Class Smarty_Security

This class does contain the security settings

Package: Smarty\Security
Author: Uwe Tews
Located at wa-system/vendors/smarty3/sysplugins/smarty_security.php

Methods summary
`public`	# `__construct( Smarty $smarty )` Parameters `$smarty` `Smarty` $smarty
`public boolean`	# `isTrustedPhpFunction( string $function_name, object $compiler )` Check if PHP function is trusted. Check if PHP function is trusted. Parameters `$function_name` `string` $function_name `$compiler` `object` $compiler compiler object Returns `boolean` true if function is trusted Throws `SmartyCompilerException` if php function is not trusted
`public boolean`	# `isTrustedStaticClass( string $class_name, object $compiler, mixed $method = false )` Check if static class is trusted. Check if static class is trusted. Parameters `$class_name` `string` $class_name `$compiler` `object` $compiler compiler object `$method` Returns `boolean` true if class is trusted Throws `SmartyCompilerException` if static class is not trusted
`public boolean`	# `isTrustedPhpModifier( string $modifier_name, object $compiler )` Check if PHP modifier is trusted. Check if PHP modifier is trusted. Parameters `$modifier_name` `string` $modifier_name `$compiler` `object` $compiler compiler object Returns `boolean` true if modifier is trusted Throws `SmartyCompilerException` if modifier is not trusted
`public boolean`	# `isTrustedTag( string $tag_name, object $compiler )` Check if tag is trusted. Check if tag is trusted. Parameters `$tag_name` `string` $tag_name `$compiler` `object` $compiler compiler object Returns `boolean` true if tag is trusted Throws `SmartyCompilerException` if modifier is not trusted
`public boolean`	# `isTrustedModifier( string $modifier_name, object $compiler )` Check if modifier plugin is trusted. Check if modifier plugin is trusted. Parameters `$modifier_name` `string` $modifier_name `$compiler` `object` $compiler compiler object Returns `boolean` true if tag is trusted Throws `SmartyCompilerException` if modifier is not trusted
`public boolean`	# `isTrustedStream( string $stream_name )` Check if stream is trusted. Check if stream is trusted. Parameters `$stream_name` `string` $stream_name Returns `boolean` true if stream is trusted Throws `SmartyException` if stream is not trusted
`public boolean`	# `isTrustedResourceDir( string $filepath )` Check if directory of file resource is trusted. Check if directory of file resource is trusted. Parameters `$filepath` `string` $filepath Returns `boolean` true if directory is trusted Throws `SmartyException` if directory is not trusted
`public boolean`	# `isTrustedUri( string $uri )` Check if URI (e.g. {fetch} or {html_image}) is trusted Check if URI (e.g. {fetch} or {html_image}) is trusted To simplify things, isTrustedUri() resolves all input to "{$PROTOCOL}://{$HOSTNAME}". So "http://username:password@hello.world.example.org:8080/some-path?some=query-string" is reduced to "http://hello.world.example.org" prior to applying the patters from `Smarty_Security::$trusted_uri`. Parameters `$uri` `string` $uri Returns `boolean` true if URI is trusted Throws `SmartyException` if URI is not trusted Uses `mixed` for list of patterns to match against $uri
`public boolean`	# `isTrustedPHPDir( string $filepath )` Check if directory of file resource is trusted. Check if directory of file resource is trusted. Parameters `$filepath` `string` $filepath Returns `boolean` true if directory is trusted Throws `SmartyException` if PHP directory is not trusted

