smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-07-31 16:37:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into 979_setErrorUnassigned

Browse Source
This commit is contained in:
Simon Wisselink
2024-05-29 21:21:36 +02:00
committed by GitHub
parent 768acd96fa 2a87c65994
commit 287e12c3be
68 changed files with 791 additions and 762 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
CHANGELOG.md
View File

@@ -6,6 +6,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
## [5.2.0] - 2024-05-28
- Fixed a code injection vulnerability in extends-tag. This addresses CVE-2024-35226.
- Added `$smarty->setCacheModifiedCheck()` setter for cache_modified_check
- Added a PSR-4 loading script to allow Smarty to be used without Composer [#1017](https://github.com/smarty-php/smarty/pull/1017)
## [5.1.0] - 2024-04-22
- Prevent deprecation notices during compilation in PHP8.3 [#996](https://github.com/smarty-php/smarty/issues/996)
- Fix that getTemplateVars would return an array of objects instead of the assigned variables values [#994](https://github.com/smarty-php/smarty/issues/994)
- Fix Smarty::assign() not returning $this when called with an array as first parameter [#972](https://github.com/smarty-php/smarty/pull/972)
- Documented support for `{if $element is in $array}` syntax [#937](https://github.com/smarty-php/smarty/issues/937)
- Added support for `{if $element is not in $array}` syntax [#937](https://github.com/smarty-php/smarty/issues/937)
- Using stream variables in templates now throws a deprecation notice [#933](https://github.com/smarty-php/smarty/pull/933)
- Internal compiler classes always return a string (the internal has_code flag has been removed for simplicity) [#918](https://github.com/smarty-php/smarty/pull/918)
- Fix invalid classnames in Runtime code for foreach [#1000](https://github.com/smarty-php/smarty/issues/1000)
## [5.0.1] - 2024-03-27
- Fix error in Smarty\Smarty::compileAllTemplates() by including missing FilesystemIterator class [#966](https://github.com/smarty-php/smarty/issues/966)

1
changelog/1022.md Normal file
View File

@@ -0,0 +1 @@
- Added `$smarty->prependTemplateDir()` method [#1022](https://github.com/smarty-php/smarty/issues/1022)

1
changelog/918.md
View File

@@ -1 +0,0 @@
- Internal compiler classes always return a string (the internal has_code flag has been removed for simplicity) [#918](https://github.com/smarty-php/smarty/pull/918)

1
changelog/933.md
View File

@@ -1 +0,0 @@
- Using stream variables in templates now throws a deprecation notice [#933](https://github.com/smarty-php/smarty/pull/933)

2
changelog/937.md
View File

@@ -1,2 +0,0 @@
- Documented support for `{if $element is in $array}` syntax [#937](https://github.com/smarty-php/smarty/issues/937)
- Added support for `{if $element is not in $array}` syntax [#937](https://github.com/smarty-php/smarty/issues/937)

23
docs/api/configuring.md
View File

@@ -12,24 +12,27 @@ Use `getTemplateDir()` to retrieve the configured paths.
<?php
// set a single directory where the config files are stored
$smarty->setTemplateDir('./config');
$smarty->setTemplateDir('./templates');
// set multiple directories where config files are stored
$smarty->setTemplateDir(['./config', './config_2', './config_3']);
// set multiple directories where templates are stored
$smarty->setTemplateDir(['./templates', './templates_2', './templates_3']);
// add directory where config files are stored to the current list of dirs
$smarty->addTemplateDir('./config_1');
// add directory where templates files are stored to the current list of dirs
$smarty->addTemplateDir('./templates_1');
// add multiple directories to the current list of dirs
$smarty->addTemplateDir([
'./config_2',
'./config_3',
'./templates_2',
'./templates_3',
]);
// chaining of method calls
$smarty->setTemplateDir('./config')
->addTemplateDir('./config_1')
->addTemplateDir('./config_2');
$smarty->setTemplateDir('./templates')
->addTemplateDir('./templates_1')
->addTemplateDir('./templates_2');
// insert a template dir before exising template dirs
$smarty->prependTemplateDir('./more_important_templates')
// get all directories where config files are stored
$template_dirs = $smarty->getTemplateDir();

1
docs/designers/language-builtin-functions/language-function-config-load.md
View File

@@ -9,7 +9,6 @@
|----------------|----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| file | Yes | The name of the config file to include |
| section | No | The name of the section to load |
| scope | no | How the scope of the loaded variables are treated, which must be one of local, parent or global. local means variables are loaded into the local template context. parent means variables are loaded into both the local context and the parent template that called it. global means variables are available to all templates. |
## Examples

9
docs/designers/language-modifiers/language-modifier-is_array.md Normal file
View File

@@ -0,0 +1,9 @@
# is_array
Return true if the variable passed to it is an array.
## Basic usage
```smarty
{if $myVar|is_array}it's an array{/if}
```

8
docs/getting-started.md
View File

@@ -25,9 +25,17 @@ Here's how you create an instance of Smarty in your PHP scripts:
```php
<?php
// Instantiated via composer
require 'vendor/autoload.php';
use Smarty\Smarty;
$smarty = new Smarty();
// or ...
// Instantiated directly
require("/path/to/smarty/libs/Smarty.class.php");
use Smarty\Smarty;
$smarty = new Smarty();
```
Now that the library files are in place, it's time to set up the Smarty

42
libs/Smarty.class.php Normal file
View File

@@ -0,0 +1,42 @@
<?php
/////////////////////////////////////////////////////////////////////
// This is a stub PSR-4 loading script that gets all the pieces of //
// Smarty 5.x loaded without requiring the use of composer. It's //
// not really a 'class' file, but the name is used so we're //
// backwards compatible with previous versions of Smarty. //
// //
// Example: //
// require_once("/path/to/smarty/libs/Smarty.class.php"); //
// //
// $smarty = new Smarty\Smarty; //
// $smarty->testInstall(); //
/////////////////////////////////////////////////////////////////////
define('__SMARTY_DIR', __DIR__ . '/../src/');
// Global function declarations
require_once(__SMARTY_DIR . "/functions.php");
spl_autoload_register(function ($class) {
// Class prefix
$prefix = 'Smarty\\';
// Does the class use the namespace prefix?
$len = strlen($prefix);
if (strncmp($prefix, $class, $len) !== 0) {
// If not, move to the next registered autoloader
return;
}
// Hack off the prefix part
$relative_class = substr($class, $len);
// Build a path to the include file
$file = __SMARTY_DIR . str_replace('\\', '/', $relative_class) . '.php';
// If the file exists, require it
if (file_exists($file)) {
require_once($file);
}
});

1
mkdocs.yml
View File

@@ -60,6 +60,7 @@ nav:
- 'escape': 'designers/language-modifiers/language-modifier-escape.md'
- 'from_charset': 'designers/language-modifiers/language-modifier-from-charset.md'
- 'indent': 'designers/language-modifiers/language-modifier-indent.md'
- 'is_array': 'designers/language-modifiers/language-modifier-is_array.md'
- 'isset': 'designers/language-modifiers/language-modifier-isset.md'
- 'join': 'designers/language-modifiers/language-modifier-join.md'
- 'json_encode': 'designers/language-modifiers/language-modifier-json-encode.md'

3
src/BlockHandler/TextFormat.php
View File

@@ -20,9 +20,6 @@ use Smarty\Template;
* - indent_char - string (" ")
* - wrap_boundary - boolean (true)
*
* @link https://www.smarty.net/manual/en/language.function.textformat.php {textformat}
* (Smarty online manual)
*
* @param array $params parameters
* @param string $content contents of the block
* @param Template $template template object

2
src/Compile/Modifier/CatModifierCompiler.php
View File

@@ -11,8 +11,6 @@ namespace Smarty\Compile\Modifier;
* Input: string to catenate
* Example: {$var|cat:"foo"}
*
* @link https://www.smarty.net/manual/en/language.modifier.cat.php cat
* (Smarty online manual)
* @author Uwe Tews
*/

2
src/Compile/Modifier/CountCharactersModifierCompiler.php
View File

@@ -6,8 +6,6 @@ namespace Smarty\Compile\Modifier;
* Name: count_characters
* Purpose: count the number of characters in a text
*
* @link https://www.smarty.net/manual/en/language.modifier.count.characters.php count_characters (Smarty online
* manual)
* @author Uwe Tews
*/

2
src/Compile/Modifier/CountParagraphsModifierCompiler.php
View File

@@ -6,8 +6,6 @@ namespace Smarty\Compile\Modifier;
* Name: count_paragraphs
* Purpose: count the number of paragraphs in a text
*
* @link https://www.smarty.net/manual/en/language.modifier.count.paragraphs.php
* count_paragraphs (Smarty online manual)
* @author Uwe Tews
*/

2
src/Compile/Modifier/CountSentencesModifierCompiler.php
View File

@@ -6,8 +6,6 @@ namespace Smarty\Compile\Modifier;
* Name: count_sentences
* Purpose: count the number of sentences in a text
*
* @link https://www.smarty.net/manual/en/language.modifier.count.paragraphs.php
* count_sentences (Smarty online manual)
* @author Uwe Tews
*/

1
src/Compile/Modifier/CountWordsModifierCompiler.php
View File

@@ -6,7 +6,6 @@ namespace Smarty\Compile\Modifier;
* Name: count_words
* Purpose: count the number of words in a text
*
* @link https://www.smarty.net/manual/en/language.modifier.count.words.php count_words (Smarty online manual)
* @author Uwe Tews
*/

1
src/Compile/Modifier/DefaultModifierCompiler.php
View File

@@ -6,7 +6,6 @@ namespace Smarty\Compile\Modifier;
* Name: default
* Purpose: designate default value for empty variables
*
* @link https://www.smarty.net/manual/en/language.modifier.default.php default (Smarty online manual)
* @author Uwe Tews
*/

1
src/Compile/Modifier/EscapeModifierCompiler.php
View File

@@ -9,7 +9,6 @@ use Smarty\Exception;
* Name: escape
* Purpose: escape string for output
*
* @link https://www.smarty.net/docsv2/en/language.modifier.escape count_characters (Smarty online manual)
* @author Rodney Rehm
*/

1
src/Compile/Modifier/IndentModifierCompiler.php
View File

@@ -6,7 +6,6 @@ namespace Smarty\Compile\Modifier;
* Name: indent
* Purpose: indent lines of text
*
* @link https://www.smarty.net/manual/en/language.modifier.indent.php indent (Smarty online manual)
* @author Uwe Tews
*/

