Overview

Packages

  • akismet
  • None
  • PHP
  • Smarty
    • Cacher
    • Compiler
    • Config
    • Debug
    • plugins
    • PluginsBlock
    • PluginsFilter
    • PluginsFunction
    • PluginsInternal
    • PluginsModifier
    • PluginsModifierCompiler
    • PluginsShared
    • Security
    • Template
    • TemplateResources
  • Swift
    • ByteStream
    • CharacterStream
    • Encoder
    • Events
    • KeyCache
    • Mailer
    • Mime
    • Plugins
    • Signatures
    • Signed
    • Transport
  • wa-apps
    • blog
      • actions
        • backend
        • blog
        • comment
        • cron
        • design
        • frontend
        • page
        • plugin
        • post
      • api
        • v1
      • cli
      • layout
      • model
      • plugin
        • aksimet
        • category
        • emailsubscription
        • favorite
        • gravatar
        • import
        • markdown
        • myposts
        • tag
        • troll
      • settings
    • checklists
      • backend
      • json
    • contacts
      • backend
    • developer
    • dummy
    • guestbook
    • guestbook2
    • photos
      • album
      • api
        • v1
      • backend
      • design
      • dialog
      • frontend
      • page
      • photo
      • plugin
        • comment
        • imageeffects
        • import
        • publicgallery
        • watermark
      • search
      • settings
      • stack
      • tag
      • upload
    • site
      • backend
      • blocks
      • config
      • design
      • domains
      • files
      • frontend
      • helper
      • layout
      • pages
      • routing
      • setting
    • stickies
      • api
        • v1
      • sheet
      • stiky
  • wa-plugin
    • payment
    • shipping
    • sms
  • wa-plugins
    • shipping
      • usps
  • wa-system
    • API
    • Auth
      • Adapters
    • Autoload
    • Cache
      • Adapter
    • Captcha
    • Config
    • Contact
    • controller
    • currency
    • database
    • datetime
    • design
    • event
    • exception
    • files
    • image
    • layout
    • locale
    • log
    • mail
    • page
      • action
      • model
    • payment
    • plugin
    • request
    • response
    • routing
    • shipping
    • sms
    • storage
    • user
    • util
    • validator
    • view
    • webasyst
      • api
      • backend
      • cli
      • config
      • layout
      • login
      • model
      • password
      • payment
      • profile
      • settings
      • shipment
    • widget
    • workflow
  • waPlugins
    • Payment
  • webasyst
    • wa-system
      • helper

Classes

  • Smarty_Internal_Utility
  • Smarty_Security
  • Overview
  • Package
  • Class
  • Tree
  • Deprecated
  • Todo

Class Smarty_Security

This class does contain the security settings

Package: Smarty\Security
Author: Uwe Tews
Located at wa-system/vendors/smarty3/sysplugins/smarty_security.php
Methods summary
public
# __construct( Smarty $smarty )

Parameters

$smarty
Smarty
$smarty
public boolean
# isTrustedPhpFunction( string $function_name, object $compiler )

Check if PHP function is trusted.

Check if PHP function is trusted.

Parameters

$function_name
string
$function_name
$compiler
object
$compiler compiler object

Returns

boolean
true if function is trusted

Throws

SmartyCompilerException
if php function is not trusted
public boolean
# isTrustedStaticClass( string $class_name, object $compiler, mixed $method = false )

Check if static class is trusted.

Check if static class is trusted.

Parameters

$class_name
string
$class_name
$compiler
object
$compiler compiler object
$method

Returns

boolean
true if class is trusted

Throws

SmartyCompilerException
if static class is not trusted
public boolean
# isTrustedPhpModifier( string $modifier_name, object $compiler )

Check if PHP modifier is trusted.

Check if PHP modifier is trusted.

Parameters

$modifier_name
string
$modifier_name
$compiler
object
$compiler compiler object

Returns

boolean
true if modifier is trusted

Throws

SmartyCompilerException
if modifier is not trusted
public boolean
# isTrustedTag( string $tag_name, object $compiler )

Check if tag is trusted.

Check if tag is trusted.

Parameters

$tag_name
string
$tag_name
$compiler
object
$compiler compiler object

Returns

boolean
true if tag is trusted

Throws

SmartyCompilerException
if modifier is not trusted
public boolean
# isTrustedModifier( string $modifier_name, object $compiler )

Check if modifier plugin is trusted.

Check if modifier plugin is trusted.

Parameters

$modifier_name
string
$modifier_name
$compiler
object
$compiler compiler object

Returns

boolean
true if tag is trusted

Throws

SmartyCompilerException
if modifier is not trusted
public boolean
# isTrustedStream( string $stream_name )

Check if stream is trusted.

Check if stream is trusted.

Parameters

$stream_name
string
$stream_name

Returns

boolean
true if stream is trusted

Throws

SmartyException
if stream is not trusted
public boolean
# isTrustedResourceDir( string $filepath )

Check if directory of file resource is trusted.

Check if directory of file resource is trusted.

Parameters

$filepath
string
$filepath

Returns

boolean
true if directory is trusted

Throws

SmartyException
if directory is not trusted
public boolean
# isTrustedUri( string $uri )

Check if URI (e.g. {fetch} or {html_image}) is trusted

Check if URI (e.g. {fetch} or {html_image}) is trusted

To simplify things, isTrustedUri() resolves all input to "{$PROTOCOL}://{$HOSTNAME}". So "http://username:password@hello.world.example.org:8080/some-path?some=query-string" is reduced to "http://hello.world.example.org" prior to applying the patters from Smarty_Security::$trusted_uri.

