Home Explore Project
Register Sign In
ServerCrm
/
postfixadmin
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
postfixadmin
/
smarty.inc.php

smarty.inc.php 3.7 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. <?php
    2. 

  2. require_once ("$incpath/smarty/libs/Smarty.class.php");
    3. 

  3. 

  4. /**
    5. 

  5.  * Turn on sanitisation of all data by default so it's not possible for XSS flaws to occur in PFA
    6. 

  6.  */
    7. 

  7. class PFASmarty {
    8. 

  8.     protected $template = null;
    9. 

  9.     public function __construct() {
    10. 

  10.         $this->template = new Smarty();
    11. 

  11. 

  12.         //$this->template->debugging = true;
    13. 

  13.         $incpath = dirname(__FILE__);
    14. 

  14.         $this->template->template_dir = $incpath.'/templates';
    15. 

  15.         $this->template->compile_dir  = $incpath.'/templates_c';
    16. 

  16.         $this->template->config_dir   = $incpath.'/'.$this->template->config_dir[0];
    17. 

  17.     }
    18. 

  18. 

  19.     public function assign($key, $value, $sanitise = true) {
    20. 

  20.         $this->template->assign("RAW_$key", $value);
    21. 

  21.         if($sanitise == false) {
    22. 

  22.             return $this->template->assign($key, $value);
    23. 

  23.         }
    24. 

  24.         $clean = $this->sanitise($value);
    25. 

  25.         /* we won't run the key through sanitise() here... some might argue we should */
    26. 

  26.         return $this->template->assign($key, $clean);
    27. 

  27.     }
    28. 

  28. 

  29.     public function display($template) {
    30. 

  30.         header ("Expires: Sun, 16 Mar 2003 05:00:00 GMT");
    31. 

  31.         header ("Last-Modified: " . gmdate ("D, d M Y H:i:s") . " GMT");
    32. 

  32.         header ("Cache-Control: no-store, no-cache, must-revalidate");
    33. 

  33.         header ("Cache-Control: post-check=0, pre-check=0", false);
    34. 

  34.         header ("Pragma: no-cache");
    35. 

  35.         header ("Content-Type: text/html; charset=UTF-8");
    36. 

  36. 

  37.         $this->template->display($template);
    38. 

  38.         unset($_SESSION['flash']); # cleanup flash messages
    39. 

  39.     }
    40. 

  40.     /**
    41. 

  41.      * Recursive cleaning of data, using htmlentities - this assumes we only ever output to HTML and we're outputting in UTF-8 charset 
    42. 

  42.      *
    43. 

  43.      * @param mixed $data - array or primitive type; objects not supported.
    44. 

  44.      * @return mixed $data
    45. 

  45.      * */
    46. 

  46.     public function sanitise($data) {
    47. 

  47.         if(!is_array($data)) {
    48. 

  48.             return htmlentities($data, ENT_QUOTES, 'UTF-8', false);
    49. 

  49.         }
    50. 

  50.         if(is_array($data)) {
    51. 

  51.             $clean = array();
    52. 

  52.             foreach($data as $key => $value) {
    53. 

  53.                 /* as this is a nested data structure it's more likely we'll output the key too (at least in my opinion, so we'll sanitise it too */
    54. 

  54.                 $clean[$this->sanitise($key)] = $this->sanitise($value);
    55. 

  55.             }
    56. 

  56.             return $clean;
    57. 

  57.         }
    58. 

  58.     }
    59. 

  59. }
    60. 

  60. $smarty = new PFASmarty();
    61. 

  61. 

  62. if (!isset($rel_path)) $rel_path = ''; # users/* sets this to '../'
    63. 

  63. 

  64. $CONF['theme_css']  = $rel_path . htmlentities($CONF['theme_css']);
    65. 

  65. if (!empty($CONF['theme_custom_css'])) $CONF['theme_custom_css']  = $rel_path . htmlentities($CONF['theme_custom_css']);
    66. 

  66. $CONF['theme_logo'] = $rel_path . htmlentities($CONF['theme_logo']);
    67. 

  67. 

  68. $smarty->assign ('CONF', $CONF);
    69. 

  69. $smarty->assign ('PALANG', $PALANG);
    70. 

  70. $smarty->assign('url_domain', '');
    71. 

  71. //*** footer.tpl
    72. 

  72. $smarty->assign ('version', $version);
    73. 

  73. 

  74. //*** menu.tpl
    75. 

  75. $smarty->assign ('boolconf_alias_domain', Config::bool('alias_domain'));
    76. 

  76. $smarty->assign ('authentication_has_role', array ('global_admin' => authentication_has_role ('global-admin'), 'admin' => authentication_has_role ('admin'), 'user' => authentication_has_role ('user')));
    77. 

  77. 

  78. function select_options($aValues, $aSelected) {
    79. 

  79.     $ret_val = '';
    80. 

  80.     foreach ($aValues as $val) {
    81. 

  81.         $ret_val .= '<option value="'.htmlentities($val).'"';
    82. 

  82.         if (in_array ($val, $aSelected))
    83. 

  83.             $ret_val .= ' selected="selected"';
    84. 

  84.         $ret_val .= '>'.htmlentities($val).'</option>';
    85. 

  85.     }
    86. 

  86.     return $ret_val;
    87. 

  87. }
    88. 

  88. function eval_size ($aSize) {
    89. 

  89. 	if ($aSize == 0)	{$ret_val = Config::Lang('pOverview_unlimited'); }
    90. 

  90. 	elseif ($aSize < 0)	{$ret_val = Config::Lang('pOverview_disabled');  }
    91. 

  91. 	else 				{$ret_val = $aSize;	}
    92. 

  92. 	return $ret_val;
    93. 

  93. }
    94. 

  94. /* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
    95. 

  95. ?>
    96.