1
src/Compile/Modifier/LowerModifierCompiler.php
View File

@@ -6,7 +6,6 @@ namespace Smarty\Compile\Modifier;
* Name: lower
* Purpose: convert string to lowercase
*
* @link https://www.smarty.net/manual/en/language.modifier.lower.php lower (Smarty online manual)
* @author Monte Ohrt <monte at ohrt dot com>
* @author Uwe Tews
*/

1
src/Compile/Modifier/Nl2brModifierCompiler.php
View File

@@ -7,7 +7,6 @@ namespace Smarty\Compile\Modifier;
* Name: nl2br
* Purpose: insert HTML line breaks before all newlines in a string
*
* @link https://www.smarty.net/docs/en/language.modifier.nl2br.tpl nl2br (Smarty online manual)
*/
class Nl2brModifierCompiler extends Base {

1
src/Compile/Modifier/RoundModifierCompiler.php
View File

@@ -7,7 +7,6 @@ namespace Smarty\Compile\Modifier;
* Name: round
* Purpose: Returns the rounded value of num to specified precision (number of digits after the decimal point)
*
* @link https://www.smarty.net/docs/en/language.modifier.round.tpl round (Smarty online manual)
*/
class RoundModifierCompiler extends Base {

1
src/Compile/Modifier/StrRepeatModifierCompiler.php
View File

@@ -6,7 +6,6 @@ namespace Smarty\Compile\Modifier;
* Name: str_repeat
* Purpose: returns string repeated times times
*
* @link https://www.smarty.net/docs/en/language.modifier.str_repeat.tpl str_repeat (Smarty online manual)
*/
class StrRepeatModifierCompiler extends Base {

1
src/Compile/Modifier/StringFormatModifierCompiler.php
View File

@@ -6,7 +6,6 @@ namespace Smarty\Compile\Modifier;
* Name: string_format
* Purpose: format strings via sprintf
*
* @link https://www.smarty.net/manual/en/language.modifier.string.format.php string_format (Smarty online manual)
* @author Uwe Tews
*/

1
src/Compile/Modifier/StripModifierCompiler.php
View File

@@ -9,7 +9,6 @@ namespace Smarty\Compile\Modifier;
* Example: {$var|strip} {$var|strip:"&nbsp;"}
* Date: September 25th, 2002
*
* @link https://www.smarty.net/manual/en/language.modifier.strip.php strip (Smarty online manual)
* @author Uwe Tews
*/

1
src/Compile/Modifier/StripTagsModifierCompiler.php
View File

@@ -6,7 +6,6 @@ namespace Smarty\Compile\Modifier;
* Name: strip_tags
* Purpose: strip html tags from text
*
* @link https://www.smarty.net/docs/en/language.modifier.strip.tags.tpl strip_tags (Smarty online manual)
* @author Uwe Tews
*/

1
src/Compile/Modifier/StrlenModifierCompiler.php
View File

@@ -7,7 +7,6 @@ namespace Smarty\Compile\Modifier;
* Name: strlen
* Purpose: return the length of the given string
*
* @link https://www.smarty.net/docs/en/language.modifier.strlen.tpl strlen (Smarty online manual)
*/
class StrlenModifierCompiler extends Base {

1
src/Compile/Modifier/UpperModifierCompiler.php
View File

@@ -6,7 +6,6 @@ namespace Smarty\Compile\Modifier;
* Name: lower
* Purpose: convert string to uppercase
*
* @link https://www.smarty.net/manual/en/language.modifier.upper.php lower (Smarty online manual)
* @author Uwe Tews
*/

1
src/Compile/Modifier/WordWrapModifierCompiler.php
View File

@@ -6,7 +6,6 @@ namespace Smarty\Compile\Modifier;
* Name: wordwrap
* Purpose: wrap a string of text at a given length
*
* @link https://www.smarty.net/manual/en/language.modifier.wordwrap.php wordwrap (Smarty online manual)
* @author Uwe Tews
*/

8
src/Compile/Tag/ConfigLoad.php
View File

@@ -43,7 +43,7 @@ class ConfigLoad extends Base {
* @var array
* @see BasePlugin
*/
protected $optional_attributes = ['section', 'scope'];
protected $optional_attributes = ['section'];
/**
* Attribute definition: Overwrites base class.
@@ -51,7 +51,7 @@ class ConfigLoad extends Base {
* @var array
* @see BasePlugin
*/
protected $option_flags = ['nocache', 'noscope'];
protected $option_flags = [];
/**
* Compiles code for the {config_load} tag
@@ -66,9 +66,7 @@ class ConfigLoad extends Base {
{
// check and get attributes
$_attr = $this->getAttributes($compiler, $args);
if ($_attr['nocache'] === true) {
$compiler->trigger_template_error('nocache option not allowed', null, true);
}
// save possible attributes
$conf_file = $_attr['file'];
$section = $_attr['section'] ?? 'null';

64
src/Compile/Tag/ExtendsTag.php
View File

@@ -32,7 +32,7 @@ class ExtendsTag extends Inheritance {
*
* @var array
*/
protected $optional_attributes = ['extends_resource'];
protected $optional_attributes = [];
/**
* Attribute definition: Overwrites base class.
@@ -64,29 +64,7 @@ class ExtendsTag extends Inheritance {
}
// add code to initialize inheritance
$this->registerInit($compiler, true);
$file = trim($_attr['file'], '\'"');
if (strlen($file) > 8 && substr($file, 0, 8) === 'extends:') {
// generate code for each template
$files = array_reverse(explode('|', substr($file, 8)));
$i = 0;
foreach ($files as $file) {
if ($file[0] === '"') {
$file = trim($file, '".');
} else {
$file = "'{$file}'";
}
$i++;
if ($i === count($files) && isset($_attr['extends_resource'])) {
$this->compileEndChild($compiler);
}
$this->compileInclude($compiler, $file);
}
if (!isset($_attr['extends_resource'])) {
$this->compileEndChild($compiler);
}
} else {
$this->compileEndChild($compiler, $_attr['file']);
}
$this->compileEndChild($compiler, $_attr['file']);
return '';
}
@@ -106,42 +84,4 @@ class ExtendsTag extends Inheritance {
(isset($template) ? ", {$template}, \$_smarty_current_dir" : '') . ");\n?>"
);
}
/**
* Add code for including subtemplate to end of template
*
* @param \Smarty\Compiler\Template $compiler
* @param string $template subtemplate name
*
* @throws \Smarty\CompilerException
* @throws \Smarty\Exception
*/
private function compileInclude(\Smarty\Compiler\Template $compiler, $template) {
$compiler->getParser()->template_postfix[] = new \Smarty\ParseTree\Tag(
$compiler->getParser(),
$compiler->compileTag(
'include',
[
$template,
['scope' => 'parent'],
]
)
);
}
/**
* Create source code for {extends} from source components array
*
* @param \Smarty\Template $template
*
* @return string
*/
public static function extendsSourceArrayCode(\Smarty\Template $template) {
$resources = [];
foreach ($template->getSource()->components as $source) {
$resources[] = $source->resource;
}
return $template->getLeftDelimiter() . 'extends file=\'extends:' . join('|', $resources) .
'\' extends_resource=true' . $template->getRightDelimiter();
}
}

43
src/Compiler/Template.php
View File

@@ -403,21 +403,37 @@ class Template extends BaseCompiler {
}
// get template source
if (!empty($this->template->getSource()->components)) {
// we have array of inheritance templates by extends: resource
// generate corresponding source code sequence
$_content =
ExtendsTag::extendsSourceArrayCode($this->template);
$_compiled_code = '<?php $_smarty_tpl->getInheritance()->init($_smarty_tpl, true); ?>';
$i = 0;
$reversed_components = array_reverse($this->template->getSource()->components);
foreach ($reversed_components as $source) {
$i++;
if ($i === count($reversed_components)) {
$_compiled_code .= '<?php $_smarty_tpl->getInheritance()->endChild($_smarty_tpl); ?>';
}
$_compiled_code .= $this->compileTag(
'include',
[
var_export($source->resource, true),
['scope' => 'parent'],
]
);
}
$_compiled_code = $this->smarty->runPostFilters($_compiled_code, $this->template);
} else {
// get template source
$_content = $this->template->getSource()->getContent();
$_compiled_code = $this->smarty->runPostFilters(
$this->doCompile(
$this->smarty->runPreFilters($_content, $this->template),
true
),
$this->template
);
}
$_compiled_code = $this->smarty->runPostFilters(
$this->doCompile(
$this->smarty->runPreFilters($_content, $this->template),
true
),
$this->template
);
} catch (\Exception $e) {
if ($this->smarty->debugging) {
$this->smarty->getDebug()->end_compile($this->template);
@@ -680,7 +696,8 @@ class Template extends BaseCompiler {
*
* @return string
*/
public function appendCode($left, $right) {
public function appendCode(string $left, string $right): string
{
if (preg_match('/\s*\?>\s?$/D', $left) && preg_match('/^<\?php\s+/', $right)) {
$left = preg_replace('/\s*\?>\s?$/D', "\n", $left);
$left .= preg_replace('/^<\?php\s+/', '', $right);
@@ -1056,7 +1073,7 @@ class Template extends BaseCompiler {
$prefixArray = array_merge($this->prefix_code, array_pop($this->prefixCodeStack));
$this->prefixCodeStack[] = [];
foreach ($prefixArray as $c) {
$code = $this->appendCode($code, $c);
$code = $this->appendCode($code, (string) $c);
}
$this->prefix_code = [];
return $code;

