smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-07-31 16:37:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into feature/php8-support

Browse Source
This commit is contained in:
Simon Wisselink
2021-10-13 12:05:54 +02:00
parent 492c05b6eb 9d4f8309ed
commit 0cb91c2379
16 changed files with 88 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
CHANGELOG.md
View File

@@ -24,6 +24,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Dropped deprecated $smarty->getVariable() method. Use $smarty->getTemplateVars() instead. - Dropped deprecated $smarty->getVariable() method. Use $smarty->getTemplateVars() instead.
- $smarty->registerResource() no longer accepts an array of callback functions - $smarty->registerResource() no longer accepts an array of callback functions
## [3.1.40] - 2021-10-13
### Changed
- modifier escape now triggers a E_USER_NOTICE when an unsupported escape type is used https://github.com/smarty-php/smarty/pull/649
### Security
- More advanced javascript escaping to handle https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements thanks to m-haritonov
## [3.1.39] - 2021-02-17
### Security
- Prevent access to `$smarty.template_object` in sandbox mode. This addresses CVE-2021-26119.
- Fixed code injection vulnerability by using illegal function names in `{function name='blah'}{/function}`. This addresses CVE-2021-26120.
## [3.1.38] - 2021-01-08 ## [3.1.38] - 2021-01-08
### Fixed ### Fixed
@@ -336,7 +350,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
20.09.2016 20.09.2016
- bugfix some $smarty special template variables are no longer accessed as real variable. - bugfix some $smarty special template variables are no longer accessed as real variable.
using them on calls like {if isset($smarty.foo)} or {if empty($smarty.foo)} will fail using them on calls like {if isset($smarty.foo)} or {if empty($smarty.foo)} will fail
https://www.smarty.net/forums/viewtopic.php?t=26222 http://www.smarty.net/forums/viewtopic.php?t=26222
- temporary fix for https://github.com/smarty-php/smarty/issues/293 main reason still under investigation - temporary fix for https://github.com/smarty-php/smarty/issues/293 main reason still under investigation
- improvement new tags {block_parent} {block_child} in template inheritance - improvement new tags {block_parent} {block_child} in template inheritance
@@ -348,7 +362,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- bugfix assigning a variable in if condition by function like {if $value = array_shift($array)} the function got called twice https://github.com/smarty-php/smarty/issues/291 - bugfix assigning a variable in if condition by function like {if $value = array_shift($array)} the function got called twice https://github.com/smarty-php/smarty/issues/291
- bugfix function plugins called with assign attribute like {foo assign='bar'} did not output returned content because - bugfix function plugins called with assign attribute like {foo assign='bar'} did not output returned content because
because assumption was made that it was assigned to a variable https://github.com/smarty-php/smarty/issues/292 because assumption was made that it was assigned to a variable https://github.com/smarty-php/smarty/issues/292
- bugfix calling $smarty->isCached() on a not existing cache file with $smarty->cache_locking = true; could cause a 10 second delay https://www.smarty.net/forums/viewtopic.php?t=26282 - bugfix calling $smarty->isCached() on a not existing cache file with $smarty->cache_locking = true; could cause a 10 second delay http://www.smarty.net/forums/viewtopic.php?t=26282
- improvement make Smarty::clearCompiledTemplate() on custom resource independent from changes of templateId computation - improvement make Smarty::clearCompiledTemplate() on custom resource independent from changes of templateId computation
11.09.2016 11.09.2016

2
README.md
View File

@@ -17,7 +17,7 @@ Smarty can be run with PHP 7.1 to PHP 8.0.
> Read the NEW_FEATURES and INHERITANCE_RELEASE_NOTES file for recent extensions to Smarty 3.1 functionality > Read the NEW_FEATURES and INHERITANCE_RELEASE_NOTES file for recent extensions to Smarty 3.1 functionality
Smarty versions 3.1.11 or later are now on github and can be installed with Composer. Smarty versions 3.1.11 or later are now on GitHub and can be installed with Composer.
The "smarty/smarty" package will start at libs/.... subfolder. The "smarty/smarty" package will start at libs/.... subfolder.

