aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorpatdenice <patdenice@piwigo.org>2008-12-09 16:12:25 +0000
committerpatdenice <patdenice@piwigo.org>2008-12-09 16:12:25 +0000
commit5b3a9696ebcc56bb0377e58ad8c12e348848d109 (patch)
treeeb7caa8cc0c71c0aa3680b33d38f7a1dd889775e
parentc12da2fdfa101d01c7fc2766e42bb95aa6ad0c4e (diff)
merge -c2961 from trunk to branch 2.0.
Update Smarty to 2.6.21 git-svn-id: http://piwigo.org/svn/branches/2.0@2962 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--include/smarty/NEWS9
-rw-r--r--include/smarty/README3
-rw-r--r--include/smarty/libs/Config_File.class.php10
-rw-r--r--include/smarty/libs/Smarty.class.php22
-rw-r--r--include/smarty/libs/Smarty_Compiler.class.php41
-rw-r--r--include/smarty/libs/internals/core.write_cache_file.php2
6 files changed, 56 insertions, 31 deletions
diff --git a/include/smarty/NEWS b/include/smarty/NEWS
index 1e3b77ecc..19d9082b5 100644
--- a/include/smarty/NEWS
+++ b/include/smarty/NEWS
@@ -1,4 +1,11 @@
-Version 2.6.20 (Aug 15th, 2008)
+Version 2.6.21 (Dec 2nd, 2008)
+------------------------------
+
+- fix function injection security hole closed (U.Tews)
+- fix pass expiration time at cache_handler_fuc call in core.write_cache_file.php (U.Tews)
+- Update of compiler.class.php to allow method chaining for PHP4 and PHP5 (U.Tews)
+
+Version 2.6.20 (Feb 15th, 2008)
-------------------------------
- fix cache tag bug when multiple cache tags on a page (mankyd,
diff --git a/include/smarty/README b/include/smarty/README
index c11ed0ca7..45cf23c86 100644
--- a/include/smarty/README
+++ b/include/smarty/README
@@ -1,8 +1,9 @@
+
NAME:
Smarty - the PHP compiling template engine
-VERSION: 2.6.20
+VERSION: 2.6.21
AUTHORS:
diff --git a/include/smarty/libs/Config_File.class.php b/include/smarty/libs/Config_File.class.php
index a10d30469..9dc5b3ee8 100644
--- a/include/smarty/libs/Config_File.class.php
+++ b/include/smarty/libs/Config_File.class.php
@@ -17,15 +17,19 @@
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
- * @link http://smarty.php.net/
- * @version 2.6.20
+ * For questions, help, comments, discussion, etc., please join the
+ * Smarty mailing list. Send a blank e-mail to
+ * smarty-discussion-subscribe@googlegroups.com
+ *
+ * @link http://www.smarty.net/
+ * @version 2.6.19-dev
* @copyright Copyright: 2001-2005 New Digital Group, Inc.
* @author Andrei Zmievski <andrei@php.net>
* @access public
* @package Smarty
*/
-/* $Id: Config_File.class.php 2702 2007-03-08 19:11:22Z mohrt $ */
+/* $Id: Config_File.class.php 2786 2008-09-18 21:04:38Z Uwe.Tews $ */
/**
* Config file reading class
diff --git a/include/smarty/libs/Smarty.class.php b/include/smarty/libs/Smarty.class.php
index 6ac6a04b2..7cdc0c835 100644
--- a/include/smarty/libs/Smarty.class.php
+++ b/include/smarty/libs/Smarty.class.php
@@ -20,17 +20,17 @@
*
* For questions, help, comments, discussion, etc., please join the
* Smarty mailing list. Send a blank e-mail to
- * smarty-general-subscribe@lists.php.net
+ * smarty-discussion-subscribe@googlegroups.com
*
- * @link http://smarty.php.net/
+ * @link http://www.smarty.net/
* @copyright 2001-2005 New Digital Group, Inc.
* @author Monte Ohrt <monte at ohrt dot com>
* @author Andrei Zmievski <andrei@php.net>
* @package Smarty
- * @version 2.6.20
+ * @version 2.6.21
*/
-/* $Id: Smarty.class.php 2722 2007-06-18 14:29:00Z danilo $ */
+/* $Id: Smarty.class.php 2785 2008-09-18 21:04:12Z Uwe.Tews $ */
/**
* DIR_SEP isn't used anymore, but third party apps might
@@ -464,7 +464,7 @@ class Smarty
*
* @var string
*/
- var $_version = '2.6.20';
+ var $_version = '2.6.21';
/**
* current template inclusion depth
@@ -1292,19 +1292,11 @@ class Smarty
if ($display) {
if (isset($_smarty_results)) { echo $_smarty_results; }
- }
-
- if ($this->debugging) {
- // capture time for debugging info
- $_params = array();
- require_once(SMARTY_CORE_DIR . 'core.get_microtime.php');
- $this->_smarty_debug_info[$_included_tpls_idx]['exec_time'] = (smarty_core_get_microtime($_params, $this) - $_debug_start_time);
- }
-
- if ($display) {
if ($this->debugging) {
// capture time for debugging info
$_params = array();
+ require_once(SMARTY_CORE_DIR . 'core.get_microtime.php');
+ $this->_smarty_debug_info[$_included_tpls_idx]['exec_time'] = (smarty_core_get_microtime($_params, $this) - $_debug_start_time);
require_once(SMARTY_CORE_DIR . 'core.display_debug_console.php');
echo smarty_core_display_debug_console($_params, $this);
}
diff --git a/include/smarty/libs/Smarty_Compiler.class.php b/include/smarty/libs/Smarty_Compiler.class.php
index f09f8de8d..d950b3485 100644
--- a/include/smarty/libs/Smarty_Compiler.class.php
+++ b/include/smarty/libs/Smarty_Compiler.class.php
@@ -18,15 +18,15 @@
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
- * @link http://smarty.php.net/
+ * @link http://www.smarty.net/
* @author Monte Ohrt <monte at ohrt dot com>
* @author Andrei Zmievski <andrei@php.net>
- * @version 2.6.20
+ * @version 2.6.21
* @copyright 2001-2005 New Digital Group, Inc.
* @package Smarty
*/
-/* $Id: Smarty_Compiler.class.php 2773 2008-08-12 18:17:51Z Uwe.Tews $ */
+/* $Id: Smarty_Compiler.class.php 2797 2008-09-22 19:26:32Z monte.ohrt $ */
/**
* Template compiling class
@@ -73,6 +73,9 @@ class Smarty_Compiler extends Smarty {
var $_strip_depth = 0;
var $_additional_newline = "\n";
+
+ var $_phpversion = 0;
+
/**#@-*/
/**
@@ -80,6 +83,8 @@ class Smarty_Compiler extends Smarty {
*/
function Smarty_Compiler()
{
+ $this->_phpversion = substr(phpversion(),0,1);
+
// matches double quoted strings:
// "foobar"
// "foo\"bar"
@@ -152,16 +157,20 @@ class Smarty_Compiler extends Smarty {
// $foo->bar($foo->bar)
// $foo->bar($foo->bar())
// $foo->bar($foo->bar($blah,$foo,44,"foo",$foo[0].bar))
+ // $foo->getBar()->getFoo()
+ // $foo->getBar()->foo
$this->_obj_ext_regexp = '\->(?:\$?' . $this->_dvar_guts_regexp . ')';
$this->_obj_restricted_param_regexp = '(?:'
- . '(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')(?:' . $this->_obj_ext_regexp . '(?:\((?:(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')'
- . '(?:\s*,\s*(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . '))*)?\))?)*)';
- $this->_obj_single_param_regexp = '(?:\w+|' . $this->_obj_restricted_param_regexp . '(?:\s*,\s*(?:(?:\w+|'
+ . '(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')(?:' . $this->_obj_ext_regexp . '(?:\((?:(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')'
+ . '(?:\s*,\s*(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . '))*)?\))?)*)';
+
+ $this->_obj_single_param_regexp = '(?:\w+|' . $this->_obj_restricted_param_regexp . '(?:\s*,\s*(?:(?:\w+|'
. $this->_var_regexp . $this->_obj_restricted_param_regexp . ')))*)';
- $this->_obj_params_regexp = '\((?:' . $this->_obj_single_param_regexp
+
+ $this->_obj_params_regexp = '\((?:' . $this->_obj_single_param_regexp
. '(?:\s*,\s*' . $this->_obj_single_param_regexp . ')*)?\)';
- $this->_obj_start_regexp = '(?:' . $this->_dvar_regexp . '(?:' . $this->_obj_ext_regexp . ')+)';
- $this->_obj_call_regexp = '(?:' . $this->_obj_start_regexp . '(?:' . $this->_obj_params_regexp . ')?(?:' . $this->_dvar_math_regexp . '(?:' . $this->_num_const_regexp . '|' . $this->_dvar_math_var_regexp . ')*)?)';
+ $this->_obj_start_regexp = '(?:' . $this->_dvar_regexp . '(?:' . $this->_obj_ext_regexp . ')+)';
+ $this->_obj_call_regexp = '(?:' . $this->_obj_start_regexp . '(?:' . $this->_obj_params_regexp . '(?:' . $this->_obj_ext_regexp . '(?:'.$this->_obj_params_regexp . ')?)*' . ')?(?:' . $this->_dvar_math_regexp . '(?:' . $this->_num_const_regexp . '|' . $this->_dvar_math_var_regexp . ')*)?)';
// matches valid modifier syntax:
// |foo
@@ -1696,6 +1705,8 @@ class Smarty_Compiler extends Smarty {
}
// replace double quoted literal string with single quotes
$_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
+ // escape dollar sign if not printing a var
+ $_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return);
return $_return;
}
@@ -1709,6 +1720,7 @@ class Smarty_Compiler extends Smarty {
function _parse_var($var_expr)
{
$_has_math = false;
+ $_has_php4_method_chaining = false;
$_math_vars = preg_split('~('.$this->_dvar_math_regexp.'|'.$this->_qstr_regexp.')~', $var_expr, -1, PREG_SPLIT_DELIM_CAPTURE);
if(count($_math_vars) > 1) {
@@ -1821,6 +1833,10 @@ class Smarty_Compiler extends Smarty {
$_output .= '->{(($_var=$this->_tpl_vars[\''.substr($_index,3).'\']) && substr($_var,0,2)!=\'__\') ? $_var : $this->trigger_error("cannot access property \\"$_var\\"")}';
}
} else {
+ if ($this->_phpversion < 5) {
+ $_has_php4_method_chaining = true;
+ $_output .= "; \$_foo = \$_foo";
+ }
$_output .= $_index;
}
} elseif (substr($_index, 0, 1) == '(') {
@@ -1832,7 +1848,12 @@ class Smarty_Compiler extends Smarty {
}
}
- return $_output;
+ if ($_has_php4_method_chaining) {
+ $_tmp = str_replace("'","\'",'$_foo = '.$_output.'; return $_foo;');
+ return "eval('".$_tmp."')";
+ } else {
+ return $_output;
+ }
}
/**
diff --git a/include/smarty/libs/internals/core.write_cache_file.php b/include/smarty/libs/internals/core.write_cache_file.php
index 72f785b74..fa3cdd746 100644
--- a/include/smarty/libs/internals/core.write_cache_file.php
+++ b/include/smarty/libs/internals/core.write_cache_file.php
@@ -68,7 +68,7 @@ function smarty_core_write_cache_file($params, &$smarty)
if (!empty($smarty->cache_handler_func)) {
// use cache_handler function
call_user_func_array($smarty->cache_handler_func,
- array('write', &$smarty, &$params['results'], $params['tpl_file'], $params['cache_id'], $params['compile_id'], null));
+ array('write', &$smarty, &$params['results'], $params['tpl_file'], $params['cache_id'], $params['compile_id'], $smarty->_cache_info['expires']));
} else {
// use local cache file