This class does contain the security settings
isTrustedModifier(string $modifier_name, object $compiler) : boolean
string
object
compiler object
\SmartyCompilerException |
if modifier is not trusted |
---|
boolean
true if tag is trustedisTrustedPHPDir(string $filepath) : boolean
string
\SmartyException |
if PHP directory is not trusted |
---|
boolean
true if directory is trustedisTrustedPhpFunction(string $function_name, object $compiler) : boolean
string
object
compiler object
\SmartyCompilerException |
if php function is not trusted |
---|
boolean
true if function is trustedisTrustedPhpModifier(string $modifier_name, object $compiler) : boolean
string
object
compiler object
\SmartyCompilerException |
if modifier is not trusted |
---|
boolean
true if modifier is trustedisTrustedResourceDir(string $filepath) : boolean
string
\SmartyException |
if directory is not trusted |
---|
boolean
true if directory is trustedisTrustedStaticClass(string $class_name, object $compiler) : boolean
string
object
compiler object
\SmartyCompilerException |
if static class is not trusted |
---|
boolean
true if class is trustedisTrustedStream(string $stream_name) : boolean
string
\SmartyException |
if stream is not trusted |
---|
boolean
true if stream is trustedisTrustedTag(string $tag_name, object $compiler) : boolean
string
object
compiler object
\SmartyCompilerException |
if modifier is not trusted |
---|
boolean
true if tag is trustedisTrustedUri(string $uri) : boolean
{fetch} or {html_image}) is trusted
To simplify things, isTrustedUri() resolves all input to "{$PROTOCOL}://{$HOSTNAME}". So "http://username:password@hello.world.example.org:8080/some-path?some=query-string" is reduced to "http://hello.world.example.org" prior to applying the patters from $trusted_uri.
uses | for list of patterns to match against $uri |
---|
string
\SmartyException |
if URI is not trusted |
---|
boolean
true if URI is trusted$allow_constants : boolean
$allow_super_globals : boolean
$allowed_modifiers : array
If empty no restriction by allowed_modifiers.
$disabled_modifiers : array
If empty no restriction by disabled_modifiers.
$php_functions : array
If empty all functions are allowed. To disable all PHP functions set $php_functions = null.
$php_handling : integer
.. ?>" tags in templates. possible values:
$php_modifiers : array
If empty all modifiers are allowed. To disable all modifier set $modifiers = null.
$secure_dir : array
$template_dir is in this list implicitly.
$static_classes : array
If empty access to all static classes is allowed. If set to 'none' none is allowed.
$streams : array
If empty all streams are allowed. To disable all streams set $streams = null.
$trusted_dir : array
$security is disabled during their inclusion/execution.
$trusted_uri : array
$_config_dir : array
$_php_resource_dir : array
$_resource_dir : array
$_secure_dir : array
$_template_dir : array
$_trusted_dir : array