mirror of
https://github.com/smarty-php/smarty.git
synced 2025-08-05 02:44:27 +02:00
- bugfix on $php_handling security and optimization of smarty_internal_parsetree (Thue Kristensen)
This commit is contained in:
Uwe.Tews@googlemail.com
@@ -1,4 +1,7 @@
|
|||||||
===== 3.1.21-dev ===== (xx.xx.2014)
|
===== 3.1.21-dev ===== (xx.xx.2014)
|
||||||
|
17.10.2014
|
||||||
|
- bugfix on $php_handling security and optimization of smarty_internal_parsetree (Thue Kristensen)
|
||||||
|
|
||||||
16.10.2014
|
16.10.2014
|
||||||
- bugfix composer.json update
|
- bugfix composer.json update
|
||||||
|
|
||||||
|
|||||||
@@ -70,6 +70,6 @@ class Smarty_Internal_Compile_Break extends Smarty_Internal_CompileBase
|
|||||||
$compiler->trigger_template_error("cannot break {$_levels} level(s)", $compiler->lex->taglineno);
|
$compiler->trigger_template_error("cannot break {$_levels} level(s)", $compiler->lex->taglineno);
|
||||||
}
|
}
|
||||||
|
|
||||||
return "<?php break {$_levels}?>";
|
return "<?php break {$_levels};?>";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -70,6 +70,6 @@ class Smarty_Internal_Compile_Continue extends Smarty_Internal_CompileBase
|
|||||||
$compiler->trigger_template_error("cannot continue {$_levels} level(s)", $compiler->lex->taglineno);
|
$compiler->trigger_template_error("cannot continue {$_levels} level(s)", $compiler->lex->taglineno);
|
||||||
}
|
}
|
||||||
|
|
||||||
return "<?php continue {$_levels}?>";
|
return "<?php continue {$_levels};?>";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -135,11 +135,6 @@ class Smarty_Internal_Compile_Functionclose extends Smarty_Internal_CompileBase
|
|||||||
}
|
}
|
||||||
$plugins_string .= "?>/*/%%SmartyNocache:{$compiler->template->properties['nocache_hash']}%%*/';?>\n";
|
$plugins_string .= "?>/*/%%SmartyNocache:{$compiler->template->properties['nocache_hash']}%%*/';?>\n";
|
||||||
}
|
}
|
||||||
// remove last line break from function definition
|
|
||||||
$last = count($compiler->parser->current_buffer->subtrees) - 1;
|
|
||||||
if ($compiler->parser->current_buffer->subtrees[$last] instanceof _smarty_linebreak) {
|
|
||||||
unset($compiler->parser->current_buffer->subtrees[$last]);
|
|
||||||
}
|
|
||||||
// if caching save template function for possible nocache call
|
// if caching save template function for possible nocache call
|
||||||
if ($compiler->template->caching) {
|
if ($compiler->template->caching) {
|
||||||
$compiler->template->properties['function'][$_name]['compiled'] .= $plugins_string
|
$compiler->template->properties['function'][$_name]['compiled'] .= $plugins_string
|
||||||
|
|||||||
@@ -91,7 +91,7 @@ class _smarty_tag extends _smarty_parsetree
|
|||||||
public function assign_to_var()
|
public function assign_to_var()
|
||||||
{
|
{
|
||||||
$var = sprintf('$_tmp%d', ++Smarty_Internal_Templateparser::$prefix_number);
|
$var = sprintf('$_tmp%d', ++Smarty_Internal_Templateparser::$prefix_number);
|
||||||
$this->parser->compiler->prefix_code[] = sprintf('<?php ob_start();?>%s<?php %s=ob_get_clean();?>', $this->data, $var);
|
$this->parser->compiler->prefix_code[] = sprintf("<?php ob_start();\n%s\n%s=ob_get_clean();?>", preg_replace(array('/^\s*<\?php\s+/','/\s*\?>\s*$/'), '', $this->data), $var);
|
||||||
|
|
||||||
