From 0124bc3aa0c1490f46d1a23483c7223cc5042125 Mon Sep 17 00:00:00 2001 From: Alec Smecher Date: Tue, 14 Apr 2020 15:03:31 -0700 Subject: [PATCH] #155 Adapt Smarty upper/lower functions to be codesafe (e.g. for Turkish locale) --- libs/Autoloader.php | 2 +- libs/sysplugins/smarty_cacheresource.php | 5 +++-- .../smarty_internal_compile_private_foreachsection.php | 7 ++++--- .../smarty_internal_compile_private_special_variable.php | 8 +++++--- libs/sysplugins/smarty_internal_extension_handler.php | 9 ++++++--- libs/sysplugins/smarty_internal_method_loadplugin.php | 4 ++-- libs/sysplugins/smarty_internal_templatecompilerbase.php | 6 ++++-- libs/sysplugins/smarty_resource.php | 5 +++-- 8 files changed, 28 insertions(+), 18 deletions(-) diff --git a/libs/Autoloader.php b/libs/Autoloader.php index c09361b6..2de24a6c 100644 --- a/libs/Autoloader.php +++ b/libs/Autoloader.php @@ -93,7 +93,7 @@ class Smarty_Autoloader if ($class[ 0 ] !== 'S' || strpos($class, 'Smarty') !== 0) { return; } - $_class = strtolower($class); + $_class = strtr($class, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'); if (isset(self::$rootClasses[ $_class ])) { $file = self::$SMARTY_DIR . self::$rootClasses[ $_class ]; if (is_file($file)) { diff --git a/libs/sysplugins/smarty_cacheresource.php b/libs/sysplugins/smarty_cacheresource.php index 91e9f392..01b26ebf 100644 --- a/libs/sysplugins/smarty_cacheresource.php +++ b/libs/sysplugins/smarty_cacheresource.php @@ -194,6 +194,7 @@ abstract class Smarty_CacheResource if (!isset($type)) { $type = $smarty->caching_type; } + $typeUcfirst = strtr(substr($type,0,1), 'abcdefghijklmnopqrstuvwxyz', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ') . substr($type,1); // try smarty's cache if (isset($smarty->_cache[ 'cacheresource_handlers' ][ $type ])) { return $smarty->_cache[ 'cacheresource_handlers' ][ $type ]; @@ -205,11 +206,11 @@ abstract class Smarty_CacheResource } // try sysplugins dir if (isset(self::$sysplugins[ $type ])) { - $cache_resource_class = 'Smarty_Internal_CacheResource_' . ucfirst($type); + $cache_resource_class = 'Smarty_Internal_CacheResource_' . $typeUcfirst; return $smarty->_cache[ 'cacheresource_handlers' ][ $type ] = new $cache_resource_class(); } // try plugins dir - $cache_resource_class = 'Smarty_CacheResource_' . ucfirst($type); + $cache_resource_class = 'Smarty_CacheResource_' . $typeUcfirst; if ($smarty->loadPlugin($cache_resource_class)) { return $smarty->_cache[ 'cacheresource_handlers' ][ $type ] = new $cache_resource_class(); } diff --git a/libs/sysplugins/smarty_internal_compile_private_foreachsection.php b/libs/sysplugins/smarty_internal_compile_private_foreachsection.php index d3aab24b..5c09b6e8 100644 --- a/libs/sysplugins/smarty_internal_compile_private_foreachsection.php +++ b/libs/sysplugins/smarty_internal_compile_private_foreachsection.php @@ -143,7 +143,8 @@ class Smarty_Internal_Compile_Private_ForeachSection extends Smarty_Internal_Com foreach ($this->resultOffsets as $key => $offset) { foreach ($match[ $offset ] as $m) { if (!empty($m)) { - $this->matchResults[ $key ][ strtolower($m) ] = true; + $m = strtr($m, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'); + $this->matchResults[ $key ][ $m ] = true; } } } @@ -213,12 +214,12 @@ class Smarty_Internal_Compile_Private_ForeachSection extends Smarty_Internal_Com */ public function compileSpecialVariable($args, Smarty_Internal_TemplateCompilerBase $compiler, $parameter) { - $tag = strtolower(trim($parameter[ 0 ], '"\'')); + $tag = strtr(trim($parameter[ 0 ], '"\''), 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'); $name = isset($parameter[ 1 ]) ? $compiler->getId($parameter[ 1 ]) : false; if (!$name) { $compiler->trigger_template_error("missing or illegal \$smarty.