Обновление WebAsyst 1.8.2.218 от 5 марта 2018 года - ошибка после установки на Магазин 6.3 Есть решение

Обновление WebAsyst 1.8.2.218 от 5 марта 2018 года - ошибка после установки на Магазин 6.3:

При входе в панель администрирования - полосатый экран и ошибка 0

В логах:

2018-03-05 16:01:49 193.200.205.135

Uncaught exception SmartyCompilerException:

Syntax Error in template "/home/salfetki/domains/salfetki.kiev.ua/public_html/wa-apps/shop/templates/actions/order/Order.html" on line 399 "{$pl = shopPayment::getPluginInfo($_tmp[0])}" access to static method 'shopPayment::getPluginInfo($_smarty_tpl->tpl_vars['_tmp']->value[0])' not allowed by security setting (0)

#0 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/vendors/smarty3/sysplugins/smarty_security.php(289): Smarty_Internal_TemplateCompilerBase->trigger_template_error('access to stati...')

#1 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/vendors/smarty3/sysplugins/smarty_internal_templateparser.php(2683): Smarty_Security->isTrustedStaticClass('shopPayment', Object(Smarty_Internal_SmartyTemplateCompiler), 'getPluginInfo($...')

#2 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/vendors/smarty3/sysplugins/smarty_internal_templateparser.php(3101): Smarty_Internal_Templateparser->yy_r118()

#3 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/vendors/smarty3/sysplugins/smarty_internal_templateparser.php(3201): Smarty_Internal_Templateparser->yy_reduce(118)

#4 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/vendors/smarty3/sysplugins/smarty_internal_smartytemplatecompiler.php(105): Smarty_Internal_Templateparser->doParse(17, '}')

#5 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/vendors/smarty3/sysplugins/smarty_internal_templatecompilerbase.php(206): Smarty_Internal_SmartyTemplateCompiler->doCompile('{if empty($orde...')

#6 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/vendors/smarty3/sysplugins/smarty_internal_template.php(187): Smarty_Internal_TemplateCompilerBase->compileTemplate(Object(Smarty_Internal_Template))

#7 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/vendors/smarty3/sysplugins/smarty_internal_templatebase.php(155): Smarty_Internal_Template->compileTemplateSource()

#8 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/view/waSmarty3View.class.php(117): Smarty_Internal_TemplateBase->fetch('templates/actio...', NULL)

#9 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/controller/waViewAction.class.php(171): waSmarty3View->fetch('templates/actio...', NULL)

#10 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/controller/waViewController.class.php(86): waViewAction->display()

#11 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/controller/waDefaultViewController.class.php(48): waViewController->executeAction(Object(shopOrderAction))

#12 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/controller/waController.class.php(21): waDefaultViewController->execute()

#13 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/controller/waViewController.class.php(46): waController->run(NULL)

#14 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/controller/waFrontController.class.php(229): waViewController->run(NULL)

#15 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/controller/waFrontController.class.php(164): waFrontController->runController(Object(waDefaultViewController), NULL)

#16 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/controller/waFrontController.class.php(58): waFrontController->execute(NULL, 'order', NULL)

#17 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/waSystem.class.php(562): waFrontController->dispatch()

#18 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/waSystem.class.php(485): waSystem->dispatchBackend('webasyst/shop/')

#19 /home/salfetki/domains/salfetki.kiev.ua/public_html/index.php(7): waSystem->dispatch()

#20 {main}


5 ответов

  • 1
    Антон 5 марта 2018 17:11 #

    Что можно сделать оперативно с этим?

    При попытке просмотреть заказы в админке выдает ошибку:<h2 id="Title" style="margin-bottom: 0.3em; font-size: 1.35em; font-family: "Helvetica Neue", "Liberation Sans", Arial, sans-serif; line-height: 1.2em; background-color: rgb(255, 255, 255);">Syntax Error in template "/home/salfetki/domains/salfetki.kiev.ua/public_html/wa-apps/shop/templates/actions/order/Order.html" on line 399 "{$pl = shopPayment::getPluginInfo($_tmp[0])}" access to static method 'shopPayment::getPluginInfo($_smarty_tpl->tpl_vars['_tmp']->value[0])' not allowed by security setting code 0</h2>


  • 1
    Антон 5 марта 2018 17:12 #

    вот полный текст:

    ## wa-system/waSystem.class.php(499)
    #0 index.php(7): waSystem->dispatch()
    #1 {main}
    
    Next SmartyCompilerException with message 'Syntax Error in template "/home/salfetki/domains/salfetki.kiev.ua/public_html/wa-apps/shop/templates/actions/order/Order.html"  on line 399 "{$pl = shopPayment::getPluginInfo($_tmp[0])}" access to static method 'shopPayment::getPluginInfo($_smarty_tpl->tpl_vars['_tmp']->value[0])' not allowed by security setting':
    ## wa-system/vendors/smarty3/sysplugins/smarty_internal_templatecompilerbase.php(667)
    #0 wa-system/vendors/smarty3/sysplugins/smarty_security.php(289): Smarty_Internal_TemplateCompilerBase->trigger_template_error('access to stati...')
    #1 wa-system/vendors/smarty3/sysplugins/smarty_internal_templateparser.php(2683): Smarty_Security->isTrustedStaticClass('shopPayment', Object(Smarty_Internal_SmartyTemplateCompiler), 'getPluginInfo($...')
    #2 wa-system/vendors/smarty3/sysplugins/smarty_internal_templateparser.php(3101): Smarty_Internal_Templateparser->yy_r118()
    #3 wa-system/vendors/smarty3/sysplugins/smarty_internal_templateparser.php(3201): Smarty_Internal_Templateparser->yy_reduce(118)
    #4 wa-system/vendors/smarty3/sysplugins/smarty_internal_smartytemplatecompiler.php(105): Smarty_Internal_Templateparser->doParse(17, '}')
    #5 wa-system/vendors/smarty3/sysplugins/smarty_internal_templatecompilerbase.php(206): Smarty_Internal_SmartyTemplateCompiler->doCompile('{if empty($orde...')
    #6 wa-system/vendors/smarty3/sysplugins/smarty_internal_template.php(187): Smarty_Internal_TemplateCompilerBase->compileTemplate(Object(Smarty_Internal_Template))
    #7 wa-system/vendors/smarty3/sysplugins/smarty_internal_templatebase.php(155): Smarty_Internal_Template->compileTemplateSource()
    #8 wa-system/view/waSmarty3View.class.php(117): Smarty_Internal_TemplateBase->fetch('templates/actio...', NULL)
    #9 wa-system/controller/waViewAction.class.php(171): waSmarty3View->fetch('templates/actio...', NULL)
    #10 wa-system/controller/waViewController.class.php(86): waViewAction->display()
    #11 wa-system/controller/waDefaultViewController.class.php(48): waViewController->executeAction(Object(shopOrderAction))
    #12 wa-system/controller/waController.class.php(21): waDefaultViewController->execute()
    #13 wa-system/controller/waViewController.class.php(46): waController->run(NULL)
    #14 wa-system/controller/waFrontController.class.php(229): waViewController->run(NULL)
    #15 wa-system/controller/waFrontController.class.php(164): waFrontController->runController(Object(waDefaultViewController), NULL)
    #16 wa-system/controller/waFrontController.class.php(58): waFrontController->execute(NULL, 'order', NULL)
    #17 wa-system/waSystem.class.php(562): waFrontController->dispatch()
    #18 wa-system/waSystem.class.php(485): waSystem->dispatchBackend('webasyst/shop/')
    #19 index.php(7): waSystem->dispatch()
    #20 {main}
    <h3 style="margin-bottom: 0.3em; font-size: 1.05em; font-family: "Helvetica Neue", "Liberation Sans", Arial, sans-serif; line-height: 1.2em;">/home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/waSystem.class.php around line 499</h3>
    494	                $log[] = $e instanceof waException ? $e->getFullTraceAsString() : $e->getTraceAsString();
       495	                waLog::log(join("\n", $log));
       496	            }
       497	            if (class_exists('waException')) {
       498	                if (!$e instanceof waException) {
     >>499	                    $e = new waException($e->getMessage(), $e->getCode(), $e);
       500	                }
       501	                $e->sendResponseCode();
       502	            }
       503	            print $e;
       504	        }
    <h2 style="margin-bottom: 0.3em; font-size: 1.35em; font-family: "Helvetica Neue", "Liberation Sans", Arial, sans-serif; line-height: 1.2em;">GET</h2>
    array(
      'module' => 'order',
      'id' => ' 19932',
      'state_id' => 'new',
      '_' => '1520258958490',
    )
    <h2 style="margin-bottom: 0.3em; font-size: 1.35em; font-family: "Helvetica Neue", "Liberation Sans", Arial, sans-serif; line-height: 1.2em;">Params</h2>
    array()


  • 1
    Антон 5 марта 2018 17:15 #

    Доп ошибки:

    [05-Mar-2018 16:04:07 Europe/Kiev] PHP Warning:  Invalid argument supplied for foreach() in /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-apps/shop/lib/classes/checkout/shopCheckoutShipping.class.php on line 256
    [05-Mar-2018 16:04:07 Europe/Kiev] PHP Warning: Invalid argument supplied for foreach() in /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-apps/shop/lib/classes/checkout/shopCheckoutShipping.class.php on line 256
    [05-Mar-2018 16:04:35 Europe/Kiev] PHP Warning: Invalid argument supplied for foreach() in /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-apps/shop/lib/classes/checkout/shopCheckoutShipping.class.php on line 256
    [05-Mar-2018 16:04:35 Europe/Kiev] PHP Warning: Invalid argument supplied for foreach() in /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-apps/shop/lib/classes/checkout/shopCheckoutShipping.class.php on line 256
    [05-Mar-2018 16:09:56 Europe/Kiev] PHP Warning: Invalid argument supplied for foreach() in /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-apps/shop/lib/classes/checkout/shopCheckoutShipping.class.php on line 256
    [05-Mar-2018 16:09:56 Europe/Kiev] PHP Warning: Invalid argument supplied for foreach() in /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-apps/shop/lib/classes/checkout/shopCheckoutShipping.class.php on line 256
    [05-Mar-2018 16:10:19 Europe/Kiev] PHP Warning: Invalid argument supplied for foreach() in /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-apps/shop/lib/classes/checkout/shopCheckoutShipping.class.php on line 256

    [05-Mar-2018 16:10:19 Europe/Kiev] PHP Warning: Invalid argument supplied for foreach() in /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-apps/shop/lib/classes/checkout/shopCheckoutShipping.class.php on line 256

  • 1

    Откатите файл до прежнего состояния /wa-system/vendors/smarty3/sysplugins/smarty_security.php

    вот старый код файла:


    <?php
    /**
     * Smarty plugin
     *
     * @package Smarty
     * @subpackage Security
     * @author Uwe Tews
     */
    
    /*
     * FIXME: Smarty_Security API
     *      - getter and setter instead of public properties would allow cultivating an internal cache properly
     *      - current implementation of isTrustedResourceDir() assumes that Smarty::$template_dir and Smarty::$config_dir are immutable
     *        the cache is killed every time either of the variables change. That means that two distinct Smarty objects with differing
     *        $template_dir or $config_dir should NOT share the same Smarty_Security instance,
     *        as this would lead to (severe) performance penalty! how should this be handled?
     */
    
    /**
     * This class does contain the security settings
     */
    class Smarty_Security {
    
        /**
         * This determines how Smarty handles "<?php ... ?>" tags in templates.
         * possible values:
         * <ul>
         *   <li>Smarty::PHP_PASSTHRU -> echo PHP tags as they are</li>
         *   <li>Smarty::PHP_QUOTE    -> escape tags as entities</li>
         *   <li>Smarty::PHP_REMOVE   -> remove php tags</li>
         *   <li>Smarty::PHP_ALLOW    -> execute php tags</li>
         * </ul>
         *
         * @var integer
         */
        public $php_handling = Smarty::PHP_PASSTHRU;
        /**
         * This is the list of template directories that are considered secure.
         * $template_dir is in this list implicitly.
         *
         * @var array
         */
        protected $secure_dir = array();
        /**
         * This is an array of directories where trusted php scripts reside.
         * {@link $security} is disabled during their inclusion/execution.
         *
         * @var array
         */
        public $trusted_dir = array();
        /**
         * List of regular expressions (PCRE) that include trusted URIs
         *
         * @var array
         */
        protected $trusted_uri = array();
        /**
         * This is an array of NOT trusted static classes.
         *
         * If empty access to all static classes is allowed.
         * If set to 'none' none is allowed.
         * @var array
         */
        protected $static_classes = array(
            'waAppConfig',
            'waFiles',
            'waSystem',
            'waContactFields',
            'waConfig',
            'waUtils',
            'waHtmlControl',
            'waLog',
            'waRequest::file',
            'waDbConnector',
        );
        /**
         * This is an array of disabled PHP functions.
         */
        protected $php_functions = array(
            'dl', 'eval', 'exec', 'system', 'popen', 'pclose', 'shell_exec', 'passthru', 'assert', 'assert_options',
            'fopen', 'fwrite', 'fput', 'fputs', 'copy', 'chmod', 'chgrp', 'chown', 'rename',
            'touch', 'tempnam', 'fscanf', 'glob', 'fprintf',
            'lchown', 'lchgrp', 'link', 'symlink', 'unlink', 'realpath', 'scandir', 'opendir', 'rmdir', 'mkdir', 'is_writable',
            'call_user_func', 'call_user_func_array', 'create_function', 'call_user_method', 'call_user_method_array', 'lstat', 'stat',
            'register_shutdown_function', 'register_tick_function', 'set_error_handler', 'set_exception_handler', 'session_set_save_handler',
            'preg_replace_callback', 'wa', 'wa_lambda', 'preg_replace', 'unserialize', 'serialize', 'debug_backtrace', 'get_resources', 'phpinfo',
            'get_defined_vars', 'get_defined_constants', 'getenv', 'putenv', 'get_current_user', 'get_cfg_var',  'pathinfo',
            'disk_free_space', 'disk_total_space', 'diskfreespace', 'getcwd', 'getlastmo', 'gid',
            'array_map', 'array_walk', 'array_reduce', 'array_filter', 'usort', 'uksort', 'uasort', 'array_diff_uassoc', 'array_diff_ukey',
            'array_udiff_assoc', 'array_udiff_uassoc', 'array_udiff', 'array_uintersect_assoc', 'array_uintersect_uassoc',
            'array_intersect_uassoc', 'array_intersect_ukey', 'extract', 'parse_str',
            'array_uintersect', 'array_walk', 'array_walk_recursive', 'pfsockopen', 'fsockopen',
            'func_get_args', 'func_get_arg', 'class_alias', 'iterator_apply', 'iptcembed',
            'dom_import_simplexml', 'simplexml_load_string', 'show_source', 'php_strip_whitespace', 'get_meta_tags',
            'spl_autoload_register', 'spl_autoload_call', 'sscanf', 'curl_init',
            'debug_backtrace', 'mail', 'mb_send_mail', 'set', 'php_uname',
            //'move_uploaded_file', 'tmpfile', 'highlight_file', 'parse_ini_file', 'simplexml_load_file', 'ini_alter', 'ini_get',
        );
        /**
         * Array of disabled PHP function masks.
         */
        protected $php_function_masks = array(
            '~callback~i',
            '~exif_~i',
            '~(?<!is_)file(?!(mtime|_exists))~i',
            '~^mysql~i',
            '~^gz~i',
            '~^bz~i',
            '~^posix~i',
            '~^pcntl~i',
            '~^ob_~i',
            '~^sqlite~i',
            '~^getmy~i',
            '~^proc_~i',
            '~^apache_~i',
            '~^image~i',
            '~^ftp_~i',
            '~^read~i',
            '~^curl_~i',
            '~^stream~i',
            '~^ini_~i',
            '~^xmlrpc_~i',
            '~^mb_ereg~i',
        );
        /**
         * This is an array of trusted PHP modifiers.
         *
         * If empty all modifiers are allowed.
         * To disable all modifier set $modifiers = null.
         * @var array
         */
        protected $php_modifiers = array();
        /**
         * This is an array of allowed tags.
         *
         * If empty no restriction by allowed_tags.
         * @var array
         */
        protected $allowed_tags = array();
        /**
         * This is an array of disabled tags.
         *
         * If empty no restriction by disabled_tags.
         * @var array
         */
        protected $disabled_tags = array(
            'setfilter'
        );
        /**
         * This is an array of allowed modifier plugins.
         *
         * If empty no restriction by allowed_modifiers.
         * @var array
         */
        protected $allowed_modifiers = array();
        /**
         * This is an array of disabled modifier plugins.
         *
         * If empty no restriction by disabled_modifiers.
         * @var array
         */
        protected $disabled_modifiers = array();
        /**
         * This is an array of trusted streams.
         *
         * If empty all streams are allowed.
         * To disable all streams set $streams = null.
         * @var array
         */
        protected $streams = array('file');
        /**
         * + flag if constants can be accessed from template
         * @var boolean
         */
        public $allow_constants = true;
        /**
         * + flag if super globals can be accessed from template
         * @var boolean
         */
        public $allow_super_globals = true;
    
        /**
         * Cache for $resource_dir lookups
         * @var array
         */
        protected $_resource_dir = null;
        /**
         * Cache for $template_dir lookups
         * @var array
         */
        protected $_template_dir = null;
        /**
         * Cache for $config_dir lookups
         * @var array
         */
        protected $_config_dir = null;
        /**
         * Cache for $secure_dir lookups
         * @var array
         */
        protected $_secure_dir = null;
        /**
         * Cache for $php_resource_dir lookups
         * @var array
         */
        protected $_php_resource_dir = null;
        /**
         * Cache for $trusted_dir lookups
         * @var array
         */
        protected $_trusted_dir = null;
    
    
        /**
         * @param Smarty $smarty
         */
        public function __construct($smarty)
        {
            $this->smarty = $smarty;
            $this->static_classes = array_map('strtolower', $this->static_classes);
        }
    
        /**
         * Check if PHP function is trusted.
         *
         * @param string $function_name
         * @param object $compiler compiler object
         * @return boolean true if function is trusted
         * @throws SmartyCompilerException if php function is not trusted
         */
        public function isTrustedPhpFunction($function_name, $compiler)
        {
            $unsafe = in_array($function_name, $this->php_functions);
            if (!$unsafe) {
                foreach($this->php_function_masks as $mask) {
                    if (preg_match($mask, $function_name)) {
                        $unsafe = true;
                        break;
                    }
                }
            }
    
            if ($unsafe) {
                $compiler->trigger_template_error("PHP function '{$function_name}' not allowed by security setting");
                return false;
            }
    
            return true;
        }
    
        /**
         * Check if static class is trusted.
         *
         * @param string $class_name
         * @param object $compiler compiler object
         * @return boolean true if class is trusted
         * @throws SmartyCompilerException if static class is not trusted
         */
        public function isTrustedStaticClass($class_name, $compiler, $method = false)
        {
            $orig_class_name = $class_name;
            $class_name = strtolower($class_name);
            $method = substr(strtolower($method), 0, strpos($method, '('));
            if (in_array($class_name, $this->static_classes) || in_array($class_name.'::'.$method, $this->static_classes)
                || substr($class_name, 0, 7) == 'smarty_') {
                $compiler->trigger_template_error("access to static class '{$orig_class_name}' not allowed by security setting");
                return false;
            }
    
            if ($method == 'getactive' || $method == 'getappconfig' || $method == 'setdebug' || $method == 'systemoption') {
                $compiler->trigger_template_error("access to static class '{$orig_class_name}' not allowed by security setting");
                return false;
            }
    
            return true;
        }
    
    
        /**
         * Check if PHP modifier is trusted.
         *
         * @param string $modifier_name
         * @param object $compiler compiler object
         * @return boolean true if modifier is trusted
         * @throws SmartyCompilerException if modifier is not trusted
         */
        public function isTrustedPhpModifier($modifier_name, $compiler)
        {
            if (!$this->isTrustedPhpFunction($modifier_name, $compiler)) {
                $compiler->trigger_template_error("modifier '{$modifier_name}' not allowed by security setting");
                return false; // should not, but who knows what happens to the compiler in the future?
            }
    
            if (isset($this->php_modifiers) && (empty($this->php_modifiers) || in_array($modifier_name, $this->php_modifiers))) {
                return true;
            }
    
            $compiler->trigger_template_error("modifier '{$modifier_name}' not allowed by security setting");
            return false; // should not, but who knows what happens to the compiler in the future?
        }
    
        /**
         * Check if tag is trusted.
         *
         * @param string $tag_name
         * @param object $compiler compiler object
         * @return boolean true if tag is trusted
         * @throws SmartyCompilerException if modifier is not trusted
         */
        public function isTrustedTag($tag_name, $compiler)
        {
            // check for internal always required tags
            if (in_array($tag_name, array('assign', 'call', 'private_filter', 'private_block_plugin', 'private_function_plugin', 'private_object_block_function',
                        'private_object_function', 'private_registered_function', 'private_registered_block', 'private_special_variable', 'private_print_expression', 'private_modifier'))) {
                return true;
            }
            // check security settings
            if (empty($this->allowed_tags)) {
                if (empty($this->disabled_tags) || !in_array($tag_name, $this->disabled_tags)) {
                    return true;
                } else {
                    $compiler->trigger_template_error("tag '{$tag_name}' disabled by security setting", $compiler->lex->taglineno);
                }
            } else if (in_array($tag_name, $this->allowed_tags) && !in_array($tag_name, $this->disabled_tags)) {
                return true;
            } else {
                $compiler->trigger_template_error("tag '{$tag_name}' not allowed by security setting", $compiler->lex->taglineno);
            }
            return false; // should not, but who knows what happens to the compiler in the future?
        }
    
        /**
         * Check if modifier plugin is trusted.
         *
         * @param string $modifier_name
         * @param object $compiler compiler object
         * @return boolean true if tag is trusted
         * @throws SmartyCompilerException if modifier is not trusted
         */
        public function isTrustedModifier($modifier_name, $compiler)
        {
            // check for internal always allowed modifier
            if (in_array($modifier_name, array('default'))) {
                return true;
            }
            // check security settings
            if (empty($this->allowed_modifiers)) {
                if (empty($this->disabled_modifiers) || !in_array($modifier_name, $this->disabled_modifiers)) {
                    return true;
                } else {
                    $compiler->trigger_template_error("modifier '{$modifier_name}' disabled by security setting", $compiler->lex->taglineno);
                }
            } else if (in_array($modifier_name, $this->allowed_modifiers) && !in_array($modifier_name, $this->disabled_modifiers)) {
                return true;
            } else {
                $compiler->trigger_template_error("modifier '{$modifier_name}' not allowed by security setting", $compiler->lex->taglineno);
            }
            return false; // should not, but who knows what happens to the compiler in the future?
        }
    
        /**
         * Check if stream is trusted.
         *
         * @param string $stream_name
         * @return boolean true if stream is trusted
         * @throws SmartyException if stream is not trusted
         */
        public function isTrustedStream($stream_name)
        {
            if (isset($this->streams) && (empty($this->streams) || in_array($stream_name, $this->streams))) {
                return true;
            }
    
            throw new SmartyException("stream '{$stream_name}' not allowed by security setting");
        }
    
        /**
         * Check if directory of file resource is trusted.
         *
         * @param string $filepath
         * @return boolean true if directory is trusted
         * @throws SmartyException if directory is not trusted
         */
        public function isTrustedResourceDir($filepath)
        {
            if (substr($filepath, -4) == '.php') {
                throw new SmartyException("file '".basename($filepath)."' not allowed by security setting");
            }
            $config_path = waConfig::get('wa_path_config');
    
            $_filepath = realpath($filepath);
            $directory = dirname($_filepath);
            while (true) {
                if ($directory == $config_path) {
                    throw new SmartyException("directory '{$_filepath}' not allowed by security setting");
                    return false;
                }
                // abort if we've reached root
                if (($pos = strrpos($directory, DS)) === false || !isset($directory[1])) {
                    break;
                }
                // bubble up one level
                $directory = substr($directory, 0, $pos);
            }
        }
    
        /**
         * Check if URI (e.g. {fetch} or {html_image}) is trusted
         *
         * To simplify things, isTrustedUri() resolves all input to "{$PROTOCOL}://{$HOSTNAME}".
         * So "http://username:password@hello.world.example.org:8080/some-path?some=query-string"
         * is reduced to "http://hello.world.example.org" prior to applying the patters from {@link $trusted_uri}.
         * @param string $uri
         * @return boolean true if URI is trusted
         * @throws SmartyException if URI is not trusted
         * @uses $trusted_uri for list of patterns to match against $uri
         */
        public function isTrustedUri($uri)
        {
            $_uri = parse_url($uri);
            if (!empty($_uri['scheme']) && !empty($_uri['host'])) {
                $_uri = $_uri['scheme'] . '://' . $_uri['host'];
                foreach ($this->trusted_uri as $pattern) {
                    if (preg_match($pattern, $_uri)) {
                        return true;
                    }
                }
            }
    
            throw new SmartyException("URI '{$uri}' not allowed by security setting");
        }
    
        /**
         * Check if directory of file resource is trusted.
         *
         * @param string $filepath
         * @return boolean true if directory is trusted
         * @throws SmartyException if PHP directory is not trusted
         */
        public function isTrustedPHPDir($filepath)
        {
            if (empty($this->trusted_dir)) {
                throw new SmartyException("directory '{$filepath}' not allowed by security setting (no trusted_dir specified)");
            }
    
            // check if index is outdated
            if (!$this->_trusted_dir || $this->_trusted_dir !== $this->trusted_dir) {
                $this->_php_resource_dir = array();
    
                $this->_trusted_dir = $this->trusted_dir;
                foreach ((array) $this->trusted_dir as $directory) {
                    $directory = realpath($directory);
                    $this->_php_resource_dir[$directory] = true;
                }
            }
    
            $_filepath = realpath($filepath);
            $directory = dirname($_filepath);
            $_directory = array();
            while (true) {
                // remember the directory to add it to _resource_dir in case we're successful
                $_directory[] = $directory;
                // test if the directory is trusted
                if (isset($this->_php_resource_dir[$directory])) {
                    // merge sub directories of current $directory into _resource_dir to speed up subsequent lookups
                    $this->_php_resource_dir = array_merge($this->_php_resource_dir, $_directory);
                    return true;
                }
                // abort if we've reached root
                if (($pos = strrpos($directory, DS)) === false || !isset($directory[2])) {
                    break;
                }
                // bubble up one level
                $directory = substr($directory, 0, $pos);
            }
    
            throw new SmartyException("directory '{$_filepath}' not allowed by security setting");
        }
    
    }
    
    ?>



Добавить ответ

Чтобы добавить комментарий, зарегистрируйтесь или войдите