diff --git a/FAQ b/FAQ
index 4063fcb2..4192cbda 100644
--- a/FAQ
+++ b/FAQ
@@ -67,11 +67,6 @@ A: Be sure you set $compile_check=false once your templates are initially
it doesn't do unnecessary work (like db calls) if a cached page is
available. See the documentation for examples.
-Q: Can I use Macromedia's Dreamweaver to edit my templates?
-A: Certainly. You might want to change your tag delimiters from {} to something
- that resembles valid HTML, like or <{ }> or something similar.
- This way the editor won't view the template tags as errors.
-
Q: Do you have a mailing list?
A: Yes. Subscribe by sending an e-mail to subscribe-smarty@lists.ispi.net. This
is also archived at http://marc.theaimsgroup.com/?l=smarty&r=1&w=2
@@ -144,3 +139,17 @@ A: The easiest thing to do is grab all of PEAR and install it locally for your
own use. There's nothing that says PEAR must be installed in its default
directory. There won't be a version of Smarty that runs without PEAR, as it
dependant on it, and may become moreso in the future.
+
+DREAMWEAVER
+-----------
+
+Q: Can I use Macromedia's Dreamweaver to edit my templates?
+A: Certainly. You might want to change your tag delimiters from {} to something
+ that resembles valid HTML, like or <{ }> or something similar.
+ This way the editor won't view the template tags as errors.
+
+Q: Dreamweaver is urlencoding the template delimiters when they are in a SRC or
+ HREF link. How do I get around this?
+A: In Edit - Properties - Rewrite HTML you can specify if Dreamweaver should
+ change special letters to %-equivalent or not. The default is on which
+ produces this error.
diff --git a/NEWS b/NEWS
index 489a5f0d..e19f172e 100644
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,7 @@
Version 1.4.4
-------------
+ - fixed problem with including insecure templates with security enabled
+ (Monte)
- numerous documentation updates. (Monte)
- added ENT_QUOTES to escapement of html. (Monte, Sam Beckwith)
- implemented access to request variables via auto-assigned $smarty
diff --git a/Smarty.class.php b/Smarty.class.php
index ec292342..3c14c5eb 100644
--- a/Smarty.class.php
+++ b/Smarty.class.php
@@ -568,25 +568,29 @@ class Smarty
// buffering - for speed
if ($display && !$this->caching) {
echo $info_header;
- $this->_process_template($tpl_file, $compile_path);
- if ($this->show_info_include) {
- echo "\n\n";
- }
- include($compile_path);
- if ($this->show_info_include) {
- echo "\n\n";
- }
+ if($this->_process_template($tpl_file, $compile_path))
+ {
+ if ($this->show_info_include) {
+ echo "\n\n";
+ }
+ include($compile_path);
+ if ($this->show_info_include) {
+ echo "\n\n";
+ }
+ }
} else {
ob_start();
echo $info_header;
- $this->_process_template($tpl_file, $compile_path);
- if ($this->show_info_include) {
- echo "\n\n";
- }
- include($compile_path);
- if ($this->show_info_include) {
- echo "\n\n";
- }
+ if($this->_process_template($tpl_file, $compile_path))
+ {
+ if ($this->show_info_include) {
+ echo "\n\n";
+ }
+ include($compile_path);
+ if ($this->show_info_include) {
+ echo "\n\n";
+ }
+ }
$results = ob_get_contents();
ob_end_clean();
}
@@ -660,14 +664,16 @@ class Smarty
function _generate_debug_output() {
ob_start();
- $this->_process_template($this->debug_tpl, $compile_path);
- if ($this->show_info_include) {
- echo "\n\n";
- }
- include($compile_path);
- if ($this->show_info_include) {
- echo "\n\n";
- }
+ if($this->_process_template($this->debug_tpl, $compile_path))
+ {
+ if ($this->show_info_include) {
+ echo "\n\n";
+ }
+ include($compile_path);
+ if ($this->show_info_include) {
+ echo "\n\n";
+ }
+ }
$results = ob_get_contents();
ob_end_clean();
return $results;
@@ -689,7 +695,9 @@ function _generate_debug_output() {
return true;
} else {
// get template source and timestamp
- $this->_fetch_template_source($tpl_file, $template_source, $template_timestamp);
+ if(!$this->_fetch_template_source($tpl_file, $template_source, $template_timestamp)) {
+ return false;
+ }
if ($template_timestamp <= $this->_fetch_compiled_template_timestamp($compile_path)) {
// template not expired, no recompile
return true;
