Smarty_Security

This class does contain the security settings

• Full name: \Smarty_Security

Properties

secure_dir

This is the list of template directories that are considered secure.

public array $secure_dir

$template_dir is in this list implicitly.

---

trusted_dir

This is an array of directories where trusted php scripts reside.

public array $trusted_dir

{@link $security} is disabled during their inclusion/execution.

---

trusted_uri

List of regular expressions (PCRE) that include trusted URIs

public array $trusted_uri

---

trusted_constants

List of trusted constants names

public array $trusted_constants

---

static_classes

This is an array of trusted static classes.

public array $static_classes

If empty access to all static classes is allowed. If set to 'none' none is allowed.

---

trusted_static_methods

This is an nested array of trusted classes and static methods.

public array $trusted_static_methods

If empty access to all static classes and methods is allowed. Format: array ( 'class_1' => array('method_1', 'method_2'), // allowed methods listed 'class_2' => array(), // all methods of class allowed ) If set to null none is allowed.

---

trusted_static_properties

This is an array of trusted static properties.

public array $trusted_static_properties

If empty access to all static classes and properties is allowed. Format: array ( 'class_1' => array('prop_1', 'prop_2'), // allowed properties listed 'class_2' => array(), // all properties of class allowed ) If set to null none is allowed.

---

php_functions

This is an array of trusted PHP functions.

public array $php_functions

If empty all functions are allowed. To disable all PHP functions set $php_functions = null.

---

php_modifiers

This is an array of trusted PHP modifiers.

public array $php_modifiers

If empty all modifiers are allowed. To disable all modifier set $php_modifiers = null.

---

allowed_tags

This is an array of allowed tags.

public array $allowed_tags

If empty no restriction by allowed_tags.

---

disabled_tags

This is an array of disabled tags.

public array $disabled_tags

If empty no restriction by disabled_tags.

---

allowed_modifiers

This is an array of allowed modifier plugins.

public array $allowed_modifiers

If empty no restriction by allowed_modifiers.

---

disabled_modifiers

This is an array of disabled modifier plugins.

public array $disabled_modifiers

If empty no restriction by disabled_modifiers.

---

disabled_special_smarty_vars

This is an array of disabled special $smarty variables.

public array $disabled_special_smarty_vars

---

streams

This is an array of trusted streams.

public array $streams

If empty all streams are allowed. To disable all streams set $streams = null.

---

allow_constants

• flag if constants can be accessed from template

public bool $allow_constants

---

allow_super_globals

• flag if super globals can be accessed from template

public bool $allow_super_globals

---

max_template_nesting

max template nesting level

public int $max_template_nesting

---

_current_template_nesting

current template nesting level

private int $_current_template_nesting

---

_resource_dir

Cache for $resource_dir lookup

protected array $_resource_dir

---

_template_dir

Cache for $template_dir lookup

protected array $_template_dir

---

_config_dir

Cache for $config_dir lookup

protected array $_config_dir

---

_secure_dir

Cache for $secure_dir lookup

protected array $_secure_dir

---

_php_resource_dir

Cache for $php_resource_dir lookup

protected array $_php_resource_dir

---

_trusted_dir

Cache for $trusted_dir lookup

protected array $_trusted_dir

---

_include_path_status

Cache for include path status

protected bool $_include_path_status

---

_include_dir

Cache for $_include_array lookup

protected array $_include_dir

---

Methods

__construct

public __construct(\Smarty $smarty): mixed

Parameters:

Parameter	Type	Description
$smarty	\Smarty

---

isTrustedPhpFunction

Check if PHP function is trusted.

public isTrustedPhpFunction(string $function_name, object $compiler): bool

• Warning: this method is deprecated. This means that this method will likely be removed in a future version.