13
src/Data.php
View File

@@ -163,8 +163,6 @@ class Data
* be not cached
*
* @return Data
* @link https://www.smarty.net/docs/en/api.append.tpl
*
* @api Smarty::append()
*/
public function append($tpl_var, $value = null, $merge = false, $nocache = false)
@@ -218,7 +216,6 @@ class Data
*
* @return mixed variable value or or array of variables
* @api Smarty::getTemplateVars()
* @link https://www.smarty.net/docs/en/api.get.template.vars.tpl
*
*/
public function getTemplateVars($varName = null, $searchParents = true)
@@ -227,7 +224,10 @@ class Data
return $this->getValue($varName, $searchParents);
}
return array_merge($this->parent && $searchParents ? $this->parent->getTemplateVars() : [], $this->tpl_vars);
return array_merge(
$this->parent && $searchParents ? $this->parent->getTemplateVars() : [],
array_map(function(Variable $var) { return $var->getValue(); }, $this->tpl_vars)
);
}
/**
@@ -351,7 +351,6 @@ class Data
* @param string|array $tpl_var the template variable(s) to clear
*
* @return Data
* @link https://www.smarty.net/docs/en/api.clear.assign.tpl
*
* @api Smarty::clearAssign()
*/
@@ -371,7 +370,6 @@ class Data
* clear all the assigned template variables.
*
* @return Data
* @link https://www.smarty.net/docs/en/api.clear.all.assign.tpl
*
* @api Smarty::clearAllAssign()
*/
@@ -387,7 +385,6 @@ class Data
* @param string|null $name variable name or null
*
* @return Data
* @link https://www.smarty.net/docs/en/api.clear.config.tpl
*
* @api Smarty::clearConfig()
*/
@@ -440,7 +437,6 @@ class Data
*
* @return mixed variable value or or array of variables
* @throws Exception
* @link https://www.smarty.net/docs/en/api.get.config.vars.tpl
*
* @api Smarty::getConfigVars()
*/
@@ -462,7 +458,6 @@ class Data
* @returns $this
* @throws \Exception
* @link https://www.smarty.net/docs/en/api.config.load.tpl
*
* @api Smarty::configLoad()
*/

7
src/Extension/DefaultExtension.php
View File

@@ -113,7 +113,6 @@ class DefaultExtension extends Base {
* Name: spacify
* Purpose: add spaces between characters in a string
*
* @link https://www.smarty.net/manual/en/language.modifier.spacify.php spacify (Smarty online manual)
* @author Monte Ohrt <monte at ohrt dot com>
*
* @param string $string input string
@@ -234,7 +233,6 @@ class DefaultExtension extends Base {
* - format: strftime format for output
* - default_date: default date if $string is empty
*
* @link https://www.smarty.net/manual/en/language.modifier.date.format.php date_format (Smarty online manual)
* @author Monte Ohrt <monte at ohrt dot com>
*
* @param string $string input date string
@@ -386,7 +384,6 @@ class DefaultExtension extends Base {
* Name: escape
* Purpose: escape string for output
*
* @link https://www.smarty.net/docs/en/language.modifier.escape
* @author Monte Ohrt <monte at ohrt dot com>
*
* @param string $string input string
@@ -654,8 +651,6 @@ class DefaultExtension extends Base {
* Name: regex_replace
* Purpose: regular expression search/replace
*
* @link https://www.smarty.net/manual/en/language.modifier.regex.replace.php
* regex_replace (Smarty online manual)
* @author Monte Ohrt <monte at ohrt dot com>
*
* @param string $string input string
@@ -703,7 +698,6 @@ class DefaultExtension extends Base {
* Name: replace
* Purpose: simple search/replace
*
* @link https://www.smarty.net/manual/en/language.modifier.replace.php replace (Smarty online manual)
* @author Monte Ohrt <monte at ohrt dot com>
* @author Uwe Tews
*
@@ -726,7 +720,6 @@ class DefaultExtension extends Base {
* optionally splitting in the middle of a word, and
* appending the $etc string or inserting $etc into the middle.
*
* @link https://www.smarty.net/manual/en/language.modifier.truncate.php truncate (Smarty online manual)
* @author Monte Ohrt <monte at ohrt dot com>
*
* @param string $string input string

2
src/FunctionHandler/Counter.php
View File

@@ -13,8 +13,6 @@ use Smarty\Template;
* @param Template $template template object
*
* @return string|null
*@link https://www.smarty.net/manual/en/language.function.counter.php {counter}
* (Smarty online manual)
*
* @author Monte Ohrt <monte at ohrt dot com>
*/

2
src/FunctionHandler/Cycle.php
View File

@@ -26,8 +26,6 @@ use Smarty\Template;
* {cycle name=row values="one,two,three" reset=true}
* {cycle name=row}
*
* @link https://www.smarty.net/manual/en/language.function.cycle.php {cycle}
* (Smarty online manual)
* @author Monte Ohrt <monte at ohrt dot com>
* @author credit to Mark Priatel <mpriatel@rogers.com>
* @author credit to Gerard <gerard@interfold.com>

2
src/FunctionHandler/Fetch.php
View File

@@ -10,8 +10,6 @@ use Smarty\Template;
* Name: fetch
* Purpose: fetch file, web or ftp data and display results
*
* @link https://www.smarty.net/manual/en/language.function.fetch.php {fetch}
* (Smarty online manual)
* @author Monte Ohrt <monte at ohrt dot com>
*
* @param array $params parameters

2
src/FunctionHandler/HtmlCheckboxes.php
View File

@@ -27,8 +27,6 @@ use Smarty\Template;
* - assign (optional) - assign the output as an array to this variable
* - escape (optional) - escape the content (not value), defaults to true
*
* @link https://www.smarty.net/manual/en/language.function.html.checkboxes.php {html_checkboxes}
* (Smarty online manual)
* @author Christopher Kvarme <christopher.kvarme@flashjab.com>
* @author credits to Monte Ohrt <monte at ohrt dot com>
* @version 1.0

2
src/FunctionHandler/HtmlImage.php
View File

@@ -20,8 +20,6 @@ use Smarty\Template;
* - basedir - (optional) - base directory for absolute paths, default is environment variable DOCUMENT_ROOT
* - path_prefix - prefix for path output (optional, default empty)
*
* @link https://www.smarty.net/manual/en/language.function.html.image.php {html_image}
* (Smarty online manual)
* @author Monte Ohrt <monte at ohrt dot com>
* @author credits to Duda <duda@big.hu>
* @version 1.0

2
src/FunctionHandler/HtmlOptions.php
View File

@@ -19,8 +19,6 @@ use Smarty\Template;
* - id (optional) - string default not set
* - class (optional) - string default not set
*
* @link https://www.smarty.net/manual/en/language.function.html.options.php {html_image}
* (Smarty online manual)
* @author Monte Ohrt <monte at ohrt dot com>
* @author Ralf Strehle (minor optimization) <ralf dot strehle at yahoo dot de>
*

2
src/FunctionHandler/HtmlRadios.php
View File

@@ -27,8 +27,6 @@ use Smarty\Template;
* {html_radios values=$ids name='box' separator='<br>' output=$names}
* {html_radios values=$ids checked=$checked separator='<br>' output=$names}
*
* @link https://www.smarty.net/manual/en/language.function.html.radios.php {html_radios}
* (Smarty online manual)
* @author Christopher Kvarme <christopher.kvarme@flashjab.com>
* @author credits to Monte Ohrt <monte at ohrt dot com>
* @version 1.0

2
src/FunctionHandler/HtmlSelectDate.php
View File

@@ -26,8 +26,6 @@ use Smarty\Template;
* - 2.0 complete rewrite for performance,
* added attributes month_names, *_id
*
* @link https://www.smarty.net/manual/en/language.function.html.select.date.php {html_select_date}
* (Smarty online manual)
* @version 2.0
* @author Andrei Zmievski
* @author Monte Ohrt <monte at ohrt dot com>

2
src/FunctionHandler/HtmlSelectTime.php
View File

@@ -9,8 +9,6 @@ use Smarty\Template;
* Name: html_select_time
* Purpose: Prints the dropdowns for time selection
*
* @link https://www.smarty.net/manual/en/language.function.html.select.time.php {html_select_time}
* (Smarty online manual)
* @author Roberto Berto <roberto@berto.net>
* @author Monte Ohrt <monte AT ohrt DOT com>
*

2
src/FunctionHandler/HtmlTable.php
View File

@@ -37,8 +37,6 @@ use Smarty\Template;
* @return string
*@author credit to boots <boots dot smarty at yahoo dot com>
* @version 1.1
* @link https://www.smarty.net/manual/en/language.function.html.table.php {html_table}
* (Smarty online manual)
*
* @author Monte Ohrt <monte at ohrt dot com>
* @author credit to Messju Mohr <messju at lammfellpuschen dot de>

2
src/FunctionHandler/Mailto.php
View File

@@ -35,8 +35,6 @@ use Smarty\Template;
* {mailto address="me@domain.com" cc="you@domain.com,they@domain.com"}
* {mailto address="me@domain.com" extra='class="mailto"'}
*
* @link https://www.smarty.net/manual/en/language.function.mailto.php {mailto}
* (Smarty online manual)
* @version 1.2
* @author Monte Ohrt <monte at ohrt dot com>
* @author credits to Jason Sweat (added cc, bcc and subject functionality)

2
src/FunctionHandler/Math.php
View File

@@ -10,8 +10,6 @@ use Smarty\Template;
* Name: math
* Purpose: handle math computations in template
*
* @link https://www.smarty.net/manual/en/language.function.math.php {math}
* (Smarty online manual)
* @author Monte Ohrt <monte at ohrt dot com>
*
* @param array $params parameters

6
src/ParseTree/Dq.php
View File

@@ -47,18 +47,18 @@ class Dq extends Base
if ($subtree instanceof Code) {
$this->subtrees[ $last_subtree ]->data =
$parser->compiler->appendCode(
$this->subtrees[ $last_subtree ]->data,
(string) $this->subtrees[ $last_subtree ]->data,
'<?php echo ' . $subtree->data . ';?>'
);
} elseif ($subtree instanceof DqContent) {
$this->subtrees[ $last_subtree ]->data =
$parser->compiler->appendCode(
$this->subtrees[ $last_subtree ]->data,
(string) $this->subtrees[ $last_subtree ]->data,
'<?php echo "' . $subtree->data . '";?>'
);
} else {
$this->subtrees[ $last_subtree ]->data =
$parser->compiler->appendCode($this->subtrees[ $last_subtree ]->data, $subtree->data);
$parser->compiler->appendCode((string) $this->subtrees[ $last_subtree ]->data, (string) $subtree->data);
}
} else {
$this->subtrees[] = $subtree;

4
src/ParseTree/Tag.php
View File

@@ -62,9 +62,9 @@ class Tag extends Base
public function assign_to_var(\Smarty\Parser\TemplateParser $parser)
{
$var = $parser->compiler->getNewPrefixVariable();
$tmp = $parser->compiler->appendCode('<?php ob_start();?>', $this->data);
$tmp = $parser->compiler->appendCode('<?php ob_start();?>', (string) $this->data);
$tmp = $parser->compiler->appendCode($tmp, "<?php {$var}=ob_get_clean();?>");
$parser->compiler->appendPrefixCode((string) $tmp);
$parser->compiler->appendPrefixCode($tmp);
return $var;
}
}