@@ -702,7 +710,9 @@ function _generate_debug_output() {
}
} else {
// compiled template does not exist, or forced compile
- $this->_fetch_template_source($tpl_file, $template_source, $template_timestamp);
+ if(!$this->_fetch_template_source($tpl_file, $template_source, $template_timestamp)) {
+ return false;
+ }
$this->_compile_template($tpl_file, $template_source, $template_compiled);
$this->_write_compiled_template($compile_path, $template_compiled);
return true;
@@ -869,17 +879,18 @@ function _generate_debug_output() {
array_unshift($this->_config, $this->_config[0]);
- $this->_process_template($_smarty_include_tpl_file, $compile_path);
+ if($this->_process_template($_smarty_include_tpl_file, $compile_path))
+ {
+ if ($this->show_info_include) {
+ echo "\n\n";
+ }
- if ($this->show_info_include) {
- echo "\n\n";
- }
+ include($compile_path);
- include($compile_path);
-
- if ($this->show_info_include) {
- echo "\n\n";
- }
+ if ($this->show_info_include) {
+ echo "\n\n";
+ }
+ }
array_shift($this->_config);
$this->_inclusion_depth--;
diff --git a/docs.sgml b/docs.sgml
index b3c1aa85..e09b3d8f 100644
--- a/docs.sgml
+++ b/docs.sgml
@@ -650,7 +650,7 @@ $smarty->assign(array("city" => "Lincoln","state" => "Nebraska"));
console, and should probably never be used directly.
-assign
+assign_debug_info
// passing name/value pairs
@@ -876,7 +876,7 @@ function print_current_date ($params) {
// we don't want template designers to have access to system files
-$smarty->unregister_modifier("fetch");
+$smarty->unregister_function("fetch");
@@ -2443,317 +2443,317 @@ e-mail: jane@mydomain.com<p>
These are indicated by percent signs around the variable name, like so:
%sectionname.varname%
-
-
- index
-
- index is used to display the current loop index, starting with zero
- (or the start attribute if given), and incrementing by one (or by
- the step attribute if given.)
-
-
- TECHNICAL NOTE: If the step and start section properties are not
- modified, then this works the same as the iteration section
- property.
-
-
-section property index
-
-{section name=customer loop=$custid}
-{%customer.index%} id: {$custid[customer]}<br>
-{/section}
+
+ index
+
+ index is used to display the current loop index, starting with zero
+ (or the start attribute if given), and incrementing by one (or by
+ the step attribute if given.)
+
+
+ TECHNICAL NOTE: If the step and start section properties are not
+ modified, then this works the same as the iteration section
+ property.
+
+
+ section property index
+
+ {section name=customer loop=$custid}
+ {%customer.index%} id: {$custid[customer]}<br>
+ {/section}
-OUTPUT:
+ OUTPUT:
-0 id: 1000<br>
-1 id: 1001<br>
-2 id: 1002<br>
+ 0 id: 1000<br>
+ 1 id: 1001<br>
+ 2 id: 1002<br>
-
-
-
-
- index_prev
-
- index_prev is used to display the previous loop index.
- on the first loop, this is set to -1.
-
-
-section property index_prev
-
-{section name=customer loop=$custid}
-{%customer.index%} id: {$custid[customer]}<br>
-{* FYI, $custid[customer.index] and $custid[customer] are identical in meaning *}
-{if $custid[customer.index_prev] ne $custid[customer.index]}
- The customer id changed<br>
-{/if}
-{/section}
+
+
+
+
+ index_prev
+
+ index_prev is used to display the previous loop index.
+ on the first loop, this is set to -1.
+
+
+ section property index_prev
+
+ {section name=customer loop=$custid}
+ {%customer.index%} id: {$custid[customer]}<br>
+ {* FYI, $custid[customer.index] and $custid[customer] are identical in meaning *}
+ {if $custid[customer.index_prev] ne $custid[customer.index]}
+ The customer id changed<br>
+ {/if}
+ {/section}
-OUTPUT:
+ OUTPUT:
-0 id: 1000<br>
- The customer id changed<br>
-1 id: 1001<br>
- The customer id changed<br>
-2 id: 1002<br>
- The customer id changed<br>
+ 0 id: 1000<br>
+ The customer id changed<br>
+ 1 id: 1001<br>
+ The customer id changed<br>
+ 2 id: 1002<br>
+ The customer id changed<br>
-
-
-
-
- index_next
-
- index_next is used to display the next loop index. On the last
- loop, this is still one more than the current index (respecting the
- setting of the step attribute, if given.)