Parameters

$uri
string
$uri

Returns

boolean
true if URI is trusted

Throws

SmartyException
if URI is not trusted

Uses

mixed
for list of patterns to match against $uri
public boolean
# isTrustedPHPDir( string $filepath )

Check if directory of file resource is trusted.

Check if directory of file resource is trusted.

Parameters

$filepath
string
$filepath

Returns

boolean
true if directory is trusted

Throws

SmartyException
if PHP directory is not trusted
Properties summary
public integer $php_handling Smarty::PHP_PASSTHRU
#
This determines how Smarty handles "<?php ... ?>" tags in templates. possible values:
  • Smarty::PHP_PASSTHRU -> echo PHP tags as they are
  • Smarty::PHP_QUOTE -> escape tags as entities
  • Smarty::PHP_REMOVE -> remove php tags
  • Smarty::PHP_ALLOW -> execute php tags
This determines how Smarty handles "<?php ... ?>" tags in templates. possible values:
  • Smarty::PHP_PASSTHRU -> echo PHP tags as they are
  • Smarty::PHP_QUOTE -> escape tags as entities
  • Smarty::PHP_REMOVE -> remove php tags
  • Smarty::PHP_ALLOW -> execute php tags
protected array $secure_dir array()
#

This is the list of template directories that are considered secure. $template_dir is in this list implicitly.

This is the list of template directories that are considered secure. $template_dir is in this list implicitly.

public array $trusted_dir array()
#

This is an array of directories where trusted php scripts reside. $security is disabled during their inclusion/execution.

This is an array of directories where trusted php scripts reside. $security is disabled during their inclusion/execution.

protected array $trusted_uri array()
#

List of regular expressions (PCRE) that include trusted URIs

List of regular expressions (PCRE) that include trusted URIs

Used by

Smarty_Security::isTrustedUri()
for list of patterns to match against $uri
protected array $static_classes array( 'waFiles', 'waSystem', 'waContactFields', 'waConfig', 'waUtils', 'waHtmlControl', 'waLog', 'waRequest::file' )
#

This is an array of trusted static classes.

This is an array of trusted static classes.

If empty access to all static classes is allowed. If set to 'none' none is allowed.

protected array $php_functions array( 'eval', 'exec', 'system', 'popen', 'proc_open', 'shell_exec', 'passthru', 'file_put_contents', 'file_get_contents', 'fopen', 'file', 'fwrite', 'fputs', 'copy', 'rename', 'move_uploaded_file', 'link', 'symlink', 'unlink', 'call_user_func', 'call_user_func_array', 'create_function', 'call_user_method', 'call_user_method_array', 'preg_replace_callback', 'wa', 'wa_lambda', 'preg_replace', 'unserialize', 'serialize', 'get_defined_vars', 'get_defined_constants', 'array_map', 'array_walk', 'array_reduce', 'array_filter', 'usort', 'uksort', 'uasort', 'array_diff_uassoc', 'array_diff_ukey', 'array_udiff_assoc', 'array_udiff_uassoc', 'array_udiff', 'array_uintersect_assoc', 'array_uintersect_uassoc', 'array_intersect_uassoc', 'array_intersect_ukey', 'array_uintersect', 'array_walk', 'array_walk_recursive', 'func_get_args', 'func_get_arg', 'class_alias', 'iterator_apply', 'mysql_fetch_object', 'mysqli_fetch_object', 'dom_import_simplexml', 'simplexml_load_string', 'simplexml_load_file', 'spl_autoload_register', 'spl_autoload_call', 'sscanf', 'curl_init' )
#

This is an array of disabled PHP functions.

This is an array of disabled PHP functions.

If empty all functions are allowed. To disable all PHP functions set $php_functions = null.

protected array $php_modifiers array()
#

This is an array of trusted PHP modifiers.

This is an array of trusted PHP modifiers.

If empty all modifiers are allowed. To disable all modifier set $modifiers = null.

protected array $allowed_tags array()
#

This is an array of allowed tags.

This is an array of allowed tags.

If empty no restriction by allowed_tags.

protected array $disabled_tags array( 'setfilter' )
#

This is an array of disabled tags.

This is an array of disabled tags.

If empty no restriction by disabled_tags.

protected array $allowed_modifiers array()
#

This is an array of allowed modifier plugins.

This is an array of allowed modifier plugins.

If empty no restriction by allowed_modifiers.

protected array $disabled_modifiers array()
#

This is an array of disabled modifier plugins.

This is an array of disabled modifier plugins.

If empty no restriction by disabled_modifiers.

protected array $streams array('file')
#

This is an array of trusted streams.

This is an array of trusted streams.

If empty all streams are allowed. To disable all streams set $streams = null.

public boolean $allow_constants true
#
  • flag if constants can be accessed from template
  • flag if constants can be accessed from template
public boolean $allow_super_globals true
#
  • flag if super globals can be accessed from template
  • flag if super globals can be accessed from template
protected array $_resource_dir null
#

Cache for $resource_dir lookups

Cache for $resource_dir lookups

protected array $_template_dir null
#

Cache for $template_dir lookups

Cache for $template_dir lookups

protected array $_config_dir null
#

Cache for $config_dir lookups

Cache for $config_dir lookups

protected array $_secure_dir null
#

Cache for $secure_dir lookups

Cache for $secure_dir lookups

protected array $_php_resource_dir null
#

Cache for $php_resource_dir lookups

Cache for $php_resource_dir lookups

protected array $_trusted_dir null
#

Cache for $trusted_dir lookups

Cache for $trusted_dir lookups

My fork of Webasyst Framework API documentation generated by ApiGen 2.8.0