2
src/ParseTree/Template.php
View File

@@ -114,7 +114,7 @@ class Template extends Base
break;
case 'tag':
foreach ($chunk['subtrees'] as $subtree) {
$text = $parser->compiler->appendCode($text, $subtree->to_smarty_php($parser));
$text = $parser->compiler->appendCode($text, (string) $subtree->to_smarty_php($parser));
}
$code .= $text;
break;

2
src/Parser/TemplateParser.php
View File

@@ -2536,7 +2536,7 @@ public static $yy_action = array(
// line 806 "src/Parser/TemplateParser.y"
public function yy_r101(){
$prefixVar = $this->compiler->getNewPrefixVariable();
$tmp = $this->compiler->appendCode('<?php ob_start();?>', $this->yystack[$this->yyidx + 0]->minor);
$tmp = $this->compiler->appendCode('<?php ob_start();?>', (string) $this->yystack[$this->yyidx + 0]->minor);
$this->compiler->appendPrefixCode($this->compiler->appendCode($tmp, "<?php {$prefixVar} = ob_get_clean();?>"));
$this->_retvalue = $prefixVar;
}

2
src/Parser/TemplateParser.y
View File

@@ -805,7 +805,7 @@ value(res) ::= varindexed(vi) DOUBLECOLON static_class_access(r). {
// Smarty tag
value(res) ::= smartytag(st). {
$prefixVar = $this->compiler->getNewPrefixVariable();
$tmp = $this->compiler->appendCode('<?php ob_start();?>', st);
$tmp = $this->compiler->appendCode('<?php ob_start();?>', (string) st);
$this->compiler->appendPrefixCode($this->compiler->appendCode($tmp, "<?php {$prefixVar} = ob_get_clean();?>"));
res = $prefixVar;
}

18
src/Runtime/ForeachRuntime.php
View File

@@ -116,22 +116,20 @@ class ForeachRuntime {
*
* @return int the count for arrays and objects that implement countable, 1 for other objects that don't, and 0
* for empty elements
* @throws \Exception
*/
public function count($value) {
if ($value instanceof IteratorAggregate) {
public function count($value): int
{
if ($value instanceof \IteratorAggregate) {
// Note: getIterator() returns a Traversable, not an Iterator
// thus rewind() and valid() methods may not be present
return iterator_count($value->getIterator());
} elseif ($value instanceof Iterator) {
return $value instanceof Generator ? 1 : iterator_count($value);
} elseif ($value instanceof Countable) {
} elseif ($value instanceof \Iterator) {
return $value instanceof \Generator ? 1 : iterator_count($value);
} elseif ($value instanceof \Countable) {
return count($value);
} elseif ($value instanceof PDOStatement) {
return $value->rowCount();
} elseif ($value instanceof Traversable) {
return iterator_count($value);
}
return count((array)$value);
return count((array) $value);
}
/**

80
src/Smarty.php
View File

@@ -40,7 +40,6 @@ use Smarty\Runtime\TplFunctionRuntime;
* Smarty mailing list. Send a blank e-mail to
* smarty-discussion-subscribe@googlegroups.com
*
* @link https://www.smarty.net/
* @author Monte Ohrt <monte at ohrt dot com>
* @author Uwe Tews <uwe dot tews at gmail dot com>
* @author Rodney Rehm
@@ -55,7 +54,7 @@ class Smarty extends \Smarty\TemplateBase {
/**
* smarty version
*/
const SMARTY_VERSION = '5.0.1';
const SMARTY_VERSION = '5.2.0';
/**
* define caching modes
@@ -536,8 +535,6 @@ class Smarty extends \Smarty\TemplateBase {
/**
* Load an additional extension.
*
* @param Base $extension
*
* @return void
*/
public function addExtension(ExtensionInterface $extension) {
@@ -583,7 +580,7 @@ class Smarty extends \Smarty\TemplateBase {
*
* @param string|\Smarty\Security $security_class if a string is used, it must be class-name
*
* @return Smarty current Smarty instance for chaining
* @return static current Smarty instance for chaining
* @throws \Smarty\Exception
*/
public function enableSecurity($security_class = null) {
@@ -594,7 +591,7 @@ class Smarty extends \Smarty\TemplateBase {
/**
* Disable security
*
* @return Smarty current Smarty instance for chaining
* @return static current Smarty instance for chaining
*/
public function disableSecurity() {
$this->security_policy = null;
@@ -608,7 +605,7 @@ class Smarty extends \Smarty\TemplateBase {
* @param string $key of the array element to assign the template dir to
* @param bool $isConfig true for config_dir
*
* @return Smarty current Smarty instance for chaining
* @return static current Smarty instance for chaining
*/
public function addTemplateDir($template_dir, $key = null, $isConfig = false) {
if ($isConfig) {
@@ -673,7 +670,7 @@ class Smarty extends \Smarty\TemplateBase {
* @param string|array $template_dir directory(s) of template sources
* @param bool $isConfig true for config_dir
*
* @return Smarty current Smarty instance for chaining
* @return static current Smarty instance for chaining
*/
public function setTemplateDir($template_dir, $isConfig = false) {
if ($isConfig) {
@@ -687,13 +684,28 @@ class Smarty extends \Smarty\TemplateBase {
return $this;
}
/**
* Adds a template directory before any existing directoires
*
* @param string $new_template_dir directory of template sources
* @param bool $is_config true for config_dir
*
* @return static current Smarty instance for chaining
*/
public function prependTemplateDir($new_template_dir, $is_config = false) {
$current_template_dirs = $is_config ? $this->config_dir : $this->template_dir;
array_unshift($current_template_dirs, $new_template_dir);
$this->setTemplateDir($current_template_dirs, $is_config);
return $this;
}
/**
* Add config directory(s)
*
* @param string|array $config_dir directory(s) of config sources
* @param mixed $key key of the array element to assign the config dir to
*
* @return Smarty current Smarty instance for chaining
* @return static current Smarty instance for chaining
*/
public function addConfigDir($config_dir, $key = null) {
return $this->addTemplateDir($config_dir, $key, true);
@@ -715,7 +727,7 @@ class Smarty extends \Smarty\TemplateBase {
*
* @param $config_dir
*
* @return Smarty current Smarty instance for chaining
* @return static current Smarty instance for chaining
*/
public function setConfigDir($config_dir) {
return $this->setTemplateDir($config_dir, true);
@@ -731,7 +743,6 @@ class Smarty extends \Smarty\TemplateBase {
*
* @return $this
* @throws \Smarty\Exception
* @link https://www.smarty.net/docs/en/api.register.plugin.tpl
*
* @api Smarty::registerPlugin()
*/
@@ -758,7 +769,6 @@ class Smarty extends \Smarty\TemplateBase {
* @param string $name name of template tag
*
* @return array|null
* @link https://www.smarty.net/docs/en/api.unregister.plugin.tpl
*
* @api Smarty::unregisterPlugin()
*/
@@ -776,7 +786,6 @@ class Smarty extends \Smarty\TemplateBase {
* @param string $name name of template tag
*
* @return $this
* @link https://www.smarty.net/docs/en/api.unregister.plugin.tpl
*
* @api Smarty::unregisterPlugin()
*/
@@ -792,7 +801,7 @@ class Smarty extends \Smarty\TemplateBase {
*
* @param null|array|string $plugins_dir
*
* @return Smarty current Smarty instance for chaining
* @return static current Smarty instance for chaining
* @deprecated since 5.0
*/
public function addPluginsDir($plugins_dir) {
@@ -825,7 +834,7 @@ class Smarty extends \Smarty\TemplateBase {
*
* @param string|array $plugins_dir directory(s) of plugins
*
* @return Smarty current Smarty instance for chaining
* @return static current Smarty instance for chaining
* @deprecated since 5.0
*/
public function setPluginsDir($plugins_dir) {
@@ -850,7 +859,6 @@ class Smarty extends \Smarty\TemplateBase {
*
* @return $this
* @throws Exception if $callback is not callable
* @link https://www.smarty.net/docs/en/api.register.default.plugin.handler.tpl
*
* @api Smarty::registerDefaultPluginHandler()
*
@@ -887,7 +895,7 @@ class Smarty extends \Smarty\TemplateBase {
*
* @param string $compile_dir directory to store compiled templates in
*
* @return Smarty current Smarty instance for chaining
* @return static current Smarty instance for chaining
*/
public function setCompileDir($compile_dir) {
$this->_normalizeDir('compile_dir', $compile_dir);
@@ -913,7 +921,7 @@ class Smarty extends \Smarty\TemplateBase {
*
* @param string $cache_dir directory to store cached templates in
*
* @return Smarty current Smarty instance for chaining
* @return static current Smarty instance for chaining
*/
public function setCacheDir($cache_dir) {
$this->_normalizeDir('cache_dir', $cache_dir);
@@ -1176,7 +1184,7 @@ class Smarty extends \Smarty\TemplateBase {
/**
* Get Smarty object
*
* @return Smarty
* @return static
*/
public function getSmarty() {
return $this;
@@ -1254,7 +1262,6 @@ class Smarty extends \Smarty\TemplateBase {
*
* @return int number of cache files deleted
* @throws \Smarty\Exception
* @link https://www.smarty.net/docs/en/api.clear.cache.tpl
*
* @api Smarty::clearCache()
*/
@@ -1274,7 +1281,6 @@ class Smarty extends \Smarty\TemplateBase {
* @param string $type resource type
*
* @return int number of cache files deleted
* @link https://www.smarty.net/docs/en/api.clear.all.cache.tpl
*
* @api Smarty::clearAllCache()
*/
@@ -1291,7 +1297,6 @@ class Smarty extends \Smarty\TemplateBase {
*
* @return int number of template files deleted
* @throws \Smarty\Exception
* @link https://www.smarty.net/docs/en/api.clear.compiled.template.tpl
*
* @api Smarty::clearCompiledTemplate()
*/
@@ -1805,7 +1810,6 @@ class Smarty extends \Smarty\TemplateBase {
* @return bool
* @throws \Smarty\Exception
* @api Smarty::loadFilter()
* @link https://www.smarty.net/docs/en/api.load.filter.tpl
*
* @deprecated since 5.0
*/
@@ -1853,11 +1857,10 @@ class Smarty extends \Smarty\TemplateBase {
* @param string $type filter type
* @param string $name filter name
*
* @return TemplateBase
* @return static
* @throws \Smarty\Exception
* @api Smarty::unloadFilter()
*
* @link https://www.smarty.net/docs/en/api.unload.filter.tpl
*
* @deprecated since 5.0
*/
@@ -1900,8 +1903,7 @@ class Smarty extends \Smarty\TemplateBase {
* @param string $name name of resource type
* @param Base $resource_handler
*
* @return Smarty
* @link https://www.smarty.net/docs/en/api.register.cacheresource.tpl
* @return static
*
* @api Smarty::registerCacheResource()
*
@@ -1922,9 +1924,8 @@ class Smarty extends \Smarty\TemplateBase {
*
* @param $name
*
* @return Smarty
* @return static
* @api Smarty::unregisterCacheResource()
* @link https://www.smarty.net/docs/en/api.unregister.cacheresource.tpl
*
* @deprecated since 5.0
*
@@ -1956,9 +1957,8 @@ class Smarty extends \Smarty\TemplateBase {
* @param callable $callback
* @param string|null $name optional filter name
*
* @return TemplateBase
* @return static
* @throws \Smarty\Exception
* @link https://www.smarty.net/docs/en/api.register.filter.tpl
*
* @api Smarty::registerFilter()
*/
@@ -2016,11 +2016,10 @@ class Smarty extends \Smarty\TemplateBase {
* @param string $type filter type
* @param callback|string $name the name previously used in ::registerFilter
*
* @return TemplateBase
* @return static
* @throws \Smarty\Exception
* @api Smarty::unregisterFilter()
*
* @link https://www.smarty.net/docs/en/api.unregister.filter.tpl
*
*/
public function unregisterFilter($type, $name) {
@@ -2054,7 +2053,7 @@ class Smarty extends \Smarty\TemplateBase {
* @param array|string $modifiers modifier or list of modifiers
* to add
*
* @return Smarty
* @return static
* @api Smarty::addDefaultModifiers()
*
*/
@@ -2084,7 +2083,7 @@ class Smarty extends \Smarty\TemplateBase {
* @param array|string $modifiers modifier or list of modifiers
* to set
*
* @return TemplateBase
* @return static
* @api Smarty::setDefaultModifiers()
*
*/
@@ -2203,7 +2202,6 @@ class Smarty extends \Smarty\TemplateBase {
* @return bool cache status
* @throws \Exception
* @throws \Smarty\Exception
* @link https://www.smarty.net/docs/en/api.is.cached.tpl
*
* @api Smarty::isCached()
*/
@@ -2242,7 +2240,15 @@ class Smarty extends \Smarty\TemplateBase {
public function setErrorUnassigned(bool $error_unassigned): void
{
$this->error_unassigned = $error_unassigned;
}
/**
* Sets if Smarty should check If-Modified-Since headers to determine cache validity.
* @param bool $cache_modified_check
* @return void
*/
public function setCacheModifiedCheck($cache_modified_check): void {
$this->cache_modified_check = (bool) $cache_modified_check;
}
}

