy()->getConstantHandling());
 }
Пример #2
0
/**
 * Reads a file
 * <pre>
 *  * file : path or URI of the file to read (however reading from another website is not recommended for performance reasons)
 *  * assign : if set, the file will be saved in this variable instead of being output
 * </pre>
 * This software is provided 'as-is', without any express or implied warranty.
 * In no event will the authors be held liable for any damages arising from the use of this software.
 *
 * @author     Jordi Boggiano <*****@*****.**>
 * @copyright  Copyright (c) 2008, Jordi Boggiano
 * @license    http://dwoo.org/LICENSE   Modified BSD License
 * @link       http://dwoo.org/
 * @version    1.1.0
 * @date       2009-07-18
 * @package    Dwoo
 */
function Dwoo_Plugin_fetch(Dwoo $dwoo, $file, $assign = null)
{
    if ($file === '') {
        return;
    }
    if ($policy = $dwoo->getSecurityPolicy()) {
        while (true) {
            if (preg_match('{^([a-z]+?)://}i', $file)) {
                return $dwoo->triggerError('The security policy prevents you to read files from external sources.', E_USER_WARNING);
            }
            $file = realpath($file);
            $dirs = $policy->getAllowedDirectories();
            foreach ($dirs as $dir => $dummy) {
                if (strpos($file, $dir) === 0) {
                    break 2;
                }
            }
            return $dwoo->triggerError('The security policy prevents you to read <em>' . $file . '</em>', E_USER_WARNING);
        }
    }
    $file = str_replace(array("\t", "\n", "\r"), array('\\t', '\\n', '\\r'), $file);
    $out = file_get_contents($file);
    if ($assign === null) {
        return $out;
    }
    $dwoo->assignInScope($out, $assign);
}
Пример #3
0
 /**
  * returns a new template object from the given include name, null if no include is
  * possible (resource not found), or false if include is not permitted by this resource type
  *
  * @param Dwoo $dwoo the dwoo instance requiring it
  * @param mixed $resourceId the filename (relative to this template's dir) of the template to include
  * @param int $cacheTime duration of the cache validity for this template,
  * 						 if null it defaults to the Dwoo instance that will
  * 						 render this template
  * @param string $cacheId the unique cache identifier of this page or anything else that
  * 						  makes this template's content unique, if null it defaults
  * 						  to the current url
  * @param string $compileId the unique compiled identifier, which is used to distinguish this
  * 							template from others, if null it defaults to the filename+bits of the path
  * @param Dwoo_ITemplate $parentTemplate the template that is requesting a new template object (through
  * 											an include, extends or any other plugin)
  * @return Dwoo_Template_File|null
  */
 public static function templateFactory(Dwoo $dwoo, $resourceId, $cacheTime = null, $cacheId = null, $compileId = null, Dwoo_ITemplate $parentTemplate = null)
 {
     if (DIRECTORY_SEPARATOR === '\\') {
         $resourceId = str_replace(array("\t", "\n", "\r", "\f", "\v"), array('\\t', '\\n', '\\r', '\\f', '\\v'), $resourceId);
     }
     $resourceId = strtr($resourceId, '\\', '/');
     $includePath = null;
     if (file_exists($resourceId) === false) {
         if ($parentTemplate === null) {
             $parentTemplate = $dwoo->getTemplate();
         }
         if ($parentTemplate instanceof Dwoo_Template_File) {
             if ($includePath = $parentTemplate->getIncludePath()) {
                 if (strstr($resourceId, '../')) {
                     throw new Dwoo_Exception('When using an include path you can not reference a template into a parent directory (using ../)');
                 }
             } else {
                 $resourceId = dirname($parentTemplate->getResourceIdentifier()) . DIRECTORY_SEPARATOR . $resourceId;
                 if (file_exists($resourceId) === false) {
                     return null;
                 }
             }
         } else {
             return null;
         }
     }
     if ($policy = $dwoo->getSecurityPolicy()) {
         while (true) {
             if (preg_match('{^([a-z]+?)://}i', $resourceId)) {
                 throw new Dwoo_Security_Exception('The security policy prevents you to read files from external sources : <em>' . $resourceId . '</em>.');
             }
             if ($includePath) {
                 break;
             }
             $resourceId = realpath($resourceId);
             $dirs = $policy->getAllowedDirectories();
             foreach ($dirs as $dir => $dummy) {
                 if (strpos($resourceId, $dir) === 0) {
                     break 2;
                 }
             }
             throw new Dwoo_Security_Exception('The security policy prevents you to read <em>' . $resourceId . '</em>');
         }
     }
     $class = 'Dwoo_Template_File';
     if ($parentTemplate) {
         $class = get_class($parentTemplate);
     }
     return new $class($resourceId, $cacheTime, $cacheId, $compileId, $includePath);
 }