upgrade bundled smarty
This commit is contained in:
Garvin Hicking
parent
2556dcd466
commit
89eaa6bc23
@ -1,3 +1,22 @@
|
||||
Version 2.6.21 (Dec 2nd, 2008)
|
||||
------------------------------
|
||||
|
||||
- fix function injection security hole closed (U.Tews)
|
||||
- fix pass expiration time at cache_handler_fuc call in core.write_cache_file.php (U.Tews)
|
||||
- Update of compiler.class.php to allow method chaining for PHP4 and PHP5 (U.Tews)
|
||||
|
||||
Version 2.6.20 (Feb 15th, 2008)
|
||||
-------------------------------
|
||||
|
||||
- fix cache tag bug when multiple cache tags on a page (mankyd,
|
||||
mohrt)
|
||||
- fix /e tag checking when using arrays with regex_replace
|
||||
(mohrt)
|
||||
- fix that function results can be used with condition like "is even" in
|
||||
{if} tags (U.Tews)
|
||||
- fix handling of non-empty <pre>-tags and empty <textarea>- and
|
||||
<script>-tags (Spuerhund, messju)
|
||||
|
||||
Version 2.6.19 (Feb 11th, 2008)
|
||||
-------------------------------
|
||||
|
||||
|
||||
@ -1,8 +1,9 @@
|
||||
|
||||
NAME:
|
||||
|
||||
Smarty - the PHP compiling template engine
|
||||
|
||||
VERSION: 2.6.19
|
||||
VERSION: 2.6.21
|
||||
|
||||
AUTHORS:
|
||||
|
||||
|
||||
@ -17,15 +17,19 @@
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*
|
||||
* @link http://smarty.php.net/
|
||||
* @version 2.6.19
|
||||
* For questions, help, comments, discussion, etc., please join the
|
||||
* Smarty mailing list. Send a blank e-mail to
|
||||
* smarty-discussion-subscribe@googlegroups.com
|
||||
*
|
||||
* @link http://www.smarty.net/
|
||||
* @version 2.6.19-dev
|
||||
* @copyright Copyright: 2001-2005 New Digital Group, Inc.
|
||||
* @author Andrei Zmievski <andrei@php.net>
|
||||
* @access public
|
||||
* @package Smarty
|
||||
*/
|
||||
|
||||
/* $Id: Config_File.class.php 2702 2007-03-08 19:11:22Z mohrt $ */
|
||||
/* $Id: Config_File.class.php 2786 2008-09-18 21:04:38Z Uwe.Tews $ */
|
||||
|
||||
/**
|
||||
* Config file reading class
|
||||
|
||||
@ -20,17 +20,17 @@
|
||||
*
|
||||
* For questions, help, comments, discussion, etc., please join the
|
||||
* Smarty mailing list. Send a blank e-mail to
|
||||
* smarty-general-subscribe@lists.php.net
|
||||
* smarty-discussion-subscribe@googlegroups.com
|
||||
*
|
||||
* @link http://smarty.php.net/
|
||||
* @link http://www.smarty.net/
|
||||
* @copyright 2001-2005 New Digital Group, Inc.
|
||||
* @author Monte Ohrt <monte at ohrt dot com>
|
||||
* @author Andrei Zmievski <andrei@php.net>
|
||||
* @package Smarty
|
||||
* @version 2.6.19
|
||||
* @version 2.6.21
|
||||
*/
|
||||
|
||||
/* $Id: Smarty.class.php 2722 2007-06-18 14:29:00Z danilo $ */
|
||||
/* $Id: Smarty.class.php 2785 2008-09-18 21:04:12Z Uwe.Tews $ */
|
||||
|
||||
/**
|
||||
* DIR_SEP isn't used anymore, but third party apps might
|
||||
@ -464,7 +464,7 @@ class Smarty
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
var $_version = '2.6.19';
|
||||
var $_version = '2.6.21';
|
||||
|
||||
/**
|
||||
* current template inclusion depth
|
||||
|
||||
@ -18,15 +18,15 @@
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*
|
||||
* @link http://smarty.php.net/
|
||||
* @link http://www.smarty.net/
|
||||
* @author Monte Ohrt <monte at ohrt dot com>
|
||||
* @author Andrei Zmievski <andrei@php.net>
|
||||
* @version 2.6.19
|
||||
* @version 2.6.21
|
||||
* @copyright 2001-2005 New Digital Group, Inc.