return $var;
|
return $var;
|
||||||
}
|
}
|
||||||
@@ -271,8 +271,10 @@ class _smarty_template_buffer extends _smarty_parsetree
|
|||||||
*/
|
*/
|
||||||
public function append_subtree(_smarty_parsetree $subtree)
|
public function append_subtree(_smarty_parsetree $subtree)
|
||||||
{
|
{
|
||||||
|
if ($subtree->data !== '') {
|
||||||
$this->subtrees[] = $subtree;
|
$this->subtrees[] = $subtree;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sanitize and merge subtree buffers together
|
* Sanitize and merge subtree buffers together
|
||||||
@@ -283,50 +285,47 @@ class _smarty_template_buffer extends _smarty_parsetree
|
|||||||
{
|
{
|
||||||
$code = '';
|
$code = '';
|
||||||
for ($key = 0, $cnt = count($this->subtrees); $key < $cnt; $key ++) {
|
for ($key = 0, $cnt = count($this->subtrees); $key < $cnt; $key ++) {
|
||||||
if ($key + 2 < $cnt) {
|
if ($this->subtrees[$key] instanceof _smarty_text) {
|
||||||
if ($this->subtrees[$key] instanceof _smarty_linebreak && $this->subtrees[$key + 1] instanceof _smarty_tag && $this->subtrees[$key + 1]->data == '' && $this->subtrees[$key + 2] instanceof _smarty_linebreak) {
|
|
||||||
$key = $key + 1;
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
if (substr($this->subtrees[$key]->data, - 1) == '<' && $this->subtrees[$key + 1]->data == '' && substr($this->subtrees[$key + 2]->data, - 1) == '?') {
|
|
||||||
$key = $key + 2;
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (substr($code, - 1) == '<') {
|
|
||||||
$subtree = $this->subtrees[$key]->to_smarty_php();
|
$subtree = $this->subtrees[$key]->to_smarty_php();
|
||||||
if (substr($subtree, 0, 1) == '?') {
|
while ($key + 1 < $cnt && ($this->subtrees[$key+1] instanceof _smarty_text || $this->subtrees[$key +1]->data == '')) {
|
||||||
$code = substr($code, 0, strlen($code) - 1) . '<<?php ?>?' . substr($subtree, 1);
|
$key++;
|
||||||
} elseif ($this->parser->asp_tags && substr($subtree, 0, 1) == '%') {
|
if ($this->subtrees[$key]->data == '') {
|
||||||
$code = substr($code, 0, strlen($code) - 1) . '<<?php ?>%' . substr($subtree, 1);
|
|
||||||
} else {
|
|
||||||
$code .= $subtree;
|
|
||||||
}
|
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if ($this->parser->asp_tags && substr($code, - 1) == '%') {
|
$subtree .= $this->subtrees[$key]->to_smarty_php();
|
||||||
$subtree = $this->subtrees[$key]->to_smarty_php();
|
|
||||||
if (substr($subtree, 0, 1) == '>') {
|
|
||||||
$code = substr($code, 0, strlen($code) - 1) . '%<?php ?>>' . substr($subtree, 1);
|
|
||||||
} else {
|
|
||||||
$code .= $subtree;
|
|
||||||
}
|
}
|
||||||
|
if ($subtree == '') {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (substr($code, - 1) == '?') {
|
$code .= preg_replace('/(<%|%>|<\?php|<\?|\?>|<\/?script)/', "<?php echo '\$1'; ?>\n", $subtree);
|
||||||
$subtree = $this->subtrees[$key]->to_smarty_php();
|
continue;
|
||||||
if (substr($subtree, 0, 1) == '>') {
|
|
||||||
$code = substr($code, 0, strlen($code) - 1) . '?<?php ?>>' . substr($subtree, 1);
|
|
||||||
} else {
|
|
||||||
$code .= $subtree;
|
|
||||||
}
|
}
|
||||||
|
if ($this->subtrees[$key] instanceof _smarty_tag) {
|
||||||
|
$subtree = $this->subtrees[$key]->to_smarty_php();
|
||||||
|
while ($key + 1 < $cnt && ($this->subtrees[$key+1] instanceof _smarty_tag || $this->subtrees[$key +1]->data == '')) {
