|
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
View previous topic :: View next topic |
Author |
Message |
tifster Smarty n00b
Joined: 04 Sep 2003 Posts: 2
|
Posted: Thu Sep 04, 2003 7:27 am Post subject: secure_dir and template_exists |
|
|
It appears that template_exists($file) doesn't implicitly include template_dir in the
secure_dir array. It looks like _is_secure() is where this should be implemented
but isn't.
It's conceivable that I'm doing something wrong, so I'll provide a bit more detail.
I have subclassed Smarty in order to set the parameters I want. I call the Smarty
constructor and then set template_dir to a directory, set security = true, etc. The
comments imply that I shouldn't have to set secure_dir if I just want it to include
the template_dir. Later I call template_exists($file) where $file is a filename that
does exist in the template_dir but it returns false. Investigation revealed that
the cause of this was _is_secure().
--tif |
|
Back to top |
|
boots Administrator
Joined: 16 Apr 2003 Posts: 5611 Location: Toronto, Canada
|
Posted: Thu Sep 04, 2003 7:54 am Post subject: |
|
|
hi tifster,
The manual page for $security says that as well as other limitations imposed when $security = true :
Quote: | - templates can only be included from directories listed in the $secure_dir array
- local files can only be fetched from directories listed in the $secure_dir array using {fetch} |
So yes, the paths must be specified in $secure_dir for Smarty to see them while operating under $security = true.
You can probably get away with something like:
$smarty->secure_dir = $smarty->template_dir;
in your constructor if you intend to set both (for example, if your app needs to switch between modes to handle both trusted and untrusted templates).
HTH |
|
Back to top |
|
messju Administrator
Joined: 16 Apr 2003 Posts: 3336 Location: Oldenburg, Germany
|
Posted: Thu Sep 04, 2003 8:10 am Post subject: Re: secure_dir and template_exists |
|
|
tifster wrote: | The comments imply that I shouldn't have to set secure_dir if I just want it to include the template_dir. |
what kind of comments and where? |
|
Back to top |
|
tifster Smarty n00b
Joined: 04 Sep 2003 Posts: 2
|
Posted: Thu Sep 04, 2003 10:39 am Post subject: Re: secure_dir and template_exists |
|
|
messju wrote: | tifster wrote: | The comments imply that I shouldn't have to set secure_dir if I just want it to include the template_dir. |
what kind of comments and where? |
In Smarty.class.php, just above $secure_dir = array(), it says "{@link $template_dir} is in this list
implicitly." Now that I've looked a little closer, fetch() adds $template_dir to $secure_dir, but it
is possible, and even logical, to ask if template_exists() before running fetch() or display().
--tif |
|
Back to top |
|
messju Administrator
Joined: 16 Apr 2003 Posts: 3336 Location: Oldenburg, Germany
|
Posted: Thu Sep 04, 2003 10:56 am Post subject: |
|
|
i see. thanks for pointing this out. i will fix it. |
|
Back to top |
|
messju Administrator
Joined: 16 Apr 2003 Posts: 3336 Location: Oldenburg, Germany
|
Posted: Sun Oct 12, 2003 10:21 pm Post subject: |
|
|
okay, it's fixed in CVS. template_exists() should work like fetch() now according to security=true and template_dir being automatically a "secure_dir". |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|