public function testGetSetSecurityPolicy()
{
$dwoo = new Dwoo(DWOO_COMPILE_DIR, DWOO_CACHE_DIR);
$policy = new Dwoo_Security_Policy();
$policy->setConstantHandling(Dwoo_Security_Policy::CONST_ALLOW);
$dwoo->setSecurityPolicy($policy);
$this->assertEquals($policy, $dwoo->getSecurityPolicy());
$this->assertEquals($policy->getConstantHandling(), $dwoo->getSecurityPolicy()->getConstantHandling());
}
/**
* Reads a file
* <pre>
* * file : path or URI of the file to read (however reading from another website is not recommended for performance reasons)
* * assign : if set, the file will be saved in this variable instead of being output
* </pre>
* This software is provided 'as-is', without any express or implied warranty.
* In no event will the authors be held liable for any damages arising from the use of this software.
*
* @author Jordi Boggiano <*****@*****.**>
* @copyright Copyright (c) 2008, Jordi Boggiano
* @license http://dwoo.org/LICENSE Modified BSD License
* @link http://dwoo.org/
* @version 1.1.0
* @date 2009-07-18
* @package Dwoo
*/
function Dwoo_Plugin_fetch(Dwoo $dwoo, $file, $assign = null)
{
if ($file === '') {
return;
}
if ($policy = $dwoo->getSecurityPolicy()) {
while (true) {
if (preg_match('{^([a-z]+?)://}i', $file)) {
return $dwoo->triggerError('The security policy prevents you to read files from external sources.', E_USER_WARNING);
}
$file = realpath($file);
$dirs = $policy->getAllowedDirectories();
foreach ($dirs as $dir => $dummy) {
if (strpos($file, $dir) === 0) {
break 2;
}
}
return $dwoo->triggerError('The security policy prevents you to read <em>' . $file . '</em>', E_USER_WARNING);
}
}
$file = str_replace(array("\t", "\n", "\r"), array('\\t', '\\n', '\\r'), $file);
$out = file_get_contents($file);
if ($assign === null) {
return $out;
}
$dwoo->assignInScope($out, $assign);
}
/**
* returns a new template object from the given include name, null if no include is
* possible (resource not found), or false if include is not permitted by this resource type
*
* @param Dwoo $dwoo the dwoo instance requiring it
* @param mixed $resourceId the filename (relative to this template's dir) of the template to include
* @param int $cacheTime duration of the cache validity for this template,
* if null it defaults to the Dwoo instance that will
* render this template
* @param string $cacheId the unique cache identifier of this page or anything else that
* makes this template's content unique, if null it defaults
* to the current url
* @param string $compileId the unique compiled identifier, which is used to distinguish this
* template from others, if null it defaults to the filename+bits of the path
* @param Dwoo_ITemplate $parentTemplate the template that is requesting a new template object (through
* an include, extends or any other plugin)
* @return Dwoo_Template_File|null
*/
public static function templateFactory(Dwoo $dwoo, $resourceId, $cacheTime = null, $cacheId = null, $compileId = null, Dwoo_ITemplate $parentTemplate = null)
{
if (DIRECTORY_SEPARATOR === '\\') {
$resourceId = str_replace(array("\t", "\n", "\r", "\f", "\v"), array('\\t', '\\n', '\\r', '\\f', '\\v'), $resourceId);
}
$resourceId = strtr($resourceId, '\\', '/');
$includePath = null;
if (file_exists($resourceId) === false) {
if ($parentTemplate === null) {
$parentTemplate = $dwoo->getTemplate();
}
if ($parentTemplate instanceof Dwoo_Template_File) {
if ($includePath = $parentTemplate->getIncludePath()) {
if (strstr($resourceId, '../')) {
throw new Dwoo_Exception('When using an include path you can not reference a template into a parent directory (using ../)');
}
} else {
$resourceId = dirname($parentTemplate->getResourceIdentifier()) . DIRECTORY_SEPARATOR . $resourceId;
if (file_exists($resourceId) === false) {
return null;
}
}
} else {
return null;
}
}
if ($policy = $dwoo->getSecurityPolicy()) {
while (true) {
if (preg_match('{^([a-z]+?)://}i', $resourceId)) {
throw new Dwoo_Security_Exception('The security policy prevents you to read files from external sources : <em>' . $resourceId . '</em>.');
}
if ($includePath) {
break;
}
$resourceId = realpath($resourceId);
$dirs = $policy->getAllowedDirectories();
foreach ($dirs as $dir => $dummy) {
if (strpos($resourceId, $dir) === 0) {
break 2;
}
}
throw new Dwoo_Security_Exception('The security policy prevents you to read <em>' . $resourceId . '</em>');
}
}
$class = 'Dwoo_Template_File';
if ($parentTemplate) {
$class = get_class($parentTemplate);
}
return new $class($resourceId, $cacheTime, $cacheId, $compileId, $includePath);
}