|
||||||
|
$key++;
|
||||||
|
if ($this->subtrees[$key]->data == '') {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$newCode = $this->subtrees[$key]->to_smarty_php();
|
||||||
|
if ((preg_match('/^\s*<\?php\s+/', $newCode) && preg_match('/\s*\?>\s*$/', $subtree))) {
|
||||||
|
$subtree = preg_replace('/\s*\?>\s*$/', "\n", $subtree);
|
||||||
|
$subtree .= preg_replace('/^\s*<\?php\s+/', '', $newCode);
|
||||||
|
} else {
|
||||||
|
$subtree .= $newCode;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($subtree == '') {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$code .= $subtree;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
$code .= $this->subtrees[$key]->to_smarty_php();
|
$code .= $this->subtrees[$key]->to_smarty_php();
|
||||||
}
|
}
|
||||||
|
|
||||||
return $code;
|
return $code;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -360,35 +359,3 @@ class _smarty_text extends _smarty_parsetree
|
|||||||
return $this->data;
|
return $this->data;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* template linebreaks
|
|
||||||
*
|
|
||||||
* @package Smarty
|
|
||||||
* @subpackage Compiler
|
|
||||||
* @ignore
|
|
||||||
*/
|
|
||||||
class _smarty_linebreak extends _smarty_parsetree
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* Create buffer with linebreak content
|
|
||||||
*
|
|
||||||
* @param object $parser parser object
|
|
||||||
* @param string $data linebreak string
|
|
||||||
*/
|
|
||||||
public function __construct($parser, $data)
|
|
||||||
{
|
|
||||||
$this->parser = $parser;
|
|
||||||
$this->data = $data;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Return linebrak
|
|
||||||
*
|
|
||||||
* @return string linebreak
|
|
||||||
*/
|
|
||||||
public function to_smarty_php()
|
|
||||||
{
|
|
||||||
return $this->data;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|||||||
@@ -23,6 +23,7 @@ class Smarty_Internal_Templatelexer
|
|||||||
public $is_phpScript = false;
|
public $is_phpScript = false;
|
||||||
public $state = 1;
|
public $state = 1;
|
||||||
public $smarty;
|
public $smarty;
|
||||||
|
public $literal_cnt = 0;
|
||||||
private $heredoc_id_stack = Array();
|
private $heredoc_id_stack = Array();
|
||||||
public $yyTraceFILE;
|
public $yyTraceFILE;
|
||||||
public $yyTracePrompt;
|
public $yyTracePrompt;
|
||||||
@@ -163,13 +164,12 @@ class Smarty_Internal_Templatelexer
|
|||||||
19 => 0,
|
19 => 0,
|
||||||
20 => 0,
|
20 => 0,
|
||||||
21 => 0,
|
21 => 0,
|
||||||
22 => 4,
|
22 => 0,
|
||||||
27 => 0,
|
|
||||||
);
|
);
|
||||||
if ($this->counter >= strlen($this->data)) {
|
if ($this->counter >= strlen($this->data)) {
|
||||||
return false; // end of input
|
return false; // end of input
|
||||||
}
|
}
|
||||||
$yy_global_pattern = "/\G(\\{\\})|\G(" . $this->ldel . "\\*([\S\s]*?)\\*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*strip\\s*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*\/strip\\s*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*literal\\s*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*(if|elseif|else if|while)\\s+)|\G(" . $this->ldel . "\\s*for\\s+)|\G(" . $this->ldel . "\\s*foreach(?![^\s]))|\G(" . $this->ldel . "\\s*setfilter\\s+)|\G(" . $this->ldel . "\\s*\/)|\G(" . $this->ldel . "\\s*)|\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(\\s*" . $this->rdel . ")|\G(<%)|\G(%>)|\G(<(([^>]*?)(?=" . $this->ldel . ")" . $this->ldel . "([\S\s]*?)" . $this->rdel . ")+([^>]*?)(?!" . $this->ldel . ")>)|\G([\S\s])/iS";
