From 75a24511cb38c6d699bf01961c3182b1062d38ae Mon Sep 17 00:00:00 2001 From: "Alexandros C. Couloumbis" Date: Wed, 27 Nov 2019 17:59:53 +0200 Subject: [PATCH] bump Smarty to 2.6.31 --- class/template/smarty/Config_File.class.php | 6 +- class/template/smarty/Smarty.class.php | 29 +++-- .../template/smarty/Smarty_Compiler.class.php | 24 ++-- .../core.assemble_plugin_filepath.php | 8 +- .../smarty/internals/core.write_file.php | 4 +- .../smarty/plugins/function.cycle.php | 6 +- .../smarty/plugins/function.fetch.php | 4 +- .../template/smarty/plugins/function.math.php | 106 +++++++++++------- class/template/template.class.php | 4 +- 9 files changed, 111 insertions(+), 80 deletions(-) diff --git a/class/template/smarty/Config_File.class.php b/class/template/smarty/Config_File.class.php index 5787ad1..6d8c298 100644 --- a/class/template/smarty/Config_File.class.php +++ b/class/template/smarty/Config_File.class.php @@ -22,14 +22,14 @@ * smarty-discussion-subscribe@googlegroups.com * * @link http://www.smarty.net/ - * @version 2.6.26 + * @version 2.6.25-dev * @copyright Copyright: 2001-2005 New Digital Group, Inc. * @author Andrei Zmievski * @access public * @package Smarty */ -/* $Id: Config_File.class.php 3149 2009-05-23 20:59:25Z monte.ohrt $ */ +/* $Id$ */ /** * Config file reading class @@ -73,7 +73,7 @@ class Config_File { * * @param string $config_path (optional) path to the config files */ - function Config_File($config_path = NULL) + public function __construct($config_path = NULL) { if (isset($config_path)) $this->set_path($config_path); diff --git a/class/template/smarty/Smarty.class.php b/class/template/smarty/Smarty.class.php index e7298f2..3c97b5f 100644 --- a/class/template/smarty/Smarty.class.php +++ b/class/template/smarty/Smarty.class.php @@ -20,17 +20,17 @@ * * For questions, help, comments, discussion, etc., please join the * Smarty mailing list. Send a blank e-mail to - * smarty-discussion-subscribe@googlegroups.com + * smarty-discussion-subscribe@googlegroups.com * * @link http://www.smarty.net/ * @copyright 2001-2005 New Digital Group, Inc. * @author Monte Ohrt * @author Andrei Zmievski * @package Smarty - * @version 2.6.26 + * @version 2.6.31-dev */ -/* $Id: Smarty.class.php 3163 2009-06-17 14:39:24Z monte.ohrt $ */ +/* $Id$ */ /** * DIR_SEP isn't used anymore, but third party apps might @@ -465,7 +465,7 @@ class Smarty * * @var string */ - var $_version = '2.6.26'; + var $_version = '2.6.31'; /** * current template inclusion depth @@ -562,11 +562,17 @@ class Smarty */ var $_cache_including = false; + /** + * plugin filepath cache + * + * @var array + */ + var $_filepaths_cache = array(); /**#@-*/ /** * The class constructor. */ - function Smarty() + public function __construct() { $this->assign('SCRIPT_NAME', isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : @$GLOBALS['HTTP_SERVER_VARS']['SCRIPT_NAME']); @@ -1058,7 +1064,7 @@ class Smarty } else { // var non-existant, return valid reference $_tmp = null; - return $_tmp; + return $_tmp; } } @@ -1090,7 +1096,8 @@ class Smarty */ function trigger_error($error_msg, $error_type = E_USER_WARNING) { - trigger_error("Smarty error: $error_msg", $error_type); + $msg = htmlentities($error_msg); + trigger_error("Smarty error: $msg", $error_type); } @@ -1117,7 +1124,7 @@ class Smarty function fetch($resource_name, $cache_id = null, $compile_id = null, $display = false) { static $_cache_info = array(); - + $_smarty_old_error_level = $this->debugging ? error_reporting() : error_reporting(isset($this->error_reporting) ? $this->error_reporting : error_reporting() & ~E_NOTICE); @@ -1933,10 +1940,10 @@ class Smarty { return