19
SECURITY.md Normal file
View File

@@ -0,0 +1,19 @@
# Security Policy
## Supported Versions
Smarty currently supports the latest minor version of Smarty 3 and Smarty 4. (Smarty 4 has not been released yet.)
| Version | Supported |
| ------- | ------------------ |
| 4.0.x | :white_check_mark: |
| 3.1.x | :white_check_mark: |
| < 3.1 | :x: |
## Reporting a Vulnerability
If you have discovered a security issue with Smarty, please contact us at mail [at] simonwisselink.nl. Do not
disclose your findings publicly and PLEASE PLEASE do not file an Issue.
We will try to confirm the vulnerability and develop a fix if appropriate. When we release the fix, we will publish
a security release. Please let us know if you want to be credited.

2
libs/Smarty.class.php
View File

@@ -98,7 +98,7 @@ class Smarty extends Smarty_Internal_TemplateBase
/** /**
* smarty version * smarty version
*/ */
const SMARTY_VERSION = '3.1.38'; const SMARTY_VERSION = '3.1.40';
/** /**
* define variable scopes * define variable scopes
*/ */

7
libs/plugins/modifier.escape.php
View File

@@ -181,7 +181,11 @@ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $
'"' => '\\"', '"' => '\\"',
"\r" => '\\r', "\r" => '\\r',
"\n" => '\\n', "\n" => '\\n',
'</' => '<\/' '</' => '<\/',
// see https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements
'<!--' => '<\!--',
'<s' => '<\s',
'<S' => '<\S'
) )
); );
case 'mail': case 'mail':
@@ -247,6 +251,7 @@ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $
} }
return $return; return $return;
default: default:
trigger_error("escape: unsupported type: $esc_type - returning unmodified string", E_USER_NOTICE);
return $string; return $string;
} }
} }

3
libs/plugins/modifiercompiler.escape.php
View File

@@ -86,9 +86,10 @@ function smarty_modifiercompiler_escape($params, Smarty_Internal_TemplateCompile
return 'preg_replace("%(?<!\\\\\\\\)\'%", "\\\'",' . $params[ 0 ] . ')'; return 'preg_replace("%(?<!\\\\\\\\)\'%", "\\\'",' . $params[ 0 ] . ')';
case 'javascript': case 'javascript':
// escape quotes and backslashes, newlines, etc. // escape quotes and backslashes, newlines, etc.
// see https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements
return 'strtr(' . return 'strtr(' .
$params[ 0 ] . $params[ 0 ] .
', array("\\\\" => "\\\\\\\\", "\'" => "\\\\\'", "\"" => "\\\\\"", "\\r" => "\\\\r", "\\n" => "\\\n", "</" => "<\/" ))'; ', array("\\\\" => "\\\\\\\\", "\'" => "\\\\\'", "\"" => "\\\\\"", "\\r" => "\\\\r", "\\n" => "\\\n", "</" => "<\/", "<!--" => "<\!--", "<s" => "<\s", "<S" => "<\S" ))';
} }
} catch (SmartyException $e) { } catch (SmartyException $e) {
// pass through to regular plugin fallback // pass through to regular plugin fallback

5
libs/sysplugins/smarty_internal_compile_function.php
View File

@@ -58,6 +58,11 @@ class Smarty_Internal_Compile_Function extends Smarty_Internal_CompileBase
} }
unset($_attr[ 'nocache' ]); unset($_attr[ 'nocache' ]);
$_name = trim($_attr[ 'name' ], '\'"'); $_name = trim($_attr[ 'name' ], '\'"');
if (!preg_match('/^[a-zA-Z0-9_\x80-\xff]+$/', $_name)) {
$compiler->trigger_template_error("Function name contains invalid characters: {$_name}", null, true);
}
$compiler->parent_compiler->tpl_function[ $_name ] = array(); $compiler->parent_compiler->tpl_function[ $_name ] = array();
$save = array( $save = array(
$_attr, $compiler->parser->current_buffer, $compiler->template->compiled->has_nocache_code, $_attr, $compiler->parser->current_buffer, $compiler->template->compiled->has_nocache_code,