|
$yy_global_pattern = "/\G(\\{\\})|\G(" . $this->ldel . "\\*([\S\s]*?)\\*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*strip\\s*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*\/strip\\s*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*literal\\s*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*(if|elseif|else if|while)\\s+)|\G(" . $this->ldel . "\\s*for\\s+)|\G(" . $this->ldel . "\\s*foreach(?![^\s]))|\G(" . $this->ldel . "\\s*setfilter\\s+)|\G(" . $this->ldel . "\\s*\/)|\G(" . $this->ldel . "\\s*)|\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(\\s*" . $this->rdel . ")|\G(<%)|\G(%>)|\G([\S\s])/iS";
|
||||||
|
|
||||||
do {
|
do {
|
||||||
if (preg_match($yy_global_pattern, $this->data, $yymatches, null, $this->counter)) {
|
if (preg_match($yy_global_pattern, $this->data, $yymatches, null, $this->counter)) {
|
||||||
@@ -345,8 +345,8 @@ class Smarty_Internal_Templatelexer
|
|||||||
} elseif ($this->value == '<?xml') {
|
} elseif ($this->value == '<?xml') {
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_XMLTAG;
|
$this->token = Smarty_Internal_Templateparser::TP_XMLTAG;
|
||||||
} else {
|
} else {
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_FAKEPHPSTARTTAG;
|
$this->token = Smarty_Internal_Templateparser::TP_TEXT;
|
||||||
$this->value = substr($this->value, 0, 2);
|
//$this->value = substr($this->value, 0, 2);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -381,24 +381,11 @@ class Smarty_Internal_Templatelexer
|
|||||||
}
|
}
|
||||||
|
|
||||||
function yy_r1_22($yy_subpatterns)
|
function yy_r1_22($yy_subpatterns)
|
||||||
{
|
|
||||||
|
|
||||||
$clean = preg_replace("/{$this->ldel}([\S\s]*?){$this->rdel}/", '', $this->value);
|
|
||||||
if (preg_match("/<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>/", $clean, $match)) {
|
|
||||||
$this->compiler->trigger_template_error('Security error: Illegal code injection');
|
|
||||||
} else {
|
|
||||||
preg_match("/([\S\s]*?)(?={$this->ldel})/", $this->value, $match);
|
|
||||||
$this->value = $match[0];
|
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_TEXT;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function yy_r1_27($yy_subpatterns)
|
|
||||||
{
|
{
|
||||||
|
|
||||||
$phpEndScript = $this->is_phpScript ? '|<\\/script>' : '';
|
$phpEndScript = $this->is_phpScript ? '|<\\/script>' : '';
|
||||||
$to = strlen($this->data);
|
$to = strlen($this->data);
|
||||||
preg_match("/<\?|<%|\?>|%>|<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>|<(([^>]*?)(?={$this->ldel}){$this->ldel}([\S\s]*?){$this->rdel})+([^>]*?)(?!{$this->ldel})>|{$this->ldel}{$phpEndScript}/", $this->data, $match, PREG_OFFSET_CAPTURE, $this->counter);
|
preg_match("/{$this->ldel}|<\?|<%|\?>|%>|<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>{$phpEndScript}/", $this->data, $match, PREG_OFFSET_CAPTURE, $this->counter);
|
||||||
if (isset($match[0][1])) {
|
if (isset($match[0][1])) {
|
||||||
$to = $match[0][1];
|
$to = $match[0][1];
|
||||||
}