|
||||
* @package Smarty
|
||||
*/
|
||||
|
||||
/* $Id: Smarty_Compiler.class.php 2736 2007-09-16 14:47:53Z mohrt $ */
|
||||
/* $Id: Smarty_Compiler.class.php 2797 2008-09-22 19:26:32Z monte.ohrt $ */
|
||||
|
||||
/**
|
||||
* Template compiling class
|
||||
@ -73,6 +73,9 @@ class Smarty_Compiler extends Smarty {
|
||||
|
||||
var $_strip_depth = 0;
|
||||
var $_additional_newline = "\n";
|
||||
|
||||
var $_phpversion = 0;
|
||||
|
||||
|
||||
/**#@-*/
|
||||
/**
|
||||
@ -80,6 +83,8 @@ class Smarty_Compiler extends Smarty {
|
||||
*/
|
||||
function Smarty_Compiler()
|
||||
{
|
||||
$this->_phpversion = substr(phpversion(),0,1);
|
||||
|
||||
// matches double quoted strings:
|
||||
// "foobar"
|
||||
// "foo\"bar"
|
||||
@ -152,16 +157,20 @@ class Smarty_Compiler extends Smarty {
|
||||
// $foo->bar($foo->bar)
|
||||
// $foo->bar($foo->bar())
|
||||
// $foo->bar($foo->bar($blah,$foo,44,"foo",$foo[0].bar))
|
||||
// $foo->getBar()->getFoo()
|
||||
// $foo->getBar()->foo
|
||||
$this->_obj_ext_regexp = '\->(?:\$?' . $this->_dvar_guts_regexp . ')';
|
||||
$this->_obj_restricted_param_regexp = '(?:'
|
||||
. '(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')(?:' . $this->_obj_ext_regexp . '(?:\((?:(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')'
|
||||
. '(?:\s*,\s*(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . '))*)?\))?)*)';
|
||||
$this->_obj_single_param_regexp = '(?:\w+|' . $this->_obj_restricted_param_regexp . '(?:\s*,\s*(?:(?:\w+|'
|
||||
. '(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')(?:' . $this->_obj_ext_regexp . '(?:\((?:(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')'
|
||||
. '(?:\s*,\s*(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . '))*)?\))?)*)';
|
||||
|
||||
$this->_obj_single_param_regexp = '(?:\w+|' . $this->_obj_restricted_param_regexp . '(?:\s*,\s*(?:(?:\w+|'
|
||||
. $this->_var_regexp . $this->_obj_restricted_param_regexp . ')))*)';
|
||||
$this->_obj_params_regexp = '\((?:' . $this->_obj_single_param_regexp
|
||||
|
||||
$this->_obj_params_regexp = '\((?:' . $this->_obj_single_param_regexp
|
||||
. '(?:\s*,\s*' . $this->_obj_single_param_regexp . ')*)?\)';
|
||||
$this->_obj_start_regexp = '(?:' . $this->_dvar_regexp . '(?:' . $this->_obj_ext_regexp . ')+)';
|
||||
$this->_obj_call_regexp = '(?:' . $this->_obj_start_regexp . '(?:' . $this->_obj_params_regexp . ')?(?:' . $this->_dvar_math_regexp . '(?:' . $this->_num_const_regexp . '|' . $this->_dvar_math_var_regexp . ')*)?)';
|
||||
$this->_obj_start_regexp = '(?:' . $this->_dvar_regexp . '(?:' . $this->_obj_ext_regexp . ')+)';
|
||||
$this->_obj_call_regexp = '(?:' . $this->_obj_start_regexp . '(?:' . $this->_obj_params_regexp . '(?:' . $this->_obj_ext_regexp . '(?:'.$this->_obj_params_regexp . ')?)*' . ')?(?:' . $this->_dvar_math_regexp . '(?:' . $this->_num_const_regexp . '|' . $this->_dvar_math_var_regexp . ')*)?)';
|
||||
|
||||
// matches valid modifier syntax:
|
||||
// |foo
|
||||
@ -1363,9 +1372,14 @@ class Smarty_Compiler extends Smarty {
|
||||
/* If last token was a ')', we operate on the parenthesized
|
||||
expression. The start of the expression is on the stack.