1
src/Template.php
View File

@@ -604,7 +604,6 @@ class Template extends TemplateBase {
* @return bool cache status
* @throws \Exception
* @throws \Smarty\Exception
* @link https://www.smarty.net/docs/en/api.is.cached.tpl
*
* @api Smarty::isCached()
*/

27
src/TemplateBase.php
View File

@@ -73,9 +73,8 @@ abstract class TemplateBase extends Data {
* @param bool $format smarty argument format, else traditional
* @param array $block_methods list of block-methods
*
* @return \Smarty|\Smarty\Template
* @return static
* @throws \Smarty\Exception
* @link https://www.smarty.net/docs/en/api.register.object.tpl
*
* @api Smarty::registerObject()
*/
@@ -114,9 +113,8 @@ abstract class TemplateBase extends Data {
*
* @param string $object_name name of object
*
* @return TemplateBase
* @return static
* @api Smarty::unregisterObject()
* @link https://www.smarty.net/docs/en/api.unregister.object.tpl
*
*/
public function unregisterObject($object_name) {
@@ -179,7 +177,6 @@ abstract class TemplateBase extends Data {
* @return Data data object
* @throws Exception
* @api Smarty::createData()
* @link https://www.smarty.net/docs/en/api.create.data.tpl
*
*/
public function createData(Data $parent = null, $name = null) {
@@ -222,7 +219,6 @@ abstract class TemplateBase extends Data {
*
* @return object
* @throws \Smarty\Exception if no such object is found
* @link https://www.smarty.net/docs/en/api.get.registered.object.tpl
*
* @api Smarty::getRegisteredObject()
*/
@@ -255,7 +251,7 @@ abstract class TemplateBase extends Data {
* @param array|string $literals literal or list of literals
* to addto add
*
* @return TemplateBase
* @return static
* @throws \Smarty\Exception
* @api Smarty::addLiterals()
*
@@ -273,7 +269,7 @@ abstract class TemplateBase extends Data {
* @param array|string $literals literal or list of literals
* to setto set
*
* @return TemplateBase
* @return static
* @throws \Smarty\Exception
* @api Smarty::setLiterals()
*
@@ -316,10 +312,9 @@ abstract class TemplateBase extends Data {
* @param string $class_impl the referenced PHP class to
* register
*
* @return TemplateBase
* @return static
* @throws \Smarty\Exception
* @api Smarty::registerClass()
* @link https://www.smarty.net/docs/en/api.register.class.tpl
*
*/
public function registerClass($class_name, $class_impl) {
@@ -338,7 +333,7 @@ abstract class TemplateBase extends Data {
*
* @param callable $callback class/method name
*
* @return TemplateBase
* @return static
* @throws Exception if $callback is not callable
* @api Smarty::registerDefaultConfigHandler()
*
@@ -358,7 +353,7 @@ abstract class TemplateBase extends Data {
*
* @param callable $callback class/method name
*
* @return TemplateBase
* @return static
* @throws Exception if $callback is not callable
* @api Smarty::registerDefaultTemplateHandler()
*
@@ -379,8 +374,7 @@ abstract class TemplateBase extends Data {
* @param string $name name of resource type
* @param \Smarty\Resource\BasePlugin $resource_handler instance of Smarty\Resource\BasePlugin
*
* @return \Smarty\Smarty|\Smarty\Template
* @link https://www.smarty.net/docs/en/api.register.resource.tpl
* @return static
*
* @api Smarty::registerResource()
*/
@@ -395,9 +389,8 @@ abstract class TemplateBase extends Data {
*
* @param string $type name of resource type
*
* @return TemplateBase
* @return static
* @api Smarty::unregisterResource()
* @link https://www.smarty.net/docs/en/api.unregister.resource.tpl
*
*/
public function unregisterResource($type) {
@@ -413,7 +406,7 @@ abstract class TemplateBase extends Data {
*
* @param string $tpl_name
*
* @return TemplateBase
* @return static
* @throws Exception if file is not readable
* @api Smarty::setDebugTemplate()
*

9
tests/UnitTests/ResourceTests/FileIndexed/FileResourceIndexedTest.php
View File

@@ -91,4 +91,13 @@ class FileResourceIndexedTest extends PHPUnit_Smarty
$this->assertNotEquals($tpl->getCached()->filepath, $tpl2->getCached()->filepath);
}
public function testPrependTemplatePath()
{
$this->smarty->setTemplateDir(__DIR__ . '/templates');
$this->smarty->prependTemplateDir(__DIR__ . '/templates_4');
$tpl = $this->smarty->createTemplate('dirname.tpl');
$this->assertEquals('templates_4', $this->smarty->fetch($tpl));
}
}

