This class does contain the security settings

 Methods

__construct()

__construct(\Smarty $smarty) 

Parameters

$smarty

\Smarty

Check if modifier plugin is trusted.

isTrustedModifier(string $modifier_name, object $compiler) : boolean

Parameters

$modifier_name

string

$compiler

object

compiler object

Exceptions

\SmartyCompilerException if modifier is not trusted

Returns

booleantrue if tag is trusted

Check if directory of file resource is trusted.

isTrustedPHPDir(string $filepath) : boolean

Parameters

$filepath

string

Exceptions

\SmartyException if PHP directory is not trusted

Returns

booleantrue if directory is trusted

Check if PHP function is trusted.

isTrustedPhpFunction(string $function_name, object $compiler) : boolean

Parameters

$function_name

string

$compiler

object

compiler object

Exceptions

\SmartyCompilerException if php function is not trusted

Returns

booleantrue if function is trusted

Check if PHP modifier is trusted.

isTrustedPhpModifier(string $modifier_name, object $compiler) : boolean

Parameters

$modifier_name

string

$compiler

object

compiler object

Exceptions

\SmartyCompilerException if modifier is not trusted

Returns

booleantrue if modifier is trusted

Check if directory of file resource is trusted.

isTrustedResourceDir(string $filepath) : boolean

Parameters

$filepath

string

Exceptions

\SmartyException if directory is not trusted

Returns

booleantrue if directory is trusted

Check if static class is trusted.

isTrustedStaticClass(string $class_name, object $compiler) : boolean

Parameters

$class_name

string

$compiler

object

compiler object

Exceptions

\SmartyCompilerException if static class is not trusted

Returns

booleantrue if class is trusted

Check if stream is trusted.

isTrustedStream(string $stream_name) : boolean

Parameters

$stream_name

string

Exceptions

\SmartyException if stream is not trusted

Returns

booleantrue if stream is trusted

Check if tag is trusted.

isTrustedTag(string $tag_name, object $compiler) : boolean

Parameters

$tag_name

string

$compiler

object

compiler object

Exceptions

\SmartyCompilerException if modifier is not trusted

Returns

booleantrue if tag is trusted

Check if URI (e.g.

isTrustedUri(string $uri) : boolean

{fetch} or {html_image}) is trusted

To simplify things, isTrustedUri() resolves all input to "{$PROTOCOL}://{$HOSTNAME}". So "http://username:password@hello.world.example.org:8080/some-path?some=query-string" is reduced to "http://hello.world.example.org" prior to applying the patters from $trusted_uri.

uses for list of patterns to match against $uri

Parameters

$uri

string

Exceptions

\SmartyException if URI is not trusted

Returns

booleantrue if URI is trusted

 Properties

 

$allow_constants : boolean
 

$allow_super_globals : boolean
 

$allowed_modifiers : array

If empty no restriction by allowed_modifiers.

 

$allowed_tags : array

If empty no restriction by allowed_tags.

 

$disabled_modifiers : array

If empty no restriction by disabled_modifiers.

 

$disabled_tags : array

If empty no restriction by disabled_tags.

 

$php_functions : array

If empty all functions are allowed. To disable all PHP functions set $php_functions = null.

 

$php_handling : integer

.. ?>" tags in templates. possible values:

  • Smarty::PHP_PASSTHRU -> echo PHP tags as they are
  • Smarty::PHP_QUOTE -> escape tags as entities
  • Smarty::PHP_REMOVE -> remove php tags
  • Smarty::PHP_ALLOW -> execute php tags
 

$php_modifiers : array

If empty all modifiers are allowed. To disable all modifier set $modifiers = null.

 

$secure_dir : array

$template_dir is in this list implicitly.

 

$static_classes : array

If empty access to all static classes is allowed. If set to 'none' none is allowed.

 

$streams : array

If empty all streams are allowed. To disable all streams set $streams = null.

 

$trusted_dir : array

$security is disabled during their inclusion/execution.

 

$trusted_uri : array
 

$_config_dir : array
 

$_php_resource_dir : array
 

$_resource_dir : array
 

$_secure_dir : array
 

$_template_dir : array
 

$_trusted_dir : array