|
||||
Otherwise, we operate on the last encountered token. */
|
||||
if ($tokens[$i-1] == ')')
|
||||
if ($tokens[$i-1] == ')') {
|
||||
$is_arg_start = array_pop($is_arg_stack);
|
||||
else
|
||||
if ($is_arg_start != 0) {
|
||||
if (preg_match('~^' . $this->_func_regexp . '$~', $tokens[$is_arg_start-1])) {
|
||||
$is_arg_start--;
|
||||
}
|
||||
}
|
||||
} else
|
||||
$is_arg_start = $i-1;
|
||||
/* Construct the argument for 'is' expression, so it knows
|
||||
what to operate on. */
|
||||
@ -1691,6 +1705,8 @@ class Smarty_Compiler extends Smarty {
|
||||
}
|
||||
// replace double quoted literal string with single quotes
|
||||
$_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
|
||||
// escape dollar sign if not printing a var
|
||||
$_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return);
|
||||
return $_return;
|
||||
}
|
||||
|
||||
@ -1704,6 +1720,7 @@ class Smarty_Compiler extends Smarty {
|
||||
function _parse_var($var_expr)
|
||||
{
|
||||
$_has_math = false;
|
||||
$_has_php4_method_chaining = false;
|
||||
$_math_vars = preg_split('~('.$this->_dvar_math_regexp.'|'.$this->_qstr_regexp.')~', $var_expr, -1, PREG_SPLIT_DELIM_CAPTURE);
|
||||
|
||||
if(count($_math_vars) > 1) {
|
||||
@ -1816,6 +1833,10 @@ class Smarty_Compiler extends Smarty {
|
||||
$_output .= '->{(($_var=$this->_tpl_vars[\''.substr($_index,3).'\']) && substr($_var,0,2)!=\'__\') ? $_var : $this->trigger_error("cannot access property \\"$_var\\"")}';
|
||||
}
|
||||
} else {
|
||||
if ($this->_phpversion < 5) {
|
||||
$_has_php4_method_chaining = true;
|
||||
$_output .= "; \$_foo = \$_foo";
|
||||
}
|
||||
$_output .= $_index;
|
||||
}
|
||||
} elseif (substr($_index, 0, 1) == '(') {
|
||||
@ -1827,7 +1848,12 @@ class Smarty_Compiler extends Smarty {
|
||||
}
|
||||
}
|
||||
|
||||
return $_output;
|
||||
if ($_has_php4_method_chaining) {
|
||||
$_tmp = str_replace("'","\'",'$_foo = '.$_output.'; return $_foo;');
|
||||
return "eval('".$_tmp."')";
|
||||
} else {
|
||||
return $_output;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -25,7 +25,7 @@ function smarty_core_process_compiled_include($params, &$smarty)
|
||||
$smarty->_include($_include_file_path, true);
|
||||
}
|
||||
|
||||
foreach ($smarty->_cache_serials as $_include_file_path=>$_cache_serial) {
|
||||
foreach ($smarty->_cache_info['cache_serials'] as $_include_file_path=>$_cache_serial) {
|
||||
$_return = preg_replace_callback('!(\{nocache\:('.$_cache_serial.')#(\d+)\})!s',
|
||||
array(&$smarty, '_process_compiled_include_callback'),
|
||||
$_return);
|
||||
|
||||
@ -68,7 +68,7 @@ function smarty_core_write_cache_file($params, &$smarty)
|
||||
if (!empty($smarty->cache_handler_func)) {
|
||||
// use cache_handler function
|
||||
