Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.

smarty.inc.php 3.4KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687
  1. <?php
  2. require_once(dirname(__FILE__) . '/smarty/libs/Autoloader.php');
  3. Smarty_Autoloader::register();
  4. /**
  5. * Turn on sanitisation of all data by default so it's not possible for XSS flaws to occur in PFA
  6. */
  7. class PFASmarty {
  8. protected $template = null;
  9. public function __construct() {
  10. $this->template = new Smarty();
  11. //$this->template->debugging = true;
  12. $incpath = dirname(__FILE__);
  13. $this->template->setTemplateDir(dirname(__FILE__) . '/templates');
  14. $this->template->setCompileDir(dirname(__FILE__) . '/templates_c');
  15. $this->template->setConfigDir(dirname(__FILE__) . '/configs');
  16. }
  17. public function assign($key, $value, $sanitise = true) {
  18. $this->template->assign("RAW_$key", $value);
  19. if($sanitise == false) {
  20. return $this->template->assign($key, $value);
  21. }
  22. $clean = $this->sanitise($value);
  23. /* we won't run the key through sanitise() here... some might argue we should */
  24. return $this->template->assign($key, $clean);
  25. }
  26. public function display($template) {
  27. header ("Expires: Sun, 16 Mar 2003 05:00:00 GMT");
  28. header ("Last-Modified: " . gmdate ("D, d M Y H:i:s") . " GMT");
  29. header ("Cache-Control: no-store, no-cache, must-revalidate");
  30. header ("Cache-Control: post-check=0, pre-check=0", false);
  31. header ("Pragma: no-cache");
  32. header ("Content-Type: text/html; charset=UTF-8");
  33. $this->template->display($template);
  34. unset($_SESSION['flash']); # cleanup flash messages
  35. }
  36. /**
  37. * Recursive cleaning of data, using htmlentities - this assumes we only ever output to HTML and we're outputting in UTF-8 charset
  38. *
  39. * @param mixed $data - array or primitive type; objects not supported.
  40. * @return mixed $data
  41. * */
  42. public function sanitise($data) {
  43. if(!is_array($data)) {
  44. return htmlentities($data, ENT_QUOTES, 'UTF-8', false);
  45. }
  46. if(is_array($data)) {
  47. $clean = array();
  48. foreach($data as $key => $value) {
  49. /* as this is a nested data structure it's more likely we'll output the key too (at least in my opinion, so we'll sanitise it too */
  50. $clean[$this->sanitise($key)] = $this->sanitise($value);
  51. }
  52. return $clean;
  53. }
  54. }
  55. }
  56. $smarty = new PFASmarty();
  57. if (!isset($rel_path)) $rel_path = ''; # users/* sets this to '../'
  58. $CONF['theme_css'] = $rel_path . htmlentities($CONF['theme_css']);
  59. if (!empty($CONF['theme_custom_css'])) $CONF['theme_custom_css'] = $rel_path . htmlentities($CONF['theme_custom_css']);
  60. $CONF['theme_logo'] = $rel_path . htmlentities($CONF['theme_logo']);
  61. $smarty->assign ('CONF', $CONF);
  62. $smarty->assign ('PALANG', $PALANG);
  63. $smarty->assign('url_domain', '');
  64. //*** footer.tpl
  65. $smarty->assign ('version', $version);
  66. //*** menu.tpl
  67. $smarty->assign ('boolconf_alias_domain', Config::bool('alias_domain'));
  68. $smarty->assign ('authentication_has_role', array ('global_admin' => authentication_has_role ('global-admin'), 'admin' => authentication_has_role ('admin'), 'user' => authentication_has_role ('user')));
  69. function eval_size ($aSize) {
  70. if ($aSize == 0) {$ret_val = Config::Lang('pOverview_unlimited'); }
  71. elseif ($aSize < 0) {$ret_val = Config::Lang('pOverview_disabled'); }
  72. else {$ret_val = $aSize; }
  73. return $ret_val;
  74. }
  75. /* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
  76. ?>