Parameters:

Parameter	Type	Description
$function_name	string
$compiler	object	compiler object

Return Value:

true if function is trusted

---

isTrustedStaticClass

Check if static class is trusted.

public isTrustedStaticClass(string $class_name, object $compiler): bool

Parameters:

Parameter	Type	Description
$class_name	string
$compiler	object	compiler object

Return Value:

true if class is trusted

---

isTrustedStaticClassAccess

Check if static class method/property is trusted.

public isTrustedStaticClassAccess(string $class_name, string $params, object $compiler): bool

Parameters:

Parameter	Type	Description
$class_name	string
$params	string
$compiler	object	compiler object

Return Value:

true if class method is trusted

---

isTrustedPhpModifier

Check if PHP modifier is trusted.

public isTrustedPhpModifier(string $modifier_name, object $compiler): bool

• Warning: this method is deprecated. This means that this method will likely be removed in a future version.

Parameters:

Parameter	Type	Description
$modifier_name	string
$compiler	object	compiler object

Return Value:

true if modifier is trusted

---

isTrustedTag

Check if tag is trusted.

public isTrustedTag(string $tag_name, object $compiler): bool

Parameters:

Parameter	Type	Description
$tag_name	string
$compiler	object	compiler object

Return Value:

true if tag is trusted

---

isTrustedSpecialSmartyVar

Check if special $smarty variable is trusted.

public isTrustedSpecialSmartyVar(string $var_name, object $compiler): bool

Parameters:

Parameter	Type	Description
$var_name	string
$compiler	object	compiler object

Return Value:

true if tag is trusted

---

isTrustedModifier

Check if modifier plugin is trusted.

public isTrustedModifier(string $modifier_name, object $compiler): bool

Parameters:

Parameter	Type	Description
$modifier_name	string
$compiler	object	compiler object

Return Value:

true if tag is trusted

---

isTrustedConstant

Check if constants are enabled or trusted

public isTrustedConstant(string $const, object $compiler): bool

Parameters:

Parameter	Type	Description
$const	string	constant name
$compiler	object	compiler object

---

isTrustedStream

Check if stream is trusted.

public isTrustedStream(string $stream_name): bool

Parameters:

Parameter	Type	Description
$stream_name	string

Return Value:

true if stream is trusted

Throws:

if stream is not trusted

• SmartyException

---

isTrustedResourceDir

Check if directory of file resource is trusted.

public isTrustedResourceDir(string $filepath, null|bool $isConfig = null): bool

Parameters:

Parameter	Type	Description
$filepath	string
$isConfig	null|bool

Return Value:

true if directory is trusted

Throws:

if directory is not trusted

• SmartyException

---

isTrustedUri

Check if URI (e.g. {fetch} or {html_image}) is trusted To simplify things, isTrustedUri() resolves all input to "{$PROTOCOL}://{$HOSTNAME}".

public isTrustedUri(string $uri): bool

So "http://username:password@hello.world.example.org:8080/some-path?some=query-string" is reduced to "http://hello.world.example.org" prior to applying the patters from {@link $trusted_uri}.

Parameters:

Parameter	Type	Description
$uri	string

Return Value:

true if URI is trusted

Throws:

if URI is not trusted

• SmartyException

---

_updateResourceDir

Remove old directories and its sub folders, add new directories

private _updateResourceDir(array $oldDir, array $newDir): mixed

Parameters:

Parameter	Type	Description
$oldDir	array
$newDir	array

---

_checkDir

Check if file is inside a valid directory

private _checkDir(string $filepath, array $dirs): array|bool

Parameters:

Parameter	Type	Description
$filepath	string
$dirs	array	valid directories

Throws:

• SmartyException

---

enableSecurity

Loads security class and enables security

public static enableSecurity(\Smarty $smarty, string|\Smarty_Security $security_class): \Smarty

• This method is static.

Parameters:

Parameter	Type	Description
$smarty	\Smarty
$security_class	string|\Smarty_Security	if a string is used, it must be class-name

Return Value:

current Smarty instance for chaining

Throws:

when an invalid class name is provided

• SmartyException

---

startTemplate

Start template processing

public startTemplate(mixed $template): mixed

Parameters:

Parameter	Type	Description
$template	mixed

Throws:

• SmartyException

---

endTemplate

Exit template processing

public endTemplate(): mixed

---

registerCallBacks

Register callback functions call at start/end of template rendering

public registerCallBacks(\Smarty_Internal_Template $template): mixed

Parameters:

Parameter	Type	Description
$template	\Smarty_Internal_Template

---

---

Automatically generated on 2025-03-18