call_user_func_array($smarty->cache_handler_func,
|
||||
array('write', &$smarty, &$params['results'], $params['tpl_file'], $params['cache_id'], $params['compile_id'], null));
|
||||
array('write', &$smarty, &$params['results'], $params['tpl_file'], $params['cache_id'], $params['compile_id'], $smarty->_cache_info['expires']));
|
||||
} else {
|
||||
// use local cache file
|
||||
|
||||
|
||||
@ -21,6 +21,18 @@
|
||||
* @return string
|
||||
*/
|
||||
function smarty_modifier_regex_replace($string, $search, $replace)
|
||||
{
|
||||
if(is_array($search)) {
|
||||
foreach($search as $idx => $s)
|
||||
$search[$idx] = _smarty_regex_replace_check($s);
|
||||
} else {
|
||||
$search = _smarty_regex_replace_check($search);
|
||||
}
|
||||
|
||||
return preg_replace($search, $replace, $string);
|
||||
}
|
||||
|
||||
function _smarty_regex_replace_check($search)
|
||||
{
|
||||
if (($pos = strpos($search,"\0")) !== false)
|
||||
$search = substr($search,0,$pos);
|
||||
@ -28,8 +40,7 @@ function smarty_modifier_regex_replace($string, $search, $replace)
|
||||
/* remove eval-modifier from $search */
|
||||
$search = substr($search, 0, -strlen($match[1])) . preg_replace('![e\s]+!', '', $match[1]);
|
||||
}
|
||||
|
||||
return preg_replace($search, $replace, $string);
|
||||
return $search;
|
||||
}
|
||||
|
||||
/* vim: set expandtab: */
|
||||
|
||||
@ -28,21 +28,21 @@
|
||||
function smarty_outputfilter_trimwhitespace($source, &$smarty)
|
||||
{
|
||||
// Pull out the script blocks
|
||||
preg_match_all("!<script[^>]+>.*?</script>!is", $source, $match);
|
||||
preg_match_all("!<script[^>]*?>.*?</script>!is", $source, $match);
|
||||
$_script_blocks = $match[0];
|
||||
$source = preg_replace("!<script[^>]+>.*?</script>!is",
|
||||
$source = preg_replace("!<script[^>]*?>.*?</script>!is",
|
||||
'@@@SMARTY:TRIM:SCRIPT@@@', $source);
|
||||
|
||||
// Pull out the pre blocks
|
||||
preg_match_all("!<pre>.*?</pre>!is", $source, $match);
|
||||
preg_match_all("!<pre[^>]*?>.*?</pre>!is", $source, $match);
|
||||
$_pre_blocks = $match[0];
|
||||
$source = preg_replace("!<pre>.*?</pre>!is",
|
||||
$source = preg_replace("!<pre[^>]*?>.*?</pre>!is",
|
||||
'@@@SMARTY:TRIM:PRE@@@', $source);
|
||||
|
||||
|
||||
// Pull out the textarea blocks
|
||||
preg_match_all("!<textarea[^>]+>.*?</textarea>!is", $source, $match);
|
||||
preg_match_all("!<textarea[^>]*?>.*?</textarea>!is", $source, $match);
|
||||
$_textarea_blocks = $match[0];
|
||||
$source = preg_replace("!<textarea[^>]+>.*?</textarea>!is",
|
||||
$source = preg_replace("!<textarea[^>]*?>.*?</textarea>!is",
|
||||
'@@@SMARTY:TRIM:TEXTAREA@@@', $source);
|
||||
|
||||
// remove all leading spaces, tabs and carriage returns NOT
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user