|
}
|
||||||
@@ -971,18 +958,12 @@ class Smarty_Internal_Templatelexer
|
|||||||
$tokenMap = array(
|
$tokenMap = array(
|
||||||
1 => 0,
|
1 => 0,
|
||||||
2 => 0,
|
2 => 0,
|
||||||
3 => 2,
|
3 => 0,
|
||||||
6 => 0,
|
|
||||||
7 => 0,
|
|
||||||
8 => 0,
|
|
||||||
9 => 0,
|
|
||||||
10 => 4,
|
|
||||||
15 => 0,
|
|
||||||
);
|
);
|
||||||
if ($this->counter >= strlen($this->data)) {
|
if ($this->counter >= strlen($this->data)) {
|
||||||
return false; // end of input
|
return false; // end of input
|
||||||
}
|
}
|
||||||
$yy_global_pattern = "/\G(" . $this->ldel . "\\s*literal\\s*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*\/literal\\s*" . $this->rdel . ")|\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<%)|\G(%>)|\G(<(([^>]*?)(?=" . $this->ldel . ")" . $this->ldel . "([\S\s]*?)" . $this->rdel . ")+([^>]*?)(?!" . $this->ldel . ")>)|\G([\S\s])/iS";
|
$yy_global_pattern = "/\G(" . $this->ldel . "\\s*literal\\s*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*\/literal\\s*" . $this->rdel . ")|\G([\S\s])/iS";
|
||||||
|
|
||||||
do {
|
do {
|
||||||
if (preg_match($yy_global_pattern, $this->data, $yymatches, null, $this->counter)) {
|
if (preg_match($yy_global_pattern, $this->data, $yymatches, null, $this->counter)) {
|
||||||
@@ -1035,19 +1016,16 @@ class Smarty_Internal_Templatelexer
|
|||||||
function yy_r3_1($yy_subpatterns)
|
function yy_r3_1($yy_subpatterns)
|
||||||
{
|
{
|
||||||
|
|
||||||
if ($this->smarty->auto_literal && isset($this->value[$this->ldel_length]) ? strpos(" \n\t\r", $this->value[$this->ldel_length]) !== false : false) {
|
$this->literal_cnt ++;
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_TEXT;
|
$this->token = Smarty_Internal_Templateparser::TP_LITERAL;
|
||||||
} else {
|
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_LITERALSTART;
|
|
||||||
$this->yypushstate(self::LITERAL);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function yy_r3_2($yy_subpatterns)
|
function yy_r3_2($yy_subpatterns)
|
||||||
{
|
{
|
||||||
|
|
||||||
if ($this->smarty->auto_literal && isset($this->value[$this->ldel_length]) ? strpos(" \n\t\r", $this->value[$this->ldel_length]) !== false : false) {
|
if ($this->literal_cnt) {
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_TEXT;
|
$this->literal_cnt --;
|
||||||
|
$this->token = Smarty_Internal_Templateparser::TP_LITERAL;
|
||||||
} else {
|
} else {
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_LITERALEND;
|
$this->token = Smarty_Internal_Templateparser::TP_LITERALEND;
|
||||||
$this->yypopstate();
|
$this->yypopstate();
|
||||||
@@ -1057,60 +1035,8 @@ class Smarty_Internal_Templatelexer
|
|||||||
function yy_r3_3($yy_subpatterns)
|
function yy_r3_3($yy_subpatterns)
|
||||||
{
|
{
|
||||||
|
|
||||||
if (($script = strpos($this->value, '<s') === 0) || in_array($this->value, Array('<?', '<?=', '<?php'))) {
|
|
||||||
if ($script) {
|
|
||||||
$this->is_phpScript = true;
|
|
||||||
}
|
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
|
|
||||||
} else {
|
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_FAKEPHPSTARTTAG;
|
|
||||||
$this->value = substr($this->value, 0, 2);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function yy_r3_6($yy_subpatterns)
|
|
||||||
{
|
|
||||||
|
