robin.thoni
/
docker-mx-server
Watch 1
Star 0
Fork 0
Code Issues 2 Pull Requests 0 Releases 12 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
43 Commits
3 Branches
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
docker-mx-server/postfixadmin/postfixadmin-3.2.2/lib/smarty.inc.php

smarty.inc.php 4.0KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104 
  1. <?php

  2. 

  3. require_once(dirname(__FILE__) . '/smarty/libs/Autoloader.php');

  4. Smarty_Autoloader::register();

  5. 

  6. /**

  7.  * Turn on sanitisation of all data by default so it's not possible for XSS flaws to occur in PFA

  8.  */

  9. class PFASmarty {

  10.     protected $template = null;

  11.     public function __construct() {

  12.         $this->template = new Smarty();

  13. 

  14.         //$this->template->debugging = true;

  15.         $this->template->setTemplateDir(dirname(__FILE__) . '/../templates');

  16. 

  17.         // if it's not present or writeable, smarty should just not cache.

  18.         $templates_c = dirname(__FILE__) . '/../templates_c';

  19.         if (is_dir($templates_c) && is_writeable($templates_c)) {

  20.             $this->template->setCompileDir($templates_c);

  21.         } else {

  22.             # unfortunately there's no sane way to just disable compiling of templates

  23.             clearstatcache(); // just incase someone just fixed it; on their next refresh it should work.

  24.             error_log("ERROR: directory $templates_c doesn't exist or isn't writeable for the webserver");

  25.             die("ERROR: the templates_c directory doesn't exist or isn't writeable for the webserver");

  26.         }

  27. 

  28.         $this->template->setConfigDir(dirname(__FILE__) . '/../configs');

  29.     }

  30. 

  31.     public function assign($key, $value, $sanitise = true) {

  32.         $this->template->assign("RAW_$key", $value);

  33.         if ($sanitise == false) {

  34.             return $this->template->assign($key, $value);

  35.         }

  36.         $clean = $this->sanitise($value);

  37.         /* we won't run the key through sanitise() here... some might argue we should */

  38.         return $this->template->assign($key, $clean);

  39.     }

  40. 

  41.     public function display($template) {

  42.         header("Expires: Sun, 16 Mar 2003 05:00:00 GMT");

  43.         header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");

  44.         header("Cache-Control: no-store, no-cache, must-revalidate");

  45.         header("Cache-Control: post-check=0, pre-check=0", false);

  46.         header("Pragma: no-cache");

  47.         header("Content-Type: text/html; charset=UTF-8");

  48. 

  49.         $this->template->display($template);

  50.         unset($_SESSION['flash']); # cleanup flash messages

  51.     }

  52.     /**

  53.      * Recursive cleaning of data, using htmlentities - this assumes we only ever output to HTML and we're outputting in UTF-8 charset

  54.      *

  55.      * @param mixed $data - array or primitive type; objects not supported.

  56.      * @return mixed $data

  57.      * */

  58.     public function sanitise($data) {

  59.         if (!is_array($data)) {

  60.             return htmlentities($data, ENT_QUOTES, 'UTF-8', false);

  61.         }

  62.         if (is_array($data)) {

  63.             $clean = array();

  64.             foreach ($data as $key => $value) {

  65.                 /* as this is a nested data structure it's more likely we'll output the key too (at least in my opinion, so we'll sanitise it too */

  66.                 $clean[$this->sanitise($key)] = $this->sanitise($value);

  67.             }

  68.             return $clean;

  69.         }

  70.     }

  71. }

  72. $smarty = new PFASmarty();

  73. 

  74. if (!isset($rel_path)) {

  75.     $rel_path = '';

  76. } # users/* sets this to '../'

  77. 

  78. $CONF['theme_css']  = $rel_path . htmlentities($CONF['theme_css']);

  79. if (!empty($CONF['theme_custom_css'])) {

  80.     $CONF['theme_custom_css']  = $rel_path . htmlentities($CONF['theme_custom_css']);

  81. }

  82. $CONF['theme_logo'] = $rel_path . htmlentities($CONF['theme_logo']);

  83. 

  84. $smarty->assign('CONF', $CONF);

  85. $smarty->assign('PALANG', $PALANG);

  86. $smarty->assign('url_domain', '');

  87. //*** footer.tpl

  88. $smarty->assign('version', $version);

  89. 

  90. //*** menu.tpl

  91. $smarty->assign('boolconf_alias_domain', Config::bool('alias_domain'));

  92. $smarty->assign('authentication_has_role', array('global_admin' => authentication_has_role('global-admin'), 'admin' => authentication_has_role('admin'), 'user' => authentication_has_role('user')));

  93. 

  94. function eval_size($aSize) {

  95.     if ($aSize == 0) {

  96.         $ret_val = Config::Lang('pOverview_unlimited');

  97.     } elseif ($aSize < 0) {

  98.         $ret_val = Config::Lang('pOverview_disabled');

  99.     } else {

  100.         $ret_val = $aSize;

  101.     }

  102.     return $ret_val;

  103. }

  104. /* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */