diff options
Diffstat (limited to 'libs/Smarty/Smarty_Compiler.class.php')
-rw-r--r-- | libs/Smarty/Smarty_Compiler.class.php | 51 |
1 files changed, 43 insertions, 8 deletions
diff --git a/libs/Smarty/Smarty_Compiler.class.php b/libs/Smarty/Smarty_Compiler.class.php index 2a1fb8630a..f6a278d4a4 100644 --- a/libs/Smarty/Smarty_Compiler.class.php +++ b/libs/Smarty/Smarty_Compiler.class.php @@ -21,7 +21,7 @@ * @link http://smarty.php.net/ * @author Monte Ohrt <monte at ohrt dot com> * @author Andrei Zmievski <andrei@php.net> - * @version 2.6.25 + * @version 2.6.26 * @copyright 2001-2005 New Digital Group, Inc. * @package Smarty */ @@ -2047,27 +2047,57 @@ class Smarty_Compiler extends Smarty { break; case 'get': - $compiled_ref = "\$this->_supers['get']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_GET"; break; case 'post': - $compiled_ref = "\$this->_supers['post']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_POST"; break; case 'cookies': - $compiled_ref = "\$this->_supers['cookies']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_COOKIE"; break; case 'env': - $compiled_ref = "\$this->_supers['env']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_ENV"; break; case 'server': - $compiled_ref = "\$this->_supers['server']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_SERVER"; break; case 'session': - $compiled_ref = "\$this->_supers['session']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_SESSION"; break; /* @@ -2075,8 +2105,13 @@ class Smarty_Compiler extends Smarty { * compiler. */ case 'request': + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } if ($this->request_use_auto_globals) { - $compiled_ref = "\$this->_supers['request']"; + $compiled_ref = "\$_REQUEST"; break; } else { $this->_init_smarty_vars = true; |