710
tests/UnitTests/SecurityTests/SecurityTest.php
View File

@@ -10,411 +10,411 @@ use Smarty\CompilerException;
/**
* class for security test
*
*
*
*
*/
class SecurityTest extends PHPUnit_Smarty
{
public function setUp(): void
{
$this->setUpSmarty(__DIR__);
public function setUp(): void
{
$this->setUpSmarty(__DIR__);
$this->smarty->setForceCompile(true);
$this->smarty->enableSecurity();
}
public function testInit()
{
$this->cleanDirs();
}
$this->smarty->setForceCompile(true);
$this->smarty->enableSecurity();
}
public function testInit()
{
$this->cleanDirs();
}
/**
* test that security is loaded
*/
public function testSecurityLoaded()
{
$this->assertTrue(is_object($this->smarty->security_policy));
}
/**
* test that security is loaded
*/
public function testSecurityLoaded()
{
$this->assertTrue(is_object($this->smarty->security_policy));
}
/**
* test trusted PHP function
*/
public function testTrustedFunction()
{
$this->assertEquals("5", $this->smarty->fetch('string:{assign var=foo value=[1,2,3,4,5]}{count($foo)}'));
}
/**
* test trusted PHP function
*/
public function testTrustedFunction()
{
$this->assertEquals("5", $this->smarty->fetch('string:{assign var=foo value=[1,2,3,4,5]}{count($foo)}'));
}
/**
* test trusted modifier
* @deprecated
*/
public function testTrustedModifier()
{
$this->assertEquals("5", @$this->smarty->fetch('string:{assign var=foo value=[1,2,3,4,5]}{$foo|@count}'));
}
/**
* test trusted modifier
* @deprecated
*/
public function testTrustedModifier()
{
$this->assertEquals("5", @$this->smarty->fetch('string:{assign var=foo value=[1,2,3,4,5]}{$foo|@count}'));
}
/**
* test not trusted modifier
*
*
* @deprecated
*/
public function testNotTrustedModifier()
{
$this->smarty->security_policy->disabled_modifiers[] = 'escape';
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('modifier \'escape\' disabled by security setting');
@$this->smarty->fetch('string:{assign var=foo value=[1,2,3,4,5]}{$foo|escape}');
}
/**
* test not trusted modifier
*
*
* @deprecated
*/
public function testNotTrustedModifier()
{
$this->smarty->security_policy->disabled_modifiers[] = 'escape';
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('modifier \'escape\' disabled by security setting');
@$this->smarty->fetch('string:{assign var=foo value=[1,2,3,4,5]}{$foo|escape}');
}
/**
* test allowed tags
*/
public function testAllowedTags1()
{
$this->smarty->security_policy->allowed_tags = array('counter');
$this->assertEquals("1", $this->smarty->fetch('string:{counter start=1}'));
}
/**
* test allowed tags
*/
public function testAllowedTags1()
{
$this->smarty->security_policy->allowed_tags = array('counter');
$this->assertEquals("1", $this->smarty->fetch('string:{counter start=1}'));
}
/**
* test not allowed tag
*
*
*/
public function testNotAllowedTags2()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('tag \'cycle\' not allowed by security setting');
$this->smarty->security_policy->allowed_tags = array('counter');
$this->smarty->fetch('string:{counter}{cycle values="1,2"}');
}
/**
* test not allowed tag
*
*
*/
public function testNotAllowedTags2()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('tag \'cycle\' not allowed by security setting');
$this->smarty->security_policy->allowed_tags = array('counter');
$this->smarty->fetch('string:{counter}{cycle values="1,2"}');
}
/**
* test disabled tag
*
*
*/
public function testDisabledTags()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('tag \'cycle\' disabled by security setting');
$this->smarty->security_policy->disabled_tags = array('cycle');
$this->smarty->fetch('string:{counter}{cycle values="1,2"}');
}
/**
* test disabled tag
*
*
*/
public function testDisabledTags()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('tag \'cycle\' disabled by security setting');
$this->smarty->security_policy->disabled_tags = array('cycle');
$this->smarty->fetch('string:{counter}{cycle values="1,2"}');
}
/**
* test allowed modifier
*/
public function testAllowedModifier1()
{
error_reporting(E_ALL & E_STRICT);
$this->smarty->security_policy->allowed_modifiers = array('capitalize');
$this->assertEquals("Hello World", $this->smarty->fetch('string:{"hello world"|capitalize}'));
error_reporting(E_ALL | E_STRICT);
}
/**
* test allowed modifier
*/
public function testAllowedModifier1()
{
error_reporting(E_ALL & E_STRICT);
$this->smarty->security_policy->allowed_modifiers = array('capitalize');
$this->assertEquals("Hello World", $this->smarty->fetch('string:{"hello world"|capitalize}'));
error_reporting(E_ALL | E_STRICT);
}
public function testAllowedModifier2()
{
$this->smarty->security_policy->allowed_modifiers = array('upper');
$this->assertEquals("HELLO WORLD", $this->smarty->fetch('string:{"hello world"|upper}'));
}
public function testAllowedModifier2()
{
$this->smarty->security_policy->allowed_modifiers = array('upper');
$this->assertEquals("HELLO WORLD", $this->smarty->fetch('string:{"hello world"|upper}'));
}
/**
* test not allowed modifier
*
*
*/
public function testNotAllowedModifier()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('modifier \'lower\' not allowed by security setting');
$this->smarty->security_policy->allowed_modifiers = array('upper');
$this->smarty->fetch('string:{"hello"|upper}{"world"|lower}');
}
/**
* test not allowed modifier
*
*
*/
public function testNotAllowedModifier()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('modifier \'lower\' not allowed by security setting');
$this->smarty->security_policy->allowed_modifiers = array('upper');
$this->smarty->fetch('string:{"hello"|upper}{"world"|lower}');
}
/**
* test disabled modifier
*
*
*/
public function testDisabledModifier()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('modifier \'lower\' disabled by security setting');
$this->smarty->security_policy->disabled_modifiers = array('lower');
$this->smarty->fetch('string:{"hello"|upper}{"world"|lower}');
}
/**
* test disabled modifier
*
*
*/
public function testDisabledModifier()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('modifier \'lower\' disabled by security setting');
$this->smarty->security_policy->disabled_modifiers = array('lower');
$this->smarty->fetch('string:{"hello"|upper}{"world"|lower}');
}
/**
* test Smarty no longer handles embedded PHP
*/
public function testSmartyPhpAllow()
{
$this->assertEquals('<?php echo "hello world"; ?>', $this->smarty->fetch('string:<?php echo "hello world"; ?>'));
}
/**
* test Smarty no longer handles embedded PHP
*/
public function testSmartyPhpAllow()
{
$this->assertEquals('<?php echo "hello world"; ?>', $this->smarty->fetch('string:<?php echo "hello world"; ?>'));
}
public function testSmartyPhpAllow2()
{
$this->assertEquals('<? echo "hello world"; ?>', $this->smarty->fetch('string:<? echo "hello world"; ?>'));
}
public function testSmartyPhpAllow2()
{
$this->assertEquals('<? echo "hello world"; ?>', $this->smarty->fetch('string:<? echo "hello world"; ?>'));
}
public function testSmartyPhpAllow3()
{
$this->assertEquals('<% echo "hello world"; %>', $this->smarty->fetch('string:<% echo "hello world"; %>'));
}
public function testSmartyPhpAllow3()
{
$this->assertEquals('<% echo "hello world"; %>', $this->smarty->fetch('string:<% echo "hello world"; %>'));
}
/**
* test standard directory
*/
public function testStandardDirectory()
{
$content = $this->smarty->fetch('string:{include file="helloworld.tpl"}');
$this->assertEquals("hello world", $content);
}
/**
* test standard directory
*/
public function testStandardDirectory()
{
$content = $this->smarty->fetch('string:{include file="helloworld.tpl"}');
$this->assertEquals("hello world", $content);
}
/**
* test trusted directory
*/
public function testTrustedDirectory()
{
$this->smarty->security_policy->secure_dir = array('.' . DIRECTORY_SEPARATOR . 'templates_2' . DIRECTORY_SEPARATOR);
$this->assertEquals("hello world", $this->smarty->fetch('string:{include file="templates_2/hello.tpl"}'));
}
/**
* test trusted directory
*/
public function testTrustedDirectory()
{
$this->smarty->security_policy->secure_dir = array('.' . DIRECTORY_SEPARATOR . 'templates_2' . DIRECTORY_SEPARATOR);
$this->assertEquals("hello world", $this->smarty->fetch('string:{include file="templates_2/hello.tpl"}'));
}
/**
* test not trusted directory
*
*
*
*/
public function testNotTrustedDirectory()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('not trusted file path');
$this->smarty->security_policy->secure_dir = array(str_replace('\\', '/', __DIR__ . '/templates_3/'));
$this->smarty->fetch('string:{include file="templates_2/hello.tpl"}');
}
/**
* test not trusted directory
*
*
*
*/
public function testNotTrustedDirectory()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('not trusted file path');
$this->smarty->security_policy->secure_dir = array(str_replace('\\', '/', __DIR__ . '/templates_3/'));
$this->smarty->fetch('string:{include file="templates_2/hello.tpl"}');
}
/**
* test disabled security for not trusted dir
*/
public function testDisabledTrustedDirectory()
{
$this->smarty->disableSecurity();
$this->assertEquals("hello world", $this->smarty->fetch('string:{include file="templates_2/hello.tpl"}'));
}
/**
* test disabled security for not trusted dir
*/
public function testDisabledTrustedDirectory()
{
$this->smarty->disableSecurity();
$this->assertEquals("hello world", $this->smarty->fetch('string:{include file="templates_2/hello.tpl"}'));
}
/**
* test trusted static class
*/
public function testTrustedStaticClass()
{
$this->smarty->security_policy->static_classes = array('mysecuritystaticclass');
$tpl = $this->smarty->createTemplate('string:{mysecuritystaticclass::square(5)}');
$this->assertEquals('25', $this->smarty->fetch($tpl));
}
/**
* test trusted static class
*/
public function testTrustedStaticClass()
{
$this->smarty->security_policy->static_classes = array('mysecuritystaticclass');
$tpl = $this->smarty->createTemplate('string:{mysecuritystaticclass::square(5)}');
$this->assertEquals('25', $this->smarty->fetch($tpl));
}
/**
* test not trusted PHP function
*
*
*/
public function testNotTrustedStaticClass()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('access to static class \'mysecuritystaticclass\' not allowed by security setting');
$this->smarty->security_policy->static_classes = array('null');
$this->smarty->fetch('string:{mysecuritystaticclass::square(5)}');
}
/**
* test not trusted PHP function
*
*
*/
public function testNotTrustedStaticClass()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('access to static class \'mysecuritystaticclass\' not allowed by security setting');
$this->smarty->security_policy->static_classes = array('null');
$this->smarty->fetch('string:{mysecuritystaticclass::square(5)}');
}
/**
* test not trusted PHP function
*/
public function testNotTrustedStaticClassEval()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('dynamic static class not allowed by security setting');
$this->smarty->security_policy->static_classes = array('null');
$this->smarty->fetch('string:{$test = "mysecuritystaticclass"}{$test::square(5)}');
}
/**
* test not trusted PHP function
*/
public function testNotTrustedStaticClassEval()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('dynamic static class not allowed by security setting');
$this->smarty->security_policy->static_classes = array('null');
$this->smarty->fetch('string:{$test = "mysecuritystaticclass"}{$test::square(5)}');
}
/**
* test not trusted PHP function
*/
public function testNotTrustedStaticClassSmartyVar()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('dynamic static class not allowed by security setting');
$this->smarty->security_policy->static_classes = array('null');
$this->smarty->fetch('string:{$smarty.template_object::square(5)}');
}
/**
* test not trusted PHP function
*/
public function testNotTrustedStaticClassSmartyVar()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('dynamic static class not allowed by security setting');
$this->smarty->security_policy->static_classes = array('null');
$this->smarty->fetch('string:{$smarty.template_object::square(5)}');
}
public function testChangedTrustedDirectory()
{
$this->smarty->security_policy->secure_dir = array(
'.' . DIRECTORY_SEPARATOR . 'templates_2' . DIRECTORY_SEPARATOR,
);
$this->assertEquals("hello world", $this->smarty->fetch('string:{include file="templates_2/hello.tpl"}'));
public function testChangedTrustedDirectory()
{
$this->smarty->security_policy->secure_dir = array(
'.' . DIRECTORY_SEPARATOR . 'templates_2' . DIRECTORY_SEPARATOR,
);
$this->assertEquals("hello world", $this->smarty->fetch('string:{include file="templates_2/hello.tpl"}'));
$this->smarty->security_policy->secure_dir = array(
'.' . DIRECTORY_SEPARATOR . 'templates_2' . DIRECTORY_SEPARATOR,
'.' . DIRECTORY_SEPARATOR . 'templates_3' . DIRECTORY_SEPARATOR,
);
$this->assertEquals("templates_3", $this->smarty->fetch('string:{include file="templates_3/dirname.tpl"}'));
}
/**
* test template file exits
*
*
*
*/
public function testTemplateTrustedStream()
{
stream_wrapper_register("global", ResourceStreamSecurity::class)
or die("Failed to register protocol");
$fp = fopen("global://mytest", "r+");
fwrite($fp, 'hello world {$foo}');
fclose($fp);
$this->smarty->security_policy->streams= array('global');
$tpl = $this->smarty->createTemplate('global:mytest');
$this->assertTrue($tpl->getSource()->exists);
stream_wrapper_unregister("global");
}
/**
*
*
* test template file exits
*/
public function testTemplateNotTrustedStream()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('stream \'global\' not allowed by security setting');
stream_wrapper_register("global", ResourceStreamSecurity::class)
or die("Failed to register protocol");
$fp = fopen("global://mytest", "r+");
fwrite($fp, 'hello world {$foo}');
fclose($fp);
$this->smarty->security_policy->streams= array('notrusted');
$tpl = $this->smarty->createTemplate('global:mytest');
$this->assertTrue($tpl->getSource()->exists);
stream_wrapper_unregister("global");
}
/**
*
* @group slow
*/
public function testTrustedUri()
{
$this->smarty->security_policy->trusted_uri = array(
'#https://www.smarty.net$#i'
);
$this->assertStringContainsString('<title>Preface | Smarty</title>', $this->smarty->fetch('string:{fetch file="https://www.smarty.net/docs/en/preface.tpl"}'));
}
$this->smarty->security_policy->secure_dir = array(
'.' . DIRECTORY_SEPARATOR . 'templates_2' . DIRECTORY_SEPARATOR,
'.' . DIRECTORY_SEPARATOR . 'templates_3' . DIRECTORY_SEPARATOR,
);
$this->assertEquals("templates_3", $this->smarty->fetch('string:{include file="templates_3/dirname.tpl"}'));
}
/**
* test template file exits
*
*
*
*/
public function testTemplateTrustedStream()
{
stream_wrapper_register("global", ResourceStreamSecurity::class)
or die("Failed to register protocol");
$fp = fopen("global://mytest", "r+");
fwrite($fp, 'hello world {$foo}');
fclose($fp);
$this->smarty->security_policy->streams= array('global');
$tpl = $this->smarty->createTemplate('global:mytest');
$this->assertTrue($tpl->getSource()->exists);
stream_wrapper_unregister("global");
}
/**
*
*
* test template file exits
*/
public function testTemplateNotTrustedStream()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('stream \'global\' not allowed by security setting');
stream_wrapper_register("global", ResourceStreamSecurity::class)
or die("Failed to register protocol");
$fp = fopen("global://mytest", "r+");
fwrite($fp, 'hello world {$foo}');
fclose($fp);
$this->smarty->security_policy->streams= array('notrusted');
$tpl = $this->smarty->createTemplate('global:mytest');
$this->assertTrue($tpl->getSource()->exists);
stream_wrapper_unregister("global");
}
/**
*
*
*/
public function testNotTrustedUri()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('URI \'https://www.smarty.net/docs/en/preface.tpl\' not allowed by security setting');
$this->smarty->security_policy->trusted_uri = array();
$this->assertStringContainsString('<title>Preface | Smarty</title>', $this->smarty->fetch('string:{fetch file="https://www.smarty.net/docs/en/preface.tpl"}'));
}
public function testTrustedUri()
{
$this->smarty->security_policy->trusted_uri = array(
'#https://s4otw4nhg.erteorteortert.nusuchtld$#i'
);
/**
* In security mode, accessing $smarty.template_object should be illegal.
*/
public function testSmartyTemplateObject() {
$this->expectException(CompilerException::class);
$this->smarty->display('string:{$smarty.template_object}');
}
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('{fetch} cannot read resource \'https://s4otw4nhg.erteorteortert.nusuchtld/docs/en/preface.tpl\'');
$this->smarty->fetch('string:{fetch file="https://s4otw4nhg.erteorteortert.nusuchtld/docs/en/preface.tpl"}');
}
/**
*
*
*/
public function testNotTrustedUri()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('URI \'https://example.net\' not allowed by security setting');
$this->smarty->security_policy->trusted_uri = [];
$this->assertStringContainsString(
'<title>Preface | Smarty</title>',
$this->smarty->fetch('string:{fetch file="https://example.net"}')
);
}
/**
* In security mode, accessing $smarty.template_object should be illegal.
*/
public function testSmartyTemplateObject() {
$this->expectException(CompilerException::class);
$this->smarty->display('string:{$smarty.template_object}');
}
}
class mysecuritystaticclass
{
const STATIC_CONSTANT_VALUE = 3;
static $static_var = 5;
const STATIC_CONSTANT_VALUE = 3;
static $static_var = 5;
static function square($i)
{
return $i * $i;
}
static function square($i)
{
return $i * $i;
}
}
#[AllowDynamicProperties]
class ResourceStreamSecurity
{
private $position;
private $varname;
private $position;
private $varname;
public function stream_open($path, $mode, $options, &$opened_path)
{
$url = parse_url($path);
$this->varname = $url["host"];
$this->position = 0;
public function stream_open($path, $mode, $options, &$opened_path)
{
$url = parse_url($path);
$this->varname = $url["host"];
$this->position = 0;
return true;
}
return true;
}
public function stream_read($count)
{
$p = &$this->position;
$ret = substr($GLOBALS[$this->varname], $p, $count);
$p += strlen($ret);
public function stream_read($count)
{
$p = &$this->position;
$ret = substr($GLOBALS[$this->varname], $p, $count);
$p += strlen($ret);
return $ret;
}
return $ret;
}
public function stream_write($data)
{
$v = &$GLOBALS[$this->varname];
$l = strlen($data);
$p = &$this->position;
$v = substr($v ?? '', 0, $p) . $data . substr($v ?? '', $p += $l);
public function stream_write($data)
{
$v = &$GLOBALS[$this->varname];
$l = strlen($data);
$p = &$this->position;
$v = substr($v ?? '', 0, $p) . $data . substr($v ?? '', $p += $l);
return $l;
}
return $l;
}
public function stream_tell()
{
return $this->position;
}
public function stream_tell()
{
return $this->position;
}
public function stream_eof()
{
if (!isset($GLOBALS[$this->varname])) {
return true;
}
public function stream_eof()
{
if (!isset($GLOBALS[$this->varname])) {
return true;
}
return $this->position >= strlen($GLOBALS[$this->varname]);
}
return $this->position >= strlen($GLOBALS[$this->varname]);
}
public function stream_seek($offset, $whence)
{
$l = strlen($GLOBALS[$this->varname]);
$p = &$this->position;
switch ($whence) {
case SEEK_SET:
$newPos = $offset;
break;
case SEEK_CUR:
$newPos = $p + $offset;
break;
case SEEK_END:
$newPos = $l + $offset;
break;
default:
return false;
}
$ret = ($newPos >= 0 && $newPos <= $l);
if ($ret) {
$p = $newPos;
}
return $ret;
}
public function stream_seek($offset, $whence)
{
$l = strlen($GLOBALS[$this->varname]);
$p = &$this->position;
switch ($whence) {
case SEEK_SET:
$newPos = $offset;
break;
case SEEK_CUR:
$newPos = $p + $offset;
break;
case SEEK_END:
$newPos = $l + $offset;
break;
default:
return false;
}
$ret = ($newPos >= 0 && $newPos <= $l);
if ($ret) {
$p = $newPos;
}
return $ret;
}
}