-
-
-section property index_next
-
-{section name=customer loop=$custid}
-{%customer.index%} id: {$custid[customer]}<br>
-{* FYI, $custid[customer.index] and $custid[customer] are identical in meaning *}
-{if $custid[customer.index_next] ne $custid[customer.index]}
- The customer id will change<br>
-{/if}
-{/section}
+
+
+
+
+ index_next
+
+ index_next is used to display the next loop index. On the last
+ loop, this is still one more than the current index (respecting the
+ setting of the step attribute, if given.)
+
+
+ section property index_next
+
+ {section name=customer loop=$custid}
+ {%customer.index%} id: {$custid[customer]}<br>
+ {* FYI, $custid[customer.index] and $custid[customer] are identical in meaning *}
+ {if $custid[customer.index_next] ne $custid[customer.index]}
+ The customer id will change<br>
+ {/if}
+ {/section}
-OUTPUT:
+ OUTPUT:
-0 id: 1000<br>
- The customer id will change<br>
-1 id: 1001<br>
- The customer id will change<br>
-2 id: 1002<br>
- The customer id will change<br>
+ 0 id: 1000<br>
+ The customer id will change<br>
+ 1 id: 1001<br>
+ The customer id will change<br>
+ 2 id: 1002<br>
+ The customer id will change<br>
-
-
-
-
- iteration
-
- iteration is used to display the current loop iteration.
-
-
- NOTE: This is not affected by the section properties start, step and
- max, unlike the index property.
-
-
- This was added to Smarty 1.4.4.
-
-
-section property iteration
-
-{section name=customer loop=$custid start=5 step=2}
-current loop iteration: {%customer.iteration%}<br>
-{%customer.index%} id: {$custid[customer]}<br>
-{* FYI, $custid[customer.index] and $custid[customer] are identical in meaning *}
-{if $custid[customer.index_next] ne $custid[customer.index]}
- The customer id will change<br>
-{/if}
-{/section}
+
+
+
+
+ iteration
+
+ iteration is used to display the current loop iteration.
+
+
+ NOTE: This is not affected by the section properties start, step and
+ max, unlike the index property.
+
+
+ This was added to Smarty 1.4.4.
+
+
+ section property iteration
+
+ {section name=customer loop=$custid start=5 step=2}
+ current loop iteration: {%customer.iteration%}<br>
+ {%customer.index%} id: {$custid[customer]}<br>
+ {* FYI, $custid[customer.index] and $custid[customer] are identical in meaning *}
+ {if $custid[customer.index_next] ne $custid[customer.index]}
+ The customer id will change<br>
+ {/if}
+ {/section}
-OUTPUT:
+ OUTPUT:
-current loop iteration: 1
-5 id: 1000<br>
- The customer id will change<br>
-current loop iteration: 2
-7 id: 1001<br>
- The customer id will change<br>
-current loop iteration: 3
-9 id: 1002<br>
- The customer id will change<br>
+ current loop iteration: 1
+ 5 id: 1000<br>
+ The customer id will change<br>
+ current loop iteration: 2
+ 7 id: 1001<br>
+ The customer id will change<br>
+ current loop iteration: 3
+ 9 id: 1002<br>
+ The customer id will change<br>
-
-
-
-
- first
-
- first is set to true if the current section iteration is the first
- one.
-
-
-section property first
-
-{section name=customer loop=$custid}
-{if %customer.first%}
- <table>
-{/if}
+
+
+
+
+ first
+
+ first is set to true if the current section iteration is the first
+ one.
+
+
+ section property first
+
+ {section name=customer loop=$custid}
+ {if %customer.first%}
+ <table>
+ {/if}
-<tr><td>{%customer.index%} id:
- {$custid[customer]}</td></tr>
+ <tr><td>{%customer.index%} id:
+ {$custid[customer]}</td></tr>
-{if %customer.last%}
- </table>
-{/if}
-{/section}
+ {if %customer.last%}
+ </table>
+ {/if}
+ {/section}
-OUTPUT:
+ OUTPUT:
-<table>
-<tr><td>0 id: 1000</td></tr>
-<tr><td>1 id: 1001</td></tr>
-<tr><td>2 id: 1002</td></tr>
-</table>
+ <table>
+ <tr><td>0 id: 1000</td></tr>
+ <tr><td>1 id: 1001</td></tr>
+ <tr><td>2 id: 1002</td></tr>
+ </table>
-
-
-
-
- last
-
- last is set to true if the current section iteration is the last
- one.
