[geeklog-hg] geeklog: Now {templatelocation} template variable contains a ful...

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Wed Jan 8 06:16:25 EST 2014 

changeset 9394:db9c1864ecda
url:  http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/db9c1864ecda
user: Kenji ITO <mystralkk at gmail.com>
date: Wed Jan 08 13:17:08 2014 +0900
description:
Now {templatelocation} template variable contains a full path only when the current user is in Root group and template debug mode is on. (bug #0001723)

diffstat:

 system/classes/template.class.php |  34 ++++++++++++++++++++++++++++++++++
 1 files changed, 34 insertions(+), 0 deletions(-)

diffs (58 lines):

diff -r 82d33677cf71 -r db9c1864ecda system/classes/template.class.php
--- a/system/classes/template.class.php	Tue Jan 07 22:11:56 2014 +0900
+++ b/system/classes/template.class.php	Wed Jan 08 13:17:08 2014 +0900
@@ -521,6 +521,30 @@
         return true;
     }
 
+    /**
+    * Modifies template location to prevent non-Root users from seeing it
+    *
+    * @param    string   $location
+    * @return   string   If the current user is in the Root group, $location is
+    *                    unchanged.  Otherwise, $location is changed into a path
+    *                    relative to $_CONF['path_layout'].
+    */
+    protected function _modifyTemplateLocation($location)
+    {
+        global $_CONF;
+        static $switch = null;
+
+        if ($switch === null) {
+            $switch = ($this->debug > 0) && SEC_inGroup('Root');
+        }
+
+        if (!$switch) {
+            $location = str_ireplace($_CONF['path_layout'], '', $location);
+        }
+
+        return $location;
+    }
+
 
    /******************************************************************************
     * This functions sets the value of a variable.
@@ -556,6 +580,11 @@
                 if ($this->debug & 1) {
                     printf("<b>set_var:</b> (with scalar) <b>%s</b> = '%s'<br>\n", $varname, htmlentities($value));
                 }
+
+                if ($varname === 'templatelocation') {
+                    $value = $this->_modifyTemplateLocation($value);
+                }
+
                 if ($append && isset($this->varvals[$varname])) {
                     $this->varvals[$varname] .= $value;
                 } else {
@@ -572,6 +601,11 @@
                     if ($this->debug & 1) {
                         printf("<b>set_var:</b> (with array) <b>%s</b> = '%s'<br>\n", $k, htmlentities($v));
                     }
+
+                    if ($k === 'templatelocation') {
+                        $v = $this->_modifyTemplateLocation($v);
+                    }
+
                     if ($append && isset($this->varvals[$k])) {
                         $this->varvals[$k] .= $v;
                     } else {

More information about the geeklog-cvs mailing list