210
tests/UnitTests/SmartyMethodsTests/GetTemplateVars/GetTemplateVarsTest.php
View File

@@ -1,112 +1,126 @@
<?php
/**
* Smarty PHPunit tests getTemplateVars method
*
* @author Uwe Tews
*/
/**
* class for getTemplateVars method test
*
*
*
*
*/
class GetTemplateVarsTest extends PHPUnit_Smarty
{
public function setUp(): void
{
$this->setUpSmarty(__DIR__);
}
public function setUp(): void
{
$this->setUpSmarty(__DIR__);
}
public function testInit()
{
$this->cleanDirs();
}
/**
* test root getTemplateVars single value
*/
public function testGetSingleTemplateVarScopeRoot()
{
$this->smarty->assign('foo', 'bar');
$this->smarty->assign('blar', 'buh');
$this->assertEquals("bar", $this->smarty->getTemplateVars('foo'));
}
public function testInit()
{
$this->cleanDirs();
}
/**
* test root getTemplateVars single value
*/
public function testGetSingleTemplateVarScopeRoot()
{
$this->smarty->assign('foo', 'bar');
$this->smarty->assign('blar', 'buh');
$this->assertEquals("bar", $this->smarty->getTemplateVars('foo'));
}
/**
* test root getTemplateVars all values
*/
public function testGetAllTemplateVarsScopeRoot()
{
$this->smarty->assign('foo', 'bar');
$this->smarty->assign('blar', 'buh');
$vars = $this->smarty->getTemplateVars();
$this->assertTrue(is_array($vars));
$this->assertEquals("bar", $vars['foo']);
$this->assertEquals("buh", $vars['blar']);
}
/**
* test root getTemplateVars all values
*/
public function testGetAllTemplateVarsScopeRoot()
{
$this->smarty->assign('foo', 'bar');
$this->smarty->assign('blar', 'buh');
$vars = $this->smarty->getTemplateVars();
$this->assertTrue(is_array($vars));
$this->assertEquals("bar", $vars['foo']);
$this->assertEquals("buh", $vars['blar']);
}
/**
* test single variable with data object chain
*/
public function testGetSingleTemplateVarScopeAll()
{
$data1 = $this->smarty->createData($this->smarty);
$data2 = $this->smarty->createData($data1);
$this->smarty->assign('foo', 'bar');
$this->smarty->assign('blar', 'buh');
$this->assertEquals("bar", $data2->getTemplateVars('foo'));
}
/**
* test single variable with data object chain
*/
public function testGetSingleTemplateVarScopeAll()
{
$data1 = $this->smarty->createData($this->smarty);
$data2 = $this->smarty->createData($data1);
$this->smarty->assign('foo', 'bar');
$this->smarty->assign('blar', 'buh');
$this->assertEquals("bar", $data2->getTemplateVars('foo'));
}
/**
* test get all variables with data object chain
*/
public function testGetAllTemplateVarsScopeAll()
{
$data1 = $this->smarty->createData($this->smarty);
$data2 = $this->smarty->createData($data1);
$this->smarty->assign('foo', 'bar');
$data1->assign('blar', 'buh');
$data2->assign('foo2', 'bar2');
$vars = $data2->getTemplateVars(null);
$this->assertTrue(is_array($vars));
$this->assertEquals("bar", $vars['foo']);
$this->assertEquals("bar2", $vars['foo2']);
$this->assertEquals("buh", $vars['blar']);
}
/**
* test get all variables with data object chain
*/
public function testGetAllTemplateVarsScopeAll()
{
$data1 = $this->smarty->createData($this->smarty);
$data2 = $this->smarty->createData($data1);
$this->smarty->assign('foo', 'bar');
$data1->assign('blar', 'buh');
$data2->assign('foo2', 'bar2');
$vars = $data2->getTemplateVars(null);
$this->assertTrue(is_array($vars));
$this->assertEquals("bar", $vars['foo']);
$this->assertEquals("bar2", $vars['foo2']);
$this->assertEquals("buh", $vars['blar']);
}
/**
* test get all variables with data object chain search parents disabled
*/
public function testGetAllTemplateVarsScopeAllNoParents()
{
$data1 = $this->smarty->createData($this->smarty);
$data2 = $this->smarty->createData($data1);
$this->smarty->assign('foo', 'bar');
$data1->assign('blar', 'buh');
$data2->assign('foo2', 'bar2');
$vars = $data2->getTemplateVars(null, false);
$this->assertTrue(is_array($vars));
$this->assertFalse(isset($vars['foo']));
$this->assertEquals("bar2", $vars['foo2']);
$this->assertFalse(isset($vars['blar']));
}
/**
* test get all variables with data object chain search parents disabled
*/
public function testGetAllTemplateVarsScopeAllNoParents()
{
$data1 = $this->smarty->createData($this->smarty);
$data2 = $this->smarty->createData($data1);
$this->smarty->assign('foo', 'bar');
$data1->assign('blar', 'buh');
$data2->assign('foo2', 'bar2');
$vars = $data2->getTemplateVars(null, false);
$this->assertTrue(is_array($vars));
$this->assertFalse(isset($vars['foo']));
$this->assertEquals("bar2", $vars['foo2']);
$this->assertFalse(isset($vars['blar']));
}
/**
* test get single variables with data object chain search parents disabled
*/
public function testGetSingleTemplateVarsScopeAllNoParents()
{
error_reporting(error_reporting() & ~(E_NOTICE | E_USER_NOTICE));
$data1 = $this->smarty->createData($this->smarty);
$data2 = $this->smarty->createData($data1);
$this->smarty->assign('foo', 'bar');
$data1->assign('blar', 'buh');
$data2->assign('foo2', 'bar2');
$this->assertEquals("", $data2->getTemplateVars('foo', false));
$this->assertEquals("bar2", $data2->getTemplateVars('foo2', false));
$this->assertEquals("", $data2->getTemplateVars('blar', false));
}
/**
* test that variable assigned by global assign in template is included in getTemplateVars
*/
public function testAssignedInTemplate()
{
$this->smarty->fetch('string:{assign var="b" value="x" scope="global"}');
$this->assertEquals('x', $this->smarty->getTemplateVars('b'));
}
/**
* test that getTemplateVars returns simple array of values
*/
public function testSimpleCallReturnsArrayWithAllValues()
{
$this->smarty->assign('foo', 'bar');
$this->smarty->assign('i', 3);
$vars = $this->smarty->getTemplateVars();
$this->assertArrayHasKey('foo', $vars);
$this->assertArrayHasKey('i', $vars);
$this->assertEquals('bar', $vars['foo']);
$this->assertEquals(3,$vars['i']);
}
/**
* test get single variables with data object chain search parents disabled
*/
public function testGetSingleTemplateVarsScopeAllNoParents()
{
error_reporting(error_reporting() & ~(E_NOTICE | E_USER_NOTICE));
$data1 = $this->smarty->createData($this->smarty);
$data2 = $this->smarty->createData($data1);
$this->smarty->assign('foo', 'bar');
$data1->assign('blar', 'buh');
$data2->assign('foo2', 'bar2');
$this->assertEquals("", $data2->getTemplateVars('foo', false));
$this->assertEquals("bar2", $data2->getTemplateVars('foo2', false));
$this->assertEquals("", $data2->getTemplateVars('blar', false));
}
}