4
libs/sysplugins/smarty_internal_compile_private_special_variable.php
View File

@@ -81,6 +81,10 @@ class Smarty_Internal_Compile_Private_Special_Variable extends Smarty_Internal_C
case 'template': case 'template':
return 'basename($_smarty_tpl->source->filepath)'; return 'basename($_smarty_tpl->source->filepath)';
case 'template_object': case 'template_object':
if (isset($compiler->smarty->security_policy)) {
$compiler->trigger_template_error("(secure mode) template_object not permitted");
break;
}
return '$_smarty_tpl'; return '$_smarty_tpl';
case 'current_dir': case 'current_dir':
return 'dirname($_smarty_tpl->source->filepath)'; return 'dirname($_smarty_tpl->source->filepath)';

2
make-release.sh
View File

@@ -14,6 +14,6 @@ git pull
git merge --no-ff "release/$1" git merge --no-ff "release/$1"
git branch -d "release/$1" git branch -d "release/$1"
git tag -a "v$1" -m "Release $1" git tag -a "v$1" -m "Release $1"
git push --follow-tags
printf 'Done creating release %s\n' "$1" printf 'Done creating release %s\n' "$1"
printf 'Run `git push --follow-tags origin` to publish it.\n'

6
tests/UnitTests/CacheResourceTests/_shared/CacheResourceTestCommon.php
View File

@@ -339,6 +339,10 @@ class CacheResourceTestCommon extends PHPUnit_Smarty
$this->assertNull($tpl->cached->handler->getCachedContent($tpl3)); $this->assertNull($tpl->cached->handler->getCachedContent($tpl3));
$this->assertEquals('hello world', $tpl->cached->handler->getCachedContent($tpl4)); $this->assertEquals('hello world', $tpl->cached->handler->getCachedContent($tpl4));
} }
/**
* @group slow
*/
public function testClearCacheExpired() public function testClearCacheExpired()
{ {
$this->smarty->caching = true; $this->smarty->caching = true;
@@ -399,7 +403,7 @@ class CacheResourceTestCommon extends PHPUnit_Smarty
* @runInSeparateProcess * @runInSeparateProcess
* @preserveGlobalState disabled * @preserveGlobalState disabled
* @dataProvider data * @dataProvider data
* * @group slow
*/ */
public function testCache($lockTime, $lockTimeout, $compile_id, $cache_id, $isCached, $tmin, $tmax, $forceCompile, $forceCache, $update, $testNumber, $compileTestNumber, $renderTestNumber, $testName) public function testCache($lockTime, $lockTimeout, $compile_id, $cache_id, $isCached, $tmin, $tmax, $forceCompile, $forceCache, $update, $testNumber, $compileTestNumber, $renderTestNumber, $testName)
{ {

4
tests/UnitTests/ResourceTests/Extends/ExtendsResourceTest.php
View File

@@ -125,7 +125,7 @@ class ExtendsResourceTest extends PHPUnit_Smarty
* test grandchild/child/parent dependency test2 * test grandchild/child/parent dependency test2
* @runInSeparateProcess * @runInSeparateProcess
* @preserveGlobalState disabled * @preserveGlobalState disabled
* * @group slow
*/ */
public function testCompileBlockGrandChildMustCompile_021_2() public function testCompileBlockGrandChildMustCompile_021_2()
{ {
@@ -193,7 +193,7 @@ class ExtendsResourceTest extends PHPUnit_Smarty
* test grandchild/child/parent dependency test4 * test grandchild/child/parent dependency test4
* @runInSeparateProcess * @runInSeparateProcess
* @preserveGlobalState disabled * @preserveGlobalState disabled
* * @group slow
*/ */
public function testCompileBlockGrandChildMustCompile_021_4() public function testCompileBlockGrandChildMustCompile_021_4()
{ {

9
tests/UnitTests/SecurityTests/SecurityTest.php
View File

@@ -341,6 +341,15 @@ class SecurityTest extends PHPUnit_Smarty
$this->smarty->security_policy->trusted_uri = array(); $this->smarty->security_policy->trusted_uri = array();
$this->assertStringContainsString('<title>Preface | Smarty</title>', $this->smarty->fetch('string:{fetch file="https://www.smarty.net/docs/en/preface.tpl"}')); $this->assertStringContainsString('<title>Preface | Smarty</title>', $this->smarty->fetch('string:{fetch file="https://www.smarty.net/docs/en/preface.tpl"}'));
} }
/**
* In security mode, accessing $smarty.template_object should be illegal.
* @expectedException SmartyCompilerException
*/
public function testSmartyTemplateObject() {
$this->smarty->display('string:{$smarty.template_object}');
}
} }
class mysecuritystaticclass class mysecuritystaticclass

