TheCoreDev/sterivein
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

check file in main and sub templates

Browse Source
This commit is contained in:
Manuel Raynaud
2014-04-18 15:09:47 +02:00
parent 29c2901e5d
commit 80ad3068b3
1 changed files with 18 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
core/lib/Thelia/Core/Template/Smarty/SmartyParser.php
View File

@@ -239,11 +239,27 @@ class SmartyParser extends Smarty implements ParserInterface
*/ */
public function render($realTemplateName, array $parameters = array()) public function render($realTemplateName, array $parameters = array())
{ {
if (false === $this->templateExists($realTemplateName)) { if (false === $this->templateExists($realTemplateName) || false === $this->checkTemplate($realTemplateName)) {
throw new ResourceNotFoundException(Translator::getInstance()->trans("Template file %file cannot be found.", array('%file' => $realTemplateName))); throw new ResourceNotFoundException(Translator::getInstance()->trans("Template file %file cannot be found.", array('%file' => $realTemplateName)));
} }
return $this->internalRenderer('file', $realTemplateName, $parameters); return $this->internalRenderer('file', $realTemplateName, $parameters);
}
private function checkTemplate($fileName)
{
$templates = $this->getTemplateDir();
$found = true;
foreach ($templates as $key => $value) {
$absolutePath = rtrim(realpath(dirname($value.$fileName)), "/");
$templateDir = rtrim(realpath($value), "/");
if (!empty($absolutePath) && strpos($absolutePath, $templateDir) !== 0) {
$found = false;
}
}
return $found;
} }
/** /**