36
tests/UnitTests/TemplateSource/TagTests/BockExtend/CompileBlockExtendsTest.php
View File

@@ -1193,8 +1193,38 @@ class CompileBlockExtendsTest extends PHPUnit_Smarty
);
}
public function testBlockWithAssign() {
$this->assertEquals('Captured content is: Content with lots of html here', $this->smarty->fetch('038_child.tpl'));
}
public function testBlockWithAssign() {
$this->assertEquals('Captured content is: Content with lots of html here', $this->smarty->fetch('038_child.tpl'));
}
/**
* Test escaping of file parameter
*/
public function testEscaping()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessageMatches('/Unable to load.*/');
$this->assertEquals('hello world', $this->smarty->fetch('escaping.tpl'));
}
/**
* Test escaping of file parameter 2
*/
public function testEscaping2()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessageMatches('/Unable to load.*/');
$this->assertEquals('hello world', $this->smarty->fetch('escaping2.tpl'));
}
/**
* Test escaping of file parameter 3
*/
public function testEscaping3()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessageMatches('/Unable to load.*/');
$this->assertEquals('hello world', $this->smarty->fetch('escaping3.tpl'));
}
}

1
tests/UnitTests/TemplateSource/TagTests/BockExtend/templates/escaping.tpl Normal file
View File

@@ -0,0 +1 @@
{extends "extends:helloworld.tpl', var_dump(shell_exec('ls')), 1, 2, 3);}}?>"}

1
tests/UnitTests/TemplateSource/TagTests/BockExtend/templates/escaping2.tpl Normal file
View File

@@ -0,0 +1 @@
{extends 'extends:"helloworld.tpl\', var_dump(shell_exec(\'ls\')), 1, 2, 3);}}?>'}

1
tests/UnitTests/TemplateSource/TagTests/BockExtend/templates/escaping3.tpl Normal file
View File

@@ -0,0 +1 @@
{extends file='extends:"helloworld.tpl'|cat:"', var_dump(shell_exec('ls')), 1, 2, 3);}}?>"}

12
tests/UnitTests/TemplateSource/TagTests/Include/CompileIncludeTest.php
View File

@@ -82,6 +82,18 @@ class CompileIncludeTest extends PHPUnit_Smarty
$this->assertEquals('I1I2I3', $content, $text);
}
/**
* test template name escaping
*/
public function testIncludeFilenameEscaping()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessageMatches('/Unable to load.*/');
$tpl = $this->smarty->createTemplate('test_include_security.tpl');
$content = $this->smarty->fetch($tpl);
$this->assertEquals("hello world", $content);
}
/**
* test standard output
*

1
tests/UnitTests/TemplateSource/TagTests/Include/templates/test_include_security.tpl Normal file
View File

@@ -0,0 +1 @@
{include file="helloworld.tpl', var_dump(shell_exec('ls')), 1, 2, 3);}}?>"}

132
tests/UnitTests/TemplateSource/TagTests/PluginFunction/PluginFunctionFetchTest.php
View File

@@ -1,85 +1,71 @@
<?php
/**
* Smarty PHPunit tests of modifier
*
* @author Rodney Rehm
*/
/**
* class for modifier tests
*
*
*
*
* class testing fetch function
*/
class PluginFunctionFetchTest extends PHPUnit_Smarty
{
public function setUp(): void
{
$this->setUpSmarty(__DIR__);
}
public function setUp(): void
{
$this->setUpSmarty(__DIR__);
}
public function testInit()
{
$this->cleanDirs();
}
public function testInit()
{
$this->cleanDirs();
}
/**
* test {fetch} from local file
*/
public function testFetchFile()
{
$this->assertStringContainsString(
'ct4hn8nzgm;cgzm;',
$this->smarty->fetch('string:{fetch file="./testfile.txt"}')
);
}
/**
* test {fetch} from UIR
*
*
* @group slow
*/
public function testFetchUri()
{
$this->assertStringContainsString('<title>Preface | Smarty</title>', $this->smarty->fetch('string:{fetch file="https://www.smarty.net/docs/en/preface.tpl"}'));
}
/**
* test {fetch} non-existing file
*/
public function testFetchNonExistingFile()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('{fetch} cannot read resource \'./no/such/file\'');
$this->smarty->fetch('string:{fetch file="./no/such/file"}');
}
/**
* test {fetch} invalid uri
*
*
*
*/
public function testFetchInvalidUri()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('{fetch} cannot read resource \'https://foo.smarty.net/foo.dat\'');
$this->smarty->fetch('string:{fetch file="https://foo.smarty.net/foo.dat"}');
}
/**
* test {fetch file=...} access to file from path not aloo/wed by security settings
*
* @run InSeparateProcess
*
*/
public function testFetchSecurity()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('not trusted file path');
$this->cleanDirs();
$dir=$this->smarty->getTemplateDir();
$this->smarty->enableSecurity();
$this->smarty->fetch('string:{fetch file=\''. $dir[0]. '../../../../../etc/passwd\'}');
}
/**
* test {fetch file=...} access to file from path not aloo/wed by security settings
*
* @run InSeparateProcess
*
*/
public function testFetchSecurity2()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('not trusted file path');
$this->cleanDirs();
$this->smarty->getTemplateDir();
$this->smarty->enableSecurity();
$this->smarty->setTemplateDir('/templates');
$this->smarty->fetch('string:{fetch file="/templates/../etc/passwd"}');
}
/**
* test {fetch file=...} access to file from path not aloo/wed by security settings
*
* @run InSeparateProcess
*
*/
public function testFetchSecurity()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('not trusted file path');
$this->cleanDirs();
$dir=$this->smarty->getTemplateDir();
$this->smarty->enableSecurity();
$this->smarty->fetch('string:{fetch file=\''. $dir[0]. '../../../../../etc/passwd\'}');
}
/**
* test {fetch file=...} access to file from path not aloo/wed by security settings
*
* @run InSeparateProcess
*
*/
public function testFetchSecurity2()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessage('not trusted file path');
$this->cleanDirs();
$this->smarty->getTemplateDir();
$this->smarty->enableSecurity();
$this->smarty->setTemplateDir('/templates');
$this->smarty->fetch('string:{fetch file="/templates/../etc/passwd"}');
}
}

1
tests/UnitTests/TemplateSource/TagTests/PluginFunction/testfile.txt Normal file
View File

@@ -0,0 +1 @@
ct4hn8nzgm;cgzm;

7
tests/UnitTests/TemplateSource/_Issues/419/ExtendsIssue419Test.php
View File

@@ -32,4 +32,11 @@ class ExtendsIssue419Test extends PHPUnit_Smarty
$this->assertEquals('child', $this->smarty->fetch('extends:001_parent.tpl|001_child.tpl'));
}
public function testextendsSecurity()
{
$this->expectException(\Smarty\Exception::class);
$this->expectExceptionMessageMatches('/Unable to load.*/');
$this->assertEquals('child', $this->smarty->fetch('string:{include "001_parent.tpl\', var_dump(shell_exec(\'ls\')), 1, 2, 3);}}?>"}'));
}
}