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_PHPENDTAG;
|
|
||||||
}
|
|
||||||
|
|
||||||
function yy_r3_7($yy_subpatterns)
|
|
||||||
{
|
|
||||||
|
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_PHPENDSCRIPT;
|
|
||||||
}
|
|
||||||
|
|
||||||
function yy_r3_8($yy_subpatterns)
|
|
||||||
{
|
|
||||||
|
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_ASPSTARTTAG;
|
|
||||||
}
|
|
||||||
|
|
||||||
function yy_r3_9($yy_subpatterns)
|
|
||||||
{
|
|
||||||
|
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_ASPENDTAG;
|
|
||||||
}
|
|
||||||
|
|
||||||
function yy_r3_10($yy_subpatterns)
|
|
||||||
{
|
|
||||||
|
|
||||||
$clean = preg_replace("/{$this->ldel}([\S\s]*?){$this->rdel}/", '', $this->value);
|
|
||||||
if (preg_match("/<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>/", $clean, $match)) {
|
|
||||||
$this->compiler->trigger_template_error('Security error: Illegal code injection');
|
|
||||||
} else {
|
|
||||||
preg_match("/([\S\s]*?)(?={$this->ldel})/", $this->value, $match);
|
|
||||||
$this->value = $match[0];
|
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_TEXT;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function yy_r3_15($yy_subpatterns)
|
|
||||||
{
|
|
||||||
|
|
||||||
$phpEndScript = $this->is_phpScript ? '|<\\/script>' : '';
|
|
||||||
$to = strlen($this->data);
|
$to = strlen($this->data);
|
||||||
preg_match("/<\?|<%|\?>|%>|<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>|{$this->ldel}\/?literal{$this->rdel}{$phpEndScript}/", $this->data, $match, PREG_OFFSET_CAPTURE, $this->counter);
|
preg_match("/{$this->ldel}\/?literal{$this->rdel}/", $this->data, $match, PREG_OFFSET_CAPTURE, $this->counter);
|
||||||
if (isset($match[0][1])) {
|
if (isset($match[0][1])) {
|
||||||
$to = $match[0][1];
|
$to = $match[0][1];
|
||||||
} else {
|
} else {
|
||||||
@@ -1132,13 +1058,15 @@ class Smarty_Internal_Templatelexer
|
|||||||
8 => 0,
|
8 => 0,
|
||||||
9 => 0,
|
9 => 0,
|
||||||
10 => 0,
|
10 => 0,
|
||||||
11 => 3,
|
11 => 0,
|
||||||
15 => 0,
|
12 => 0,
|
||||||
|
13 => 3,
|
||||||
|
17 => 0,
|
||||||
);
|
);
|
||||||
if ($this->counter >= strlen($this->data)) {
|
if ($this->counter >= strlen($this->data)) {
|
||||||
return false; // end of input
|
return false; // end of input
|
||||||
}
|
}
|
||||||
$yy_global_pattern = "/\G(" . $this->ldel . "\\s*(if|elseif|else if|while)\\s+)|\G(" . $this->ldel . "\\s*for\\s+)|\G(" . $this->ldel . "\\s*foreach(?![^\s]))|\G(" . $this->ldel . "\\s*\/)|\G(" . $this->ldel . "\\s*)|\G(\")|\G(`\\$)|\G(\\$[0-9]*[a-zA-Z_]\\w*)|\G(\\$)|\G(([^\"\\\\]*?)((?:\\\\.[^\"\\\\]*?)*?)(?=(" . $this->ldel . "|\\$|`\\$|\")))|\G([\S\s])/iS";
|
$yy_global_pattern = "/\G(" . $this->ldel . "\\s*(if|elseif|else if|while)\\s+)|\G(" . $this->ldel . "\\s*for\\s+)|\G(" . $this->ldel . "\\s*foreach(?![^\s]))|\G(" . $this->ldel . "\\s*literal\\s*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*\/literal\\s*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*\/)|\G(" . $this->ldel . "\\s*)|\G(\")|\G(`\\$)|\G(\\$[0-9]*[a-zA-Z_]\\w*)|\G(\\$)|\G(([^\"\\\\]*?)((?:\\\\.[^\"\\\\]*?)*?)(?=(" . $this->ldel . "|\\$|`\\$|\")))|\G([\S\s])/iS";
|
||||||
|
|
||||||
do {
|
do {
|
||||||
if (preg_match($yy_global_pattern, $this->data, $yymatches, null, $this->counter)) {
|
if (preg_match($yy_global_pattern, $this->data, $yymatches, null, $this->counter)) {
|
||||||
@@ -1225,6 +1153,18 @@ class Smarty_Internal_Templatelexer
|
|||||||
}
|
}
|
||||||
|
|
||||||
function yy_r4_5($yy_subpatterns)
|
function yy_r4_5($yy_subpatterns)
|
||||||
|
{
|
||||||
|
|
||||||
|
$this->token = Smarty_Internal_Templateparser::TP_TEXT;
|
||||||
|
}
|
||||||
|
|
||||||
|
function yy_r4_6($yy_subpatterns)
|
||||||
|
{
|
||||||
|
|
||||||
|
$this->token = Smarty_Internal_Templateparser::TP_TEXT;
|
||||||
|
}
|
||||||
|
|
||||||
|
function yy_r4_7($yy_subpatterns)
|
||||||
{
|
{
|
||||||
|
|
||||||
if ($this->smarty->auto_literal && isset($this->value[$this->ldel_length]) ? strpos(" \n\t\r", $this->value[$this->ldel_length]) !== false : false) {
|
if ($this->smarty->auto_literal && isset($this->value[$this->ldel_length]) ? strpos(" \n\t\r", $this->value[$this->ldel_length]) !== false : false) {
|
||||||
@@ -1236,7 +1176,7 @@ class Smarty_Internal_Templatelexer
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function yy_r4_6($yy_subpatterns)
|
function yy_r4_8($yy_subpatterns)
|
||||||
{
|
{
|
||||||
|
|
||||||
if ($this->smarty->auto_literal && isset($this->value[$this->ldel_length]) ? strpos(" \n\t\r", $this->value[$this->ldel_length]) !== false : false) {
|
if ($this->smarty->auto_literal && isset($this->value[$this->ldel_length]) ? strpos(" \n\t\r", $this->value[$this->ldel_length]) !== false : false) {
|
||||||
@@ -1248,14 +1188,14 @@ class Smarty_Internal_Templatelexer
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function yy_r4_7($yy_subpatterns)
|
function yy_r4_9($yy_subpatterns)
|
||||||
{
|
{
|
||||||
|
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_QUOTE;
|
$this->token = Smarty_Internal_Templateparser::TP_QUOTE;
|
||||||
$this->yypopstate();
|
$this->yypopstate();
|
||||||
}
|
}
|
||||||
|
|
||||||
function yy_r4_8($yy_subpatterns)
|
function yy_r4_10($yy_subpatterns)
|
||||||
{
|
{
|
||||||
|
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_BACKTICK;
|
$this->token = Smarty_Internal_Templateparser::TP_BACKTICK;
|
||||||
@@ -1264,25 +1204,25 @@ class Smarty_Internal_Templatelexer
|
|||||||
$this->taglineno = $this->line;
|
$this->taglineno = $this->line;
|
||||||
}
|
}
|
||||||
|
|
||||||
function yy_r4_9($yy_subpatterns)
|
function yy_r4_11($yy_subpatterns)
|
||||||
{
|
{
|
||||||
|
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_DOLLARID;
|
$this->token = Smarty_Internal_Templateparser::TP_DOLLARID;
|
||||||
}
|
}
|
||||||
|
|
||||||
function yy_r4_10($yy_subpatterns)
|
function yy_r4_12($yy_subpatterns)
|
||||||
{
|
{
|
||||||
|
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_TEXT;
|
$this->token = Smarty_Internal_Templateparser::TP_TEXT;
|
||||||
}
|
}
|
||||||
|
|
||||||
function yy_r4_11($yy_subpatterns)
|
function yy_r4_13($yy_subpatterns)
|
||||||
{
|
{
|
||||||
|
|
||||||
$this->token = Smarty_Internal_Templateparser::TP_TEXT;
|
$this->token = Smarty_Internal_Templateparser::TP_TEXT;
|
||||||
}
|
}
|
||||||
|
|
||||||
function yy_r4_15($yy_subpatterns)
|
function yy_r4_17($yy_subpatterns)
|
||||||
{
|
{
|
||||||
|
|
||||||
$to = strlen($this->data);
|
$to = strlen($this->data);
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user