Changeset 3583 for branches/2.0
- Timestamp:
- Jul 15, 2009, 1:41:41 PM (15 years ago)
- Location:
- branches/2.0/include/smarty
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.0/include/smarty/NEWS
r3001 r3583 1 Version 2.6.26 (June 18th, 2009) 2 ------------------------------- 3 - revert super global access changes, and instead rely on 4 USE_SUPER_GLOBALS for security 5 6 Version 2.6.25 (May 19th, 2009) 7 ------------------------------- 8 - fix E_NOTICE when sessions are disabled (mohrt) 9 10 Version 2.6.24 (May 16th, 2009) 11 ------------------------------- 12 - fix problem introduced with super global changes (mohrt) 13 14 Version 2.6.23 (May 13th, 2009) 15 ------------------------------- 16 - strip backticks from {math} equations (mohrt) 17 - make PHP super globals read-only from template (mohrt) 18 - throw error when template exists but not readable (mohrt) 19 1 20 Version 2.6.22 (Dec 17th, 2008) 2 21 ------------------------------- -
branches/2.0/include/smarty/README
r3001 r3583 4 4 Smarty - the PHP compiling template engine 5 5 6 VERSION: 2.6.2 26 VERSION: 2.6.26 7 7 8 8 AUTHORS: -
branches/2.0/include/smarty/libs/Config_File.class.php
r3001 r3583 23 23 * 24 24 * @link http://www.smarty.net/ 25 * @version 2.6.2 225 * @version 2.6.26 26 26 * @copyright Copyright: 2001-2005 New Digital Group, Inc. 27 27 * @author Andrei Zmievski <andrei@php.net> … … 30 30 */ 31 31 32 /* $Id: Config_File.class.php 2786 2008-09-18 21:04:38Z Uwe.Tews$ */32 /* $Id: Config_File.class.php 3149 2009-05-23 20:59:25Z monte.ohrt $ */ 33 33 34 34 /** -
branches/2.0/include/smarty/libs/Smarty.class.php
r3121 r3583 21 21 * For questions, help, comments, discussion, etc., please join the 22 22 * Smarty mailing list. Send a blank e-mail to 23 * smarty-discussion-subscribe@googlegroups.com 23 * smarty-discussion-subscribe@googlegroups.com 24 24 * 25 25 * @link http://www.smarty.net/ … … 28 28 * @author Andrei Zmievski <andrei@php.net> 29 29 * @package Smarty 30 * @version 2.6.2 230 * @version 2.6.26 31 31 */ 32 32 33 /* $Id: Smarty.class.php 2785 2008-09-18 21:04:12Z Uwe.Tews$ */33 /* $Id: Smarty.class.php 3163 2009-06-17 14:39:24Z monte.ohrt $ */ 34 34 35 35 /** … … 108 108 * When set, smarty does uses this value as error_reporting-level. 109 109 * 110 * @var boolean110 * @var integer 111 111 */ 112 112 var $error_reporting = null; … … 237 237 'PHP_TAGS' => false, 238 238 'MODIFIER_FUNCS' => array('count'), 239 'ALLOW_CONSTANTS' => false 239 'ALLOW_CONSTANTS' => false, 240 'ALLOW_SUPER_GLOBALS' => true 240 241 ); 241 242 … … 465 466 * @var string 466 467 */ 467 var $_version = '2.6.2 2';468 var $_version = '2.6.26'; 468 469 469 470 /** … … 1058 1059 // var non-existant, return valid reference 1059 1060 $_tmp = null; 1060 return $_tmp; 1061 return $_tmp; 1061 1062 } 1062 1063 } … … 1117 1118 { 1118 1119 static $_cache_info = array(); 1119 1120 1120 1121 $_smarty_old_error_level = $this->debugging ? error_reporting() : error_reporting(isset($this->error_reporting) 1121 1122 ? $this->error_reporting : error_reporting() & ~E_NOTICE); … … 1304 1305 return; 1305 1306 } else { 1306 if ($this->debugging) {1307 // capture time for debugging info1308 $_params = array();1309 require_once(SMARTY_CORE_DIR . 'core.get_microtime.php');1310 $this->_smarty_debug_info[$_included_tpls_idx]['exec_time'] = (smarty_core_get_microtime($_params, $this) - $_debug_start_time);1311 }1312 1307 error_reporting($_smarty_old_error_level); 1313 1308 if (isset($_smarty_results)) { return $_smarty_results; } … … 1555 1550 } 1556 1551 $params['resource_timestamp'] = filemtime($_resource_name); 1557 $_return = is_file($_resource_name) ;1552 $_return = is_file($_resource_name) && is_readable($_resource_name); 1558 1553 break; 1559 1554 … … 1718 1713 function _read_file($filename) 1719 1714 { 1720 if ( file_exists($filename) && ($fd = @fopen($filename, 'rb')) ) {1715 if ( file_exists($filename) && is_readable($filename) && ($fd = @fopen($filename, 'rb')) ) { 1721 1716 $contents = ''; 1722 1717 while (!feof($fd)) { … … 1939 1934 return eval($code); 1940 1935 } 1941 1936 1942 1937 /** 1943 1938 * Extracts the filter name from the given callback 1944 * 1939 * 1945 1940 * @param callback $function 1946 1941 * @return string … … 1957 1952 } 1958 1953 } 1959 1954 1960 1955 /**#@-*/ 1961 1956 -
branches/2.0/include/smarty/libs/Smarty_Compiler.class.php
r3001 r3583 19 19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 20 20 * 21 * @link http:// www.smarty.net/21 * @link http://smarty.php.net/ 22 22 * @author Monte Ohrt <monte at ohrt dot com> 23 23 * @author Andrei Zmievski <andrei@php.net> 24 * @version 2.6.2 224 * @version 2.6.26 25 25 * @copyright 2001-2005 New Digital Group, Inc. 26 26 * @package Smarty 27 27 */ 28 28 29 /* $Id: Smarty_Compiler.class.php 2966 2008-12-08 15:10:03Z monte.ohrt $ */29 /* $Id: Smarty_Compiler.class.php 3163 2009-06-17 14:39:24Z monte.ohrt $ */ 30 30 31 31 /** … … 74 74 var $_strip_depth = 0; 75 75 var $_additional_newline = "\n"; 76 77 var $_phpversion = 0;78 79 76 80 77 /**#@-*/ … … 84 81 function Smarty_Compiler() 85 82 { 86 $this->_phpversion = substr(phpversion(),0,1);87 88 83 // matches double quoted strings: 89 84 // "foobar" … … 158 153 // $foo->bar($foo->bar()) 159 154 // $foo->bar($foo->bar($blah,$foo,44,"foo",$foo[0].bar)) 160 // $foo->getBar()->getFoo()161 // $foo->getBar()->foo162 155 $this->_obj_ext_regexp = '\->(?:\$?' . $this->_dvar_guts_regexp . ')'; 163 156 $this->_obj_restricted_param_regexp = '(?:' 164 . '(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')(?:' . $this->_obj_ext_regexp . '(?:\((?:(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')' 165 . '(?:\s*,\s*(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . '))*)?\))?)*)'; 166 167 $this->_obj_single_param_regexp = '(?:\w+|' . $this->_obj_restricted_param_regexp . '(?:\s*,\s*(?:(?:\w+|' 157 . '(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')(?:' . $this->_obj_ext_regexp . '(?:\((?:(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')' 158 . '(?:\s*,\s*(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . '))*)?\))?)*)'; 159 $this->_obj_single_param_regexp = '(?:\w+|' . $this->_obj_restricted_param_regexp . '(?:\s*,\s*(?:(?:\w+|' 168 160 . $this->_var_regexp . $this->_obj_restricted_param_regexp . ')))*)'; 169 170 $this->_obj_params_regexp = '\((?:' . $this->_obj_single_param_regexp 161 $this->_obj_params_regexp = '\((?:' . $this->_obj_single_param_regexp 171 162 . '(?:\s*,\s*' . $this->_obj_single_param_regexp . ')*)?\)'; 172 $this->_obj_start_regexp = '(?:' . $this->_dvar_regexp . '(?:' . $this->_obj_ext_regexp . ')+)';173 $this->_obj_call_regexp = '(?:' . $this->_obj_start_regexp . '(?:' . $this->_obj_params_regexp . ')?(?:' . $this->_dvar_math_regexp . '(?:' . $this->_num_const_regexp . '|' . $this->_dvar_math_var_regexp . ')*)?)';163 $this->_obj_start_regexp = '(?:' . $this->_dvar_regexp . '(?:' . $this->_obj_ext_regexp . ')+)'; 164 $this->_obj_call_regexp = '(?:' . $this->_obj_start_regexp . '(?:' . $this->_obj_params_regexp . ')?(?:' . $this->_dvar_math_regexp . '(?:' . $this->_num_const_regexp . '|' . $this->_dvar_math_var_regexp . ')*)?)'; 174 165 175 166 // matches valid modifier syntax: … … 1706 1697 // replace double quoted literal string with single quotes 1707 1698 $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return); 1708 // escape dollar sign if not printing a var1709 $_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return);1710 1699 return $_return; 1711 1700 } … … 1721 1710 { 1722 1711 $_has_math = false; 1723 $_has_php4_method_chaining = false;1724 1712 $_math_vars = preg_split('~('.$this->_dvar_math_regexp.'|'.$this->_qstr_regexp.')~', $var_expr, -1, PREG_SPLIT_DELIM_CAPTURE); 1725 1713 … … 1834 1822 } 1835 1823 } else { 1836 if ($this->_phpversion < 5) {1837 $_has_php4_method_chaining = true;1838 $_output .= "; \$_foo = \$_foo";1839 }1840 1824 $_output .= $_index; 1841 1825 } … … 1849 1833 } 1850 1834 1851 if ($_has_php4_method_chaining) { 1852 $_tmp = str_replace("'","\'",'$_foo = '.$_output.'; return $_foo;'); 1853 return "eval('".$_tmp."')"; 1854 } else { 1855 return $_output; 1856 } 1835 return $_output; 1857 1836 } 1858 1837 … … 2069 2048 2070 2049 case 'get': 2071 $compiled_ref = ($this->request_use_auto_globals) ? '$_GET' : "\$GLOBALS['HTTP_GET_VARS']"; 2050 if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { 2051 $this->_syntax_error("(secure mode) super global access not permitted", 2052 E_USER_WARNING, __FILE__, __LINE__); 2053 return; 2054 } 2055 $compiled_ref = "\$_GET"; 2072 2056 break; 2073 2057 2074 2058 case 'post': 2075 $compiled_ref = ($this->request_use_auto_globals) ? '$_POST' : "\$GLOBALS['HTTP_POST_VARS']"; 2059 if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { 2060 $this->_syntax_error("(secure mode) super global access not permitted", 2061 E_USER_WARNING, __FILE__, __LINE__); 2062 return; 2063 } 2064 $compiled_ref = "\$_POST"; 2076 2065 break; 2077 2066 2078 2067 case 'cookies': 2079 $compiled_ref = ($this->request_use_auto_globals) ? '$_COOKIE' : "\$GLOBALS['HTTP_COOKIE_VARS']"; 2068 if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { 2069 $this->_syntax_error("(secure mode) super global access not permitted", 2070 E_USER_WARNING, __FILE__, __LINE__); 2071 return; 2072 } 2073 $compiled_ref = "\$_COOKIE"; 2080 2074 break; 2081 2075 2082 2076 case 'env': 2083 $compiled_ref = ($this->request_use_auto_globals) ? '$_ENV' : "\$GLOBALS['HTTP_ENV_VARS']"; 2077 if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { 2078 $this->_syntax_error("(secure mode) super global access not permitted", 2079 E_USER_WARNING, __FILE__, __LINE__); 2080 return; 2081 } 2082 $compiled_ref = "\$_ENV"; 2084 2083 break; 2085 2084 2086 2085 case 'server': 2087 $compiled_ref = ($this->request_use_auto_globals) ? '$_SERVER' : "\$GLOBALS['HTTP_SERVER_VARS']"; 2086 if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { 2087 $this->_syntax_error("(secure mode) super global access not permitted", 2088 E_USER_WARNING, __FILE__, __LINE__); 2089 return; 2090 } 2091 $compiled_ref = "\$_SERVER"; 2088 2092 break; 2089 2093 2090 2094 case 'session': 2091 $compiled_ref = ($this->request_use_auto_globals) ? '$_SESSION' : "\$GLOBALS['HTTP_SESSION_VARS']"; 2095 if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { 2096 $this->_syntax_error("(secure mode) super global access not permitted", 2097 E_USER_WARNING, __FILE__, __LINE__); 2098 return; 2099 } 2100 $compiled_ref = "\$_SESSION"; 2092 2101 break; 2093 2102 … … 2097 2106 */ 2098 2107 case 'request': 2108 if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { 2109 $this->_syntax_error("(secure mode) super global access not permitted", 2110 E_USER_WARNING, __FILE__, __LINE__); 2111 return; 2112 } 2099 2113 if ($this->request_use_auto_globals) { 2100 $compiled_ref = '$_REQUEST';2114 $compiled_ref = "\$_REQUEST"; 2101 2115 break; 2102 2116 } else { -
branches/2.0/include/smarty/libs/plugins/function.math.php
r2216 r3583 28 28 } 29 29 30 $equation = $params['equation']; 30 // strip out backticks, not necessary for math 31 $equation = str_replace('`','',$params['equation']); 31 32 32 33 // make sure parenthesis are balanced
Note: See TracChangeset
for help on using the changeset viewer.