8
tests/UnitTests/TemplateSource/TagTests/BockExtend/CompileBlockExtendsTest.php
View File

@@ -610,7 +610,7 @@ class CompileBlockExtendsTest extends PHPUnit_Smarty
* *
* @runInSeparateProcess * @runInSeparateProcess
* @preserveGlobalState disabled * @preserveGlobalState disabled
* * @group slow
*/ */
public function testCompileBlockGrandChildMustCompile_021_2() public function testCompileBlockGrandChildMustCompile_021_2()
{ {
@@ -645,7 +645,7 @@ class CompileBlockExtendsTest extends PHPUnit_Smarty
* *
* @runInSeparateProcess * @runInSeparateProcess
* @preserveGlobalState disabled * @preserveGlobalState disabled
* * @group slow
*/ */
public function testCompileBlockGrandChildMustCompile_021_3() public function testCompileBlockGrandChildMustCompile_021_3()
{ {
@@ -670,7 +670,7 @@ class CompileBlockExtendsTest extends PHPUnit_Smarty
* *
* @runInSeparateProcess * @runInSeparateProcess
* @preserveGlobalState disabled * @preserveGlobalState disabled
* * @group slow
*/ */
public function testCompileBlockGrandChildMustCompile_021_32() public function testCompileBlockGrandChildMustCompile_021_32()
{ {
@@ -692,6 +692,7 @@ class CompileBlockExtendsTest extends PHPUnit_Smarty
* *
* @runInSeparateProcess * @runInSeparateProcess
* @preserveGlobalState disabled * @preserveGlobalState disabled
* @group slow
*/ */
public function testCompileBlockGrandChildMustCompile_021_4() public function testCompileBlockGrandChildMustCompile_021_4()
{ {
@@ -716,6 +717,7 @@ class CompileBlockExtendsTest extends PHPUnit_Smarty
* *
* @runInSeparateProcess * @runInSeparateProcess
* @preserveGlobalState disabled * @preserveGlobalState disabled
* @group slow
*/ */
public function testCompileBlockGrandChildMustCompile_021_42() public function testCompileBlockGrandChildMustCompile_021_42()
{ {

1
tests/UnitTests/TemplateSource/TagTests/Insert/CompileInsertTest.php
View File

@@ -210,6 +210,7 @@ class CompileInsertTest extends PHPUnit_Smarty
* test insert plugin caching 2 * test insert plugin caching 2
* @runInSeparateProcess * @runInSeparateProcess
* @preserveGlobalState disabled * @preserveGlobalState disabled
* @group slow
*/ */
public function testInsertPluginCaching3_2() public function testInsertPluginCaching3_2()
{ {

11
tests/UnitTests/TemplateSource/TagTests/TemplateFunction/CompileFunctionTest.php
View File

@@ -431,5 +431,14 @@ class CompileFunctionTest extends PHPUnit_Smarty
array("{function name=simple}A{\$foo}\nC{/function}{call name='simple'}", "Abar\nC", 'T14', $i++), array("{function name=simple}A{\$foo}\nC{/function}{call name='simple'}", "Abar\nC", 'T14', $i++),
array("{function name=simple}A\n{\$foo}\nC{/function}{call name='simple'}", "A\nbar\nC", 'T15', $i++), array("{function name=simple}A\n{\$foo}\nC{/function}{call name='simple'}", "A\nbar\nC", 'T15', $i++),
); );
} }
/**
* Test handling of function names that are a security risk
* @expectedException SmartyCompilerException
*/
public function testIllegalFunctionName() {
$this->smarty->fetch('string:{function name=\'rce(){};echo "hi";function \'}{/function}');
}
} }

2
tests/UnitTests/TemplateSource/ValueTests/SmartySpecialVars/Now/SmartyNowTest.php
View File

@@ -35,7 +35,7 @@ class SmartyNowTest extends PHPUnit_Smarty
} }
/** /**
* test {$smarty.now nocache} * test {$smarty.now nocache}
* * @group slow
*/ */
public function testSmartyNowNocache() { public function testSmartyNowNocache() {
$this->smarty->setCaching(true); $this->smarty->setCaching(true);