[geeklog-hg] geeklog: Now {templatelocation} template variable contains a ful...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Wed Jan 8 06:16:25 EST 2014
changeset 9394:db9c1864ecda
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/db9c1864ecda
user: Kenji ITO <mystralkk at gmail.com>
date: Wed Jan 08 13:17:08 2014 +0900
description:
Now {templatelocation} template variable contains a full path only when the current user is in Root group and template debug mode is on. (bug #0001723)
diffstat:
system/classes/template.class.php | 34 ++++++++++++++++++++++++++++++++++
1 files changed, 34 insertions(+), 0 deletions(-)
diffs (58 lines):
diff -r 82d33677cf71 -r db9c1864ecda system/classes/template.class.php
--- a/system/classes/template.class.php Tue Jan 07 22:11:56 2014 +0900
+++ b/system/classes/template.class.php Wed Jan 08 13:17:08 2014 +0900
@@ -521,6 +521,30 @@
return true;
}
+ /**
+ * Modifies template location to prevent non-Root users from seeing it
+ *
+ * @param string $location
+ * @return string If the current user is in the Root group, $location is
+ * unchanged. Otherwise, $location is changed into a path
+ * relative to $_CONF['path_layout'].
+ */
+ protected function _modifyTemplateLocation($location)
+ {
+ global $_CONF;
+ static $switch = null;
+
+ if ($switch === null) {
+ $switch = ($this->debug > 0) && SEC_inGroup('Root');
+ }
+
+ if (!$switch) {
+ $location = str_ireplace($_CONF['path_layout'], '', $location);
+ }
+
+ return $location;
+ }
+
/******************************************************************************
* This functions sets the value of a variable.
@@ -556,6 +580,11 @@
if ($this->debug & 1) {
printf("<b>set_var:</b> (with scalar) <b>%s</b> = '%s'<br>\n", $varname, htmlentities($value));
}
+
+ if ($varname === 'templatelocation') {
+ $value = $this->_modifyTemplateLocation($value);
+ }
+
if ($append && isset($this->varvals[$varname])) {
$this->varvals[$varname] .= $value;
} else {
@@ -572,6 +601,11 @@
if ($this->debug & 1) {
printf("<b>set_var:</b> (with array) <b>%s</b> = '%s'<br>\n", $k, htmlentities($v));
}
+
+ if ($k === 'templatelocation') {
+ $v = $this->_modifyTemplateLocation($v);
+ }
+
if ($append && isset($this->varvals[$k])) {
$this->varvals[$k] .= $v;
} else {
More information about the geeklog-cvs
mailing list