eval($code); } - + /** * Extracts the filter name from the given callback - * + * * @param callback $function * @return string */ @@ -1951,7 +1958,7 @@ class Smarty return $function; } } - + /**#@-*/ } diff --git a/class/template/smarty/Smarty_Compiler.class.php b/class/template/smarty/Smarty_Compiler.class.php index 1178b84..904601d 100644 --- a/class/template/smarty/Smarty_Compiler.class.php +++ b/class/template/smarty/Smarty_Compiler.class.php @@ -21,12 +21,12 @@ * @link http://smarty.php.net/ * @author Monte Ohrt * @author Andrei Zmievski - * @version 2.6.26 + * @version 2.6.25-dev * @copyright 2001-2005 New Digital Group, Inc. * @package Smarty */ -/* $Id: Smarty_Compiler.class.php 3163 2009-06-17 14:39:24Z monte.ohrt $ */ +/* $Id$ */ /** * Template compiling class @@ -78,7 +78,7 @@ class Smarty_Compiler extends Smarty { /** * The class constructor. */ - function Smarty_Compiler() + public function __construct() { // matches double quoted strings: // "foobar" @@ -259,14 +259,9 @@ class Smarty_Compiler extends Smarty { preg_match_all($search, $source_content, $match, PREG_SET_ORDER); $this->_folded_blocks = $match; - reset($this->_folded_blocks); /* replace special blocks by "{php}" */ - $source_content = preg_replace($search.'e', "'" - . $this->_quote_replace($this->left_delimiter) . 'php' - . "' . str_repeat(\"\n\", substr_count('\\0', \"\n\")) .'" - . $this->_quote_replace($this->right_delimiter) - . "'" + $source_content = preg_replace_callback($search, array($this,'_preg_callback') , $source_content); /* Gather all template tags. */ @@ -556,7 +551,7 @@ class Smarty_Compiler extends Smarty { case 'php': /* handle folded tags replaced by {php} */ - list(, $block) = each($this->_folded_blocks); + $block = array_shift($this->_folded_blocks); $this->_current_line_no += substr_count($block[0], "\n"); /* the number of matched elements in the regexp in _compile_file() determins the type of folded tag that was found */ @@ -754,7 +749,12 @@ class Smarty_Compiler extends Smarty { return true; } - + function _preg_callback ($matches) { + return $this->_quote_replace($this->left_delimiter) + . 'php' + . str_repeat("\n", substr_count($matches[1], "\n")) + . $this->_quote_replace($this->right_delimiter); + } /** * compile custom function tag * @@ -2122,7 +2122,7 @@ class Smarty_Compiler extends Smarty { return null; case 'template': - $compiled_ref = "'$this->_current_file'"; + $compiled_ref = "'" . addslashes($this->_current_file) . "'"; $_max_index = 1; break; diff --git a/class/template/smarty/internals/core.assemble_plugin_filepath.php b/class/template/smarty/internals/core.assemble_plugin_filepath.php index 690d3dd..22c0248 100644 --- a/class/template/smarty/internals/core.assemble_plugin_filepath.php +++ b/class/template/smarty/internals/core.assemble_plugin_filepath.php @@ -14,11 +14,9 @@ */ function smarty_core_assemble_plugin_filepath($params, &$smarty) { - static $_filepaths_cache = array(); - $_plugin_filename = $params['type'] . '.' . $params['name'] . '.php'; - if (isset($_filepaths_cache[$_plugin_filename])) { - return $_filepaths_cache[$_plugin_filename]; + if (isset($smarty->_filepaths_cache[$_plugin_filename])) { + return $smarty->_filepaths_cache[$_plugin_filename]; } $_return = false; @@ -58,7 +56,7 @@ function smarty_core_assemble_plugin_filepath($params, &$smarty) } } } - $_filepaths_cache[$_plugin_filename] = $_return; + $smarty->_filepaths_cache[$_plugin_filename] = $_return; return $_return; } diff --git a/class/template/smarty/internals/core.write_file.php b/class/template/smarty/internals/core.write_file.php index 2963df3..8a3a3b3 100644 --- a/class/template/smarty/internals/core.write_file.php +++ b/class/template/smarty/internals/core.write_file.php @@ -41,9 +41,7 @@ function smarty_core_write_file($params, &$smarty) // On platforms and filesystems that cannot overwrite with rename() // delete the file before renaming it -- because windows always suffers // this, it is short-circuited to avoid the initial rename() attempt - - // jondaley/lifetype modification: - if( file_exists( $params['filename'])) @unlink($params['filename']); + @unlink($params['filename']); @rename($_tmp_file, $params['filename']); } @chmod($params['filename'], $smarty->_file_perms); diff --git a/class/template/smarty/plugins/function.cycle.php b/class/template/smarty/plugins/function.cycle.php index fe78bb8..80378b7 100644 --- a/class/template/smarty/plugins/function.cycle.php +++ b/class/template/smarty/plugins/function.cycle.php @@ -63,7 +63,11 @@ function smarty_function_cycle($params, &$smarty) $cycle_vars[$name]['values'] = $params['values']; } - $cycle_vars[$name]['delimiter'] = (isset($params['delimiter'])) ? $params['delimiter'] : ','; + if (isset($params['delimiter'])) { + $cycle_vars[$name]['delimiter'] = $params['delimiter']; + } elseif (!isset($cycle_vars[$name]['delimiter'])) { + $cycle_vars[$name]['delimiter'] = ','; + } if(is_array($cycle_vars[$name]['values'])) { $cycle_array = $cycle_vars[$name]['values']; diff --git a/class/template/smarty/plugins/function.fetch.php b/class/template/smarty/plugins/function.fetch.php index 8b36ce3..d72c7b1 100644 --- a/class/template/smarty/plugins/function.fetch.php +++ b/class/template/smarty/plugins/function.fetch.php @@ -181,12 +181,12 @@ function smarty_function_fetch($params, &$smarty) $content .= fgets($fp,4096); } fclose($fp); - $csplit = explode("\r\n\r\n",$content,2); + $csplit = preg_split("!\r\n\r\n!",$content,2); $content = $csplit[1]; if(!empty($params['assign_headers'])) { - $smarty->assign($params['assign_headers'],explode("\r\n",$csplit[0])); + $smarty->assign($params['assign_headers'],preg_split("!\r\n!",$csplit[0])); } } } else { diff --git a/class/template/smarty/plugins/function.math.php b/class/template/smarty/plugins/function.math.php index bb78dac..d0ce1e6 100644 --- a/class/template/smarty/plugins/function.math.php +++ b/class/template/smarty/plugins/function.math.php @@ -1,85 +1,109 @@ * Name: math
- * Purpose: handle math computations in template
- * @link http://smarty.php.net/manual/en/language.function.math.php {math} - * (Smarty online manual) + * Purpose: handle math computations in template + * + * @link http://www.smarty.net/manual/en/language.function.math.php {math} + * (Smarty online manual) * @author Monte Ohrt - * @param array + * + * @param array $params parameters * @param Smarty - * @return string + * + * @return string|null */ function smarty_function_math($params, &$smarty) { + static $_allowed_funcs = + array('int' => true, 'abs' => true, 'ceil' => true, 'cos' => true, 'exp' => true, 'floor' => true, + 'log' => true, 'log10' => true, 'max' => true, 'min' => true, 'pi' => true, 'pow' => true, 'rand' => true, + 'round' => true, 'sin' => true, 'sqrt' => true, 'srand' => true, 'tan' => true); // be sure equation parameter is present - if (empty($params['equation'])) { - $smarty->trigger_error("math: missing equation parameter"); + if (empty($params[ 'equation' ])) { + trigger_error("math: missing equation parameter", E_USER_WARNING); + return; } - // strip out backticks, not necessary for math - $equation = str_replace('`','',$params['equation']); + $equation = $params[ 'equation' ]; // make sure parenthesis are balanced - if (substr_count($equation,"(") != substr_count($equation,")")) { - $smarty->trigger_error("math: unbalanced parenthesis"); + if (substr_count($equation, "(") != substr_count($equation, ")")) { + trigger_error("math: unbalanced parenthesis", E_USER_WARNING); + return; } - // match all vars in equation, make sure all are passed - preg_match_all("!(?:0x[a-fA-F0-9]+)|([a-zA-Z][a-zA-Z0-9_]+)!",$equation, $match); - $allowed_funcs = array('int','abs','ceil','cos','exp','floor','log','log10', - 'max','min','pi','pow','rand','round','sin','sqrt','srand','tan'); - - foreach($match[1] as $curr_var) { - if ($curr_var && !in_array($curr_var, array_keys($params)) && !in_array($curr_var, $allowed_funcs)) { - $smarty->trigger_error("math: function call $curr_var not allowed"); - return; - } + // disallow backticks + if (strpos($equation, '`') !== false) { + trigger_error("math: backtick character not allowed in equation", E_USER_WARNING); + + return; + } + + // also disallow dollar signs + if (strpos($equation, '$') !== false) { + trigger_error("math: dollar signs not allowed in equation", E_USER_WARNING); + + return; } - foreach($params as $key => $val) { + foreach ($params as $key => $val) { if ($key != "equation" && $key != "format" && $key != "assign") { // make sure value is not empty - if (strlen($val)==0) { - $smarty->trigger_error("math: parameter $key is empty"); + if (strlen($val) == 0) { + trigger_error("math: parameter '{$key}' is empty", E_USER_WARNING); + return; } if (!is_numeric($val)) { - $smarty->trigger_error("math: parameter $key: is not numeric"); + trigger_error("math: parameter '{$key}' is not numeric", E_USER_WARNING); + return; } - $equation = preg_replace("/\b$key\b/", " \$params['$key'] ", $equation); } } - eval("\$smarty_math_result = ".$equation.";"); + // match all vars in equation, make sure all are passed + preg_match_all('!(?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)!', $equation, $match); + + foreach ($match[ 1 ] as $curr_var) { + if ($curr_var && !isset($params[ $curr_var ]) && !isset($_allowed_funcs[ $curr_var ])) { + trigger_error("math: function call '{$curr_var}' not allowed, or missing parameter '{$curr_var}'", E_USER_WARNING); + + return; + } + } + + foreach ($params as $key => $val) { + if ($key != "equation" && $key != "format" && $key != "assign") { + $equation = preg_replace("/\b$key\b/", " \$params['$key'] ", $equation); + } + } + $smarty_math_result = null; + eval("\$smarty_math_result = " . $equation . ";"); - if (empty($params['format'])) { - if (empty($params['assign'])) { + if (empty($params[ 'format' ])) { + if (empty($params[ 'assign' ])) { return $smarty_math_result; } else { - $smarty->assign($params['assign'],$smarty_math_result); + $smarty->assign($params[ 'assign' ], $smarty_math_result); } } else { - if (empty($params['assign'])){ - printf($params['format'],$smarty_math_result); + if (empty($params[ 'assign' ])) { + printf($params[ 'format' ], $smarty_math_result); } else { - $smarty->assign($params['assign'],sprintf($params['format'],$smarty_math_result)); + $smarty->assign($params[ 'assign' ], sprintf($params[ 'format' ], $smarty_math_result)); } } } - -/* vim: set expandtab: */ - -?> diff --git a/class/template/template.class.php b/class/template/template.class.php index ec7ce92..5f3978d 100644 --- a/class/template/template.class.php +++ b/class/template/template.class.php @@ -74,7 +74,7 @@ function Template( $templateFile ) { // create the Smarty object and set the security values - $this->Smarty(); + $this->__construct(); $this->caching = false; //$this->cache_lifetime = $cacheLifetime; $config =& Config::getConfig(); @@ -240,4 +240,4 @@ return false; } } -?> \ No newline at end of file +?> -- 2.35.1