Properties summary
`public integer`	`$php_handling`	`Smarty::PHP_PASSTHRU`	# This determines how Smarty handles "<?php ... ?>" tags in templates. possible values: Smarty::PHP_PASSTHRU -> echo PHP tags as they are Smarty::PHP_QUOTE -> escape tags as entities Smarty::PHP_REMOVE -> remove php tags Smarty::PHP_ALLOW -> execute php tags This determines how Smarty handles "<?php ... ?>" tags in templates. possible values: Smarty::PHP_PASSTHRU -> echo PHP tags as they are Smarty::PHP_QUOTE -> escape tags as entities Smarty::PHP_REMOVE -> remove php tags Smarty::PHP_ALLOW -> execute php tags
`protected array`	`$secure_dir`	`array()`	# This is the list of template directories that are considered secure. $template_dir is in this list implicitly. This is the list of template directories that are considered secure. $template_dir is in this list implicitly.
`public array`	`$trusted_dir`	`array()`	# This is an array of directories where trusted php scripts reside. $security is disabled during their inclusion/execution. This is an array of directories where trusted php scripts reside. $security is disabled during their inclusion/execution.
`protected array`	`$trusted_uri`	`array()`	# List of regular expressions (PCRE) that include trusted URIs List of regular expressions (PCRE) that include trusted URIs Used by `Smarty_Security::isTrustedUri()` for list of patterns to match against $uri
`protected array`	`$static_classes`	`array( 'waFiles', 'waSystem', 'waContactFields', 'waConfig', 'waUtils', 'waHtmlControl', 'waLog', 'waRequest::file' )`	# This is an array of trusted static classes. This is an array of trusted static classes. If empty access to all static classes is allowed. If set to 'none' none is allowed.
`protected array`	`$php_functions`	array( 'eval', 'exec', 'system', 'popen', 'proc_open', 'shell_exec', 'passthru', 'file_put_contents', 'file_get_contents', 'fopen', 'file', 'fwrite', 'fputs', 'copy', 'rename', 'move_uploaded_file', 'link', 'symlink', 'unlink', 'call_user_func', 'call_user_func_array', 'create_function', 'call_user_method', 'call_user_method_array', 'preg_replace_callback', 'wa', 'wa_lambda', 'preg_replace', 'unserialize', 'serialize', 'get_defined_vars', 'get_defined_constants', 'array_map', 'array_walk', 'array_reduce', 'array_filter', 'usort', 'uksort', 'uasort', 'array_diff_uassoc', 'array_diff_ukey', 'array_udiff_assoc', 'array_udiff_uassoc', 'array_udiff', 'array_uintersect_assoc', 'array_uintersect_uassoc', 'array_intersect_uassoc', 'array_intersect_ukey', 'array_uintersect', 'array_walk', 'array_walk_recursive', 'func_get_args', 'func_get_arg', 'class_alias', 'iterator_apply', 'mysql_fetch_object', 'mysqli_fetch_object', 'dom_import_simplexml', 'simplexml_load_string', 'simplexml_load_file', 'spl_autoload_register', 'spl_autoload_call', 'sscanf', 'curl_init' )	# This is an array of disabled PHP functions. This is an array of disabled PHP functions. If empty all functions are allowed. To disable all PHP functions set $php_functions = null.
`protected array`	`$php_modifiers`	`array()`	# This is an array of trusted PHP modifiers. This is an array of trusted PHP modifiers. If empty all modifiers are allowed. To disable all modifier set $modifiers = null.
`protected array`	`$allowed_tags`	`array()`	# This is an array of allowed tags. This is an array of allowed tags. If empty no restriction by allowed_tags.
`protected array`	`$disabled_tags`	`array( 'setfilter' )`	# This is an array of disabled tags. This is an array of disabled tags. If empty no restriction by disabled_tags.
`protected array`	`$allowed_modifiers`	`array()`	# This is an array of allowed modifier plugins. This is an array of allowed modifier plugins. If empty no restriction by allowed_modifiers.
`protected array`	`$disabled_modifiers`	`array()`	# This is an array of disabled modifier plugins. This is an array of disabled modifier plugins. If empty no restriction by disabled_modifiers.
`protected array`	`$streams`	`array('file')`	# This is an array of trusted streams. This is an array of trusted streams. If empty all streams are allowed. To disable all streams set $streams = null.
`public boolean`	`$allow_constants`	`true`	# flag if constants can be accessed from template flag if constants can be accessed from template
`public boolean`	`$allow_super_globals`	`true`	# flag if super globals can be accessed from template flag if super globals can be accessed from template
`protected array`	`$_resource_dir`	`null`	# Cache for $resource_dir lookups Cache for $resource_dir lookups
`protected array`	`$_template_dir`	`null`	# Cache for $template_dir lookups Cache for $template_dir lookups
`protected array`	`$_config_dir`	`null`	# Cache for $config_dir lookups Cache for $config_dir lookups
`protected array`	`$_secure_dir`	`null`	# Cache for $secure_dir lookups Cache for $secure_dir lookups
`protected array`	`$_php_resource_dir`	`null`	# Cache for $php_resource_dir lookups Cache for $php_resource_dir lookups
`protected array`	`$_trusted_dir`	`null`	# Cache for $trusted_dir lookups Cache for $trusted_dir lookups

Packages

Classes

Class Smarty_Security

Parameters

Parameters

Returns

Throws

Parameters

Returns

Throws

Parameters

Returns

Throws

Parameters

Returns

Throws

Parameters

Returns

Throws

Parameters

Returns

Throws

Parameters

Returns

Throws

Parameters

Returns

Throws

Uses

Parameters

Returns

Throws

Used by