None of this whitelisting-by-filename would be practical for our setup. Have a look at what Smarty does with compiled templates and cached pages: PHP includes generated on the fly, with filenames that are not known in advance. For such usage a whitelisting per realpath prefix, would be the only reasonable approach.
best regards Patrick