-
-
-section property last
-
-{section name=customer loop=$custid}
-{if %customer.first%}
- <table>
-{/if}
+
+
+
+
+ last
+
+ last is set to true if the current section iteration is the last
+ one.
+
+
+ section property last
+
+ {section name=customer loop=$custid}
+ {if %customer.first%}
+ <table>
+ {/if}
-<tr><td>{%customer.index%} id:
- {$custid[customer]}</td></tr>
+ <tr><td>{%customer.index%} id:
+ {$custid[customer]}</td></tr>
-{if %customer.last%}
- </table>
-{/if}
-{/section}
+ {if %customer.last%}
+ </table>
+ {/if}
+ {/section}
-OUTPUT:
+ OUTPUT:
-<table>
-<tr><td>0 id: 1000</td></tr>
-<tr><td>1 id: 1001</td></tr>
-<tr><td>2 id: 1002</td></tr>
-</table>
+ <table>
+ <tr><td>0 id: 1000</td></tr>
+ <tr><td>1 id: 1001</td></tr>
+ <tr><td>2 id: 1002</td></tr>
+ </table>
-
-
-
-
- rownum
-
- rownum is used to display the current loop iteration,
- starting with one.
-
-
-section property rownum
-
-{section name=customer loop=$custid}
-{%customer.rownum%} id: {$custid[customer]}<br>
-{/section}
+
+
+
+
+ rownum
+
+ rownum is used to display the current loop iteration,
+ starting with one.
+
+
+ section property rownum
+
+ {section name=customer loop=$custid}
+ {%customer.rownum%} id: {$custid[customer]}<br>
+ {/section}
-OUTPUT:
+ OUTPUT:
-1 id: 1000<br>
-2 id: 1001<br>
-3 id: 1002<br>
+ 1 id: 1000<br>
+ 2 id: 1001<br>
+ 3 id: 1002<br>
-
-
-
-
- loop
-
- loop is used to display the last index number that this section
- looped. This can be used inside or after the section.
-
-
-section property index
-
-{section name=customer loop=$custid}
-{%customer.index%} id: {$custid[customer]}<br>
-{/section}
+
+
+
+
+ loop
+
+ loop is used to display the last index number that this section
+ looped. This can be used inside or after the section.
+
+
+ section property index
+
+ {section name=customer loop=$custid}
+ {%customer.index%} id: {$custid[customer]}<br>
+ {/section}
-There were {%customer.loop%} customers shown above.
+ There were {%customer.loop%} customers shown above.
-OUTPUT:
+ OUTPUT:
-0 id: 1000<br>
-1 id: 1001<br>
-2 id: 1002<br>
+ 0 id: 1000<br>
+ 1 id: 1001<br>
+ 2 id: 1002<br>
-There were 3 customers shown above.
+ There were 3 customers shown above.
-
-
-
-
- show
-
- show is used as a parameter to section.
- show is a boolean value, true or false. If
- false, the section will not be displayed. If there is a sectionelse
- present, that will be alternately displayed.
-
-
-section attribute show
-
-{* $show_customer_info may have been passed from the PHP
-application, to regulate whether or not this section shows *}
-{section name=customer loop=$custid show=$show_customer_info}
-{%customer.rownum%} id: {$custid[customer]}<br>
-{/section}
+
+
+
+
+ show
+
+ show is used as a parameter to section.
+ show is a boolean value, true or false. If
+ false, the section will not be displayed. If there is a sectionelse
+ present, that will be alternately displayed.
+
+
+ section attribute show
+
+ {* $show_customer_info may have been passed from the PHP
+ application, to regulate whether or not this section shows *}
+ {section name=customer loop=$custid show=$show_customer_info}
+ {%customer.rownum%} id: {$custid[customer]}<br>
+ {/section}
-{if %customer.show%}
-the section was shown.
-{else}
-the section was not shown.
-{/if}
+ {if %customer.show%}
+ the section was shown.
+ {else}
+ the section was not shown.
+ {/if}
-OUTPUT:
+ OUTPUT:
-1 id: 1000<br>
-2 id: 1001<br>
-3 id: 1002<br>
+ 1 id: 1000<br>
+ 2 id: 1001<br>
+ 3 id: 1002<br>
-the section was shown.
+ the section was shown.
-
-
-
-
- total
-
- total is used to display the number of iterations that this section
- will loop. This can be used inside or after the section.
-
-
- This was added to Smarty 1.4.4.
-
-
-section property total
-
-{section name=customer loop=$custid step=2}
-{%customer.index%} id: {$custid[customer]}<br>
-{/section}
+
+
+
+
+ total
+
+ total is used to display the number of iterations that this section
+ will loop. This can be used inside or after the section.
