smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-11-02 13:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed Code injection vulnerability by using illegal function names

Browse Source
This commit is contained in:
Simon Wisselink
2021-01-24 23:44:07 +01:00
parent fedc127057
commit 165f1bd4d2
3 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
libs/sysplugins/smarty_internal_compile_function.php
View File

@@ -58,6 +58,11 @@ class Smarty_Internal_Compile_Function extends Smarty_Internal_CompileBase
}
unset($_attr[ 'nocache' ]);
$_name = trim($_attr[ 'name' ], '\'"');
if (!preg_match('/^[a-zA-Z0-9_\x80-\xff]+$/', $_name)) {
$compiler->trigger_template_error("Function name contains invalid characters: {$_name}", null, true);
}
$compiler->parent_compiler->tpl_function[ $_name ] = array();
$save = array(
$_attr, $compiler->parser->current_buffer, $compiler->template->compiled->has_nocache_code,