{$tag} name attribute", null, true); } - $property = isset($parameter[ 2 ]) ? strtolower($compiler->getId($parameter[ 2 ])) : false; + $property = isset($parameter[ 2 ]) ? strtr($compiler->getId($parameter[ 2 ]), 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz') : false; if (!$property || !in_array($property, $this->nameProperties)) { $compiler->trigger_template_error("missing or illegal \$smarty.{$tag} property attribute", null, true); } diff --git a/libs/sysplugins/smarty_internal_compile_private_special_variable.php b/libs/sysplugins/smarty_internal_compile_private_special_variable.php index b317c9f3..d02c5cd1 100644 --- a/libs/sysplugins/smarty_internal_compile_private_special_variable.php +++ b/libs/sysplugins/smarty_internal_compile_private_special_variable.php @@ -29,7 +29,7 @@ class Smarty_Internal_Compile_Private_Special_Variable extends Smarty_Internal_C public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler, $parameter) { $_index = preg_split("/\]\[/", substr($parameter, 1, strlen($parameter) - 2)); - $variable = strtolower($compiler->getId($_index[ 0 ])); + $variable = strtr($compiler->getId($_index[ 0 ]), 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'); if ($variable === false) { $compiler->trigger_template_error("special \$Smarty variable name index can not be variable", null, true); } @@ -40,7 +40,8 @@ class Smarty_Internal_Compile_Private_Special_Variable extends Smarty_Internal_C case 'foreach': case 'section': if (!isset(Smarty_Internal_TemplateCompilerBase::$_tag_objects[ $variable ])) { - $class = 'Smarty_Internal_Compile_' . ucfirst($variable); + $variableUcfirst = strtr(substr($variable,0,1), 'abcdefghijklmnopqrstuvwxyz', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ') . substr($variable,1); + $class = 'Smarty_Internal_Compile_' . $variableUcfirst; Smarty_Internal_TemplateCompilerBase::$_tag_objects[ $variable ] = new $class; } return Smarty_Internal_TemplateCompilerBase::$_tag_objects[ $variable ]->compileSpecialVariable( @@ -76,7 +77,8 @@ class Smarty_Internal_Compile_Private_Special_Variable extends Smarty_Internal_C $compiler->trigger_template_error("(secure mode) super globals not permitted"); break; } - $compiled_ref = '$_' . strtoupper($variable); + $variableToUpper = strtr($variable, 'abcdefghijklmnopqrstuvwxyz', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'); + $compiled_ref = '$_' . $variableUpper; break; case 'template': return 'basename($_smarty_tpl->source->filepath)'; diff --git a/libs/sysplugins/smarty_internal_extension_handler.php b/libs/sysplugins/smarty_internal_extension_handler.php index b0761552..5d412ebf 100644 --- a/libs/sysplugins/smarty_internal_extension_handler.php +++ b/libs/sysplugins/smarty_internal_extension_handler.php @@ -90,7 +90,7 @@ class Smarty_Internal_Extension_Handler if (!isset($this->resolvedProperties[ $match[ 0 ] ][ $objType ])) { $property = isset($this->resolvedProperties[ 'property' ][ $basename ]) ? $this->resolvedProperties[ 'property' ][ $basename ] : - $property = $this->resolvedProperties[ 'property' ][ $basename ] = strtolower( + $property = $this->resolvedProperties[ 'property' ][ $basename ] = strtr( join( '_', preg_split( @@ -100,7 +100,8 @@ class Smarty_Internal_Extension_Handler PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE ) - ) + ), + 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz' ); if ($property !