+
+
+ This was added to Smarty 1.4.4.
+
+
+ section property total
+
+ {section name=customer loop=$custid step=2}
+ {%customer.index%} id: {$custid[customer]}<br>
+ {/section}
-There were {%customer.total%} customers shown above.
+ There were {%customer.total%} customers shown above.
-OUTPUT:
+ OUTPUT:
-0 id: 1000<br>
-2 id: 1001<br>
-4 id: 1002<br>
+ 0 id: 1000<br>
+ 2 id: 1001<br>
+ 4 id: 1002<br>
-There were 3 customers shown above.
+ There were 3 customers shown above.
-
-
+
+
+
strip
@@ -3400,7 +3400,7 @@ OUTPUT:
html_select_time
-{html_select_time use_24_hours=false}
+{html_select_time use_24_hours=true}
OUTPUT:
diff --git a/libs/Smarty.class.php b/libs/Smarty.class.php
index ec292342..3c14c5eb 100644
--- a/libs/Smarty.class.php
+++ b/libs/Smarty.class.php
@@ -568,25 +568,29 @@ class Smarty
// buffering - for speed
if ($display && !$this->caching) {
echo $info_header;
- $this->_process_template($tpl_file, $compile_path);
- if ($this->show_info_include) {
- echo "\n\n";
- }
- include($compile_path);
- if ($this->show_info_include) {
- echo "\n\n";
- }
+ if($this->_process_template($tpl_file, $compile_path))
+ {
+ if ($this->show_info_include) {
+ echo "\n\n";
+ }
+ include($compile_path);
+ if ($this->show_info_include) {
+ echo "\n\n";
+ }
+ }
} else {
ob_start();
echo $info_header;
- $this->_process_template($tpl_file, $compile_path);
- if ($this->show_info_include) {
- echo "\n\n";
- }
- include($compile_path);
- if ($this->show_info_include) {
- echo "\n\n";
- }
+ if($this->_process_template($tpl_file, $compile_path))
+ {
+ if ($this->show_info_include) {
+ echo "\n\n";
+ }
+ include($compile_path);
+ if ($this->show_info_include) {
+ echo "\n\n";
+ }
+ }
$results = ob_get_contents();
ob_end_clean();
}
@@ -660,14 +664,16 @@ class Smarty
function _generate_debug_output() {
ob_start();
- $this->_process_template($this->debug_tpl, $compile_path);
- if ($this->show_info_include) {
- echo "\n\n";
- }
- include($compile_path);
- if ($this->show_info_include) {
- echo "\n\n";
- }
+ if($this->_process_template($this->debug_tpl, $compile_path))
+ {
+ if ($this->show_info_include) {
+ echo "\n\n";
+ }
+ include($compile_path);
+ if ($this->show_info_include) {
+ echo "\n\n";
+ }
+ }
$results = ob_get_contents();
ob_end_clean();
return $results;
@@ -689,7 +695,9 @@ function _generate_debug_output() {
return true;
} else {
// get template source and timestamp
- $this->_fetch_template_source($tpl_file, $template_source, $template_timestamp);
+ if(!$this->_fetch_template_source($tpl_file, $template_source, $template_timestamp)) {
+ return false;
+ }
if ($template_timestamp <= $this->_fetch_compiled_template_timestamp($compile_path)) {
// template not expired, no recompile
return true;
@@ -702,7 +710,9 @@ function _generate_debug_output() {
}
} else {
// compiled template does not exist, or forced compile
- $this->_fetch_template_source($tpl_file, $template_source, $template_timestamp);
+ if(!$this->_fetch_template_source($tpl_file, $template_source, $template_timestamp)) {
+ return false;
+ }
$this->_compile_template($tpl_file, $template_source, $template_compiled);
$this->_write_compiled_template($compile_path, $template_compiled);
return true;
@@ -869,17 +879,18 @@ function _generate_debug_output() {
array_unshift($this->_config, $this->_config[0]);
- $this->_process_template($_smarty_include_tpl_file, $compile_path);
+ if($this->_process_template($_smarty_include_tpl_file, $compile_path))
+ {
+ if ($this->show_info_include) {
+ echo "\n\n";
+ }
- if ($this->show_info_include) {
- echo "\n\n";
- }
+ include($compile_path);
- include($compile_path);
-
- if ($this->show_info_include) {
- echo "\n\n";
- }
+ if ($this->show_info_include) {
+ echo "\n\n";
+ }
+ }
array_shift($this->_config);
$this->_inclusion_depth--;