== false) { if (property_exists($data, $property)) { @@ -145,7 +146,9 @@ class Smarty_Internal_Extension_Handler public function upperCase($name) { $_name = explode('_', $name); - $_name = array_map('ucfirst', $_name); + foreach ($_name as &$namePart) { + $namePart = strtr(substr($namePart,0,1), 'abcdefghijklmnopqrstuvwxyz', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ') . substr($namePart,1); + } return implode('_', $_name); } diff --git a/libs/sysplugins/smarty_internal_method_loadplugin.php b/libs/sysplugins/smarty_internal_method_loadplugin.php index 3bd659cb..03817178 100644 --- a/libs/sysplugins/smarty_internal_method_loadplugin.php +++ b/libs/sysplugins/smarty_internal_method_loadplugin.php @@ -40,7 +40,7 @@ class Smarty_Internal_Method_LoadPlugin throw new SmartyException("plugin {$plugin_name} is not a valid name format"); } if (!empty($match[ 2 ])) { - $file = SMARTY_SYSPLUGINS_DIR . strtolower($plugin_name) . '.php'; + $file = SMARTY_SYSPLUGINS_DIR . strtr($plugin_name, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz') . '.php'; if (isset($this->plugin_files[ $file ])) { if ($this->plugin_files[ $file ] !== false) { return $this->plugin_files[ $file ]; @@ -60,7 +60,7 @@ class Smarty_Internal_Method_LoadPlugin } // plugin filename is expected to be: [type].[name].php $_plugin_filename = "{$match[1]}.{$match[4]}.php"; - $_lower_filename = strtolower($_plugin_filename); + $_lower_filename = strtr($_plugin_filename, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'); if (isset($this->plugin_files)) { if (isset($this->plugin_files[ 'plugins_dir' ][ $_lower_filename ])) { if (!$smarty->use_include_path || $this->plugin_files[ 'plugins_dir' ][ $_lower_filename ] !== false) { diff --git a/libs/sysplugins/smarty_internal_templatecompilerbase.php b/libs/sysplugins/smarty_internal_templatecompilerbase.php index 3cc957de..81e84af7 100644 --- a/libs/sysplugins/smarty_internal_templatecompilerbase.php +++ b/libs/sysplugins/smarty_internal_templatecompilerbase.php @@ -620,7 +620,7 @@ abstract class Smarty_Internal_TemplateCompilerBase if (strcasecmp($name, 'isset') === 0 || strcasecmp($name, 'empty') === 0 || strcasecmp($name, 'array') === 0 || is_callable($name) ) { - $func_name = strtolower($name); + $func_name = strtr($name, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'); if ($func_name === 'isset') { if (count($parameter) === 0) { @@ -784,7 +784,9 @@ abstract class Smarty_Internal_TemplateCompilerBase if (!isset(self::$_tag_objects[ $tag ])) { // lazy load internal compiler plugin $_tag = explode('_', $tag); - $_tag = array_map('ucfirst', $_tag); + foreach ($_tag as &$tagPart) { + $tagPart = strtr(substr($tagPart,0,1), 'abcdefghijklmnopqrstuvwxyz', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ') . substr($tagPart,1); + } $class_name = 'Smarty_Internal_Compile_' . implode('_', $_tag); if (class_exists($class_name) && (!isset($this->smarty->security_policy) || $this->smarty->security_policy->isTrustedTag($tag, $this)) diff --git a/libs/sysplugins/smarty_resource.php b/libs/sysplugins/smarty_resource.php index aae7e42f..7f82ed29 100644 --- a/libs/sysplugins/smarty_resource.php +++ b/libs/sysplugins/smarty_resource.php @@ -76,13 +76,14 @@ abstract class Smarty_Resource $smarty->registered_resources[ $type ] instanceof Smarty_Resource ? $smarty->registered_resources[ $type ] : new Smarty_Internal_Resource_Registered(); } + $typeUcfirst = strtr(substr($type,0,1), 'abcdefghijklmnopqrstuvwxyz', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ') . substr($type,1); // try sysplugins dir if (isset(self::$sysplugins[ $type ])) { - $_resource_class = 'Smarty_Internal_Resource_' . ucfirst($type); + $_resource_class = 'Smarty_Internal_Resource_' . $typeUcfirst; return $smarty->_cache[ 'resource_handlers' ][ $type ] = new $_resource_class(); } // try plugins dir - $_resource_class = 'Smarty_Resource_' . ucfirst($type); + $_resource_class = 'Smarty_Resource_' . $typeUcfirst; if ($smarty->loadPlugin($_resource_class)) { if (class_exists($_resource_class, false)) { return $smarty->_cache[ 'resource_handlers' ][ $type ] = new $_resource_class();