smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-03 18:04:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

- bugfix regarding Security Vulnerability did not solve the problem under Linux

Browse Source
This commit is contained in:
Uwe Tews
2018-04-26 18:06:45 +02:00
parent f9ca3c63d1
commit 2e081a51b1
2 changed files with 13 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
libs/Smarty.class.php
View File

@@ -1042,16 +1042,9 @@ class Smarty extends Smarty_Internal_TemplateBase
*/
public function _realpath($path, $realpath = null)
{
static $nds = null;
static $sepDotSep = null;
static $sepSep =null;
if (!isset($nds)) {
$nds = array('/' => '\\', '\\' => '/');
$sepDotSep = DIRECTORY_SEPARATOR . '.' . DIRECTORY_SEPARATOR;
$sepSep = DIRECTORY_SEPARATOR . DIRECTORY_SEPARATOR;
}
$nds = array('/' => '\\', '\\' => '/');
// normalize DIRECTORY_SEPARATOR
$path = str_replace(array($nds[DIRECTORY_SEPARATOR], $sepDotSep), DIRECTORY_SEPARATOR, $path);
$path = str_replace(array($nds[DIRECTORY_SEPARATOR], DIRECTORY_SEPARATOR . '.' . DIRECTORY_SEPARATOR), DIRECTORY_SEPARATOR, $path);
preg_match('%^(?<root>(?:[[:alpha:]]:[\\\\]|/|[\\\\]{2}[[:alpha:]]+|[[:print:]]{2,}:[/]{2}|[\\\\])?)(?<path>(.*))$%u',
$path,
$parts);
@@ -1063,24 +1056,11 @@ class Smarty extends Smarty_Internal_TemplateBase
$path = getcwd() . DIRECTORY_SEPARATOR . $path;
}
}
// remove noop 'DIRECTORY_SEPARATOR DIRECTORY_SEPARATOR' and 'DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR' patterns
$path = str_replace(array($sepDotSep,$sepSep), DIRECTORY_SEPARATOR, $path);
// resolve '..DIRECTORY_SEPARATOR' pattern, smallest first
if (strpos($path, '..' . DIRECTORY_SEPARATOR) !== false &&
preg_match_all('#[\\\\/]([.][.][\\\\/])+#u', $path, $match)
) {
$counts = array();
foreach ($match[ 0 ] as $m) {
$counts[] = (int)((strlen($m) - 1) / 3);
}
sort($counts);
foreach ($counts as $count) {
$path = preg_replace('#([\\\\/]+[^\\\\/]+){' . $count .
'}[\\\\/]+([.][.][\\\\/]+){' . $count . '}#u',
DIRECTORY_SEPARATOR,
$path);
}
}
do {
$path = preg_replace(
array('#[\\\\/]{2}#', '#[\\\\/][.][\\\\/]#', '#[\\\\/]([^\\\\/.]+)[\\\\/][.][.][\\\\/]#'),
DIRECTORY_SEPARATOR, $path, -1, $count);
} while($count > 0);
return $realpath !== false ? $parts[ 'root' ] . $path : str_ireplace(getcwd(), '.', $parts[ 'root' ] . $path);
}
@@ -1284,13 +1264,13 @@ class Smarty extends Smarty_Internal_TemplateBase
if (isset($this->accessMap[ $name ])) {
$method = 'get' . $this->accessMap[ $name ];
return $this->{$method}();
} else if (isset($this->_cache[ $name ])) {
} else {if (isset($this->_cache[ $name ])) {
return $this->_cache[ $name ];
} else if (in_array($name, $this->obsoleteProperties)) {
} else {if (in_array($name, $this->obsoleteProperties)) {
return null;
} else {
trigger_error('Undefined property: ' . get_class($this) . '::$' . $name, E_USER_NOTICE);
}
}}}
return null;
}
@@ -1309,7 +1289,7 @@ class Smarty extends Smarty_Internal_TemplateBase
if (isset($this->accessMap[ $name ])) {
$method = 'set' . $this->accessMap[ $name ];
$this->{$method}($value);
} else if (in_array($name, $this->obsoleteProperties)) {
} else {if (in_array($name, $this->obsoleteProperties)) {
return;
} else {
if (is_object($value) && method_exists($value, $name)) {
@@ -1317,7 +1297,7 @@ class Smarty extends Smarty_Internal_TemplateBase
} else {
trigger_error('Undefined property: ' . get_class($this) . '::$' . $name, E_USER_NOTICE);
}
}
}}
}
/**

2
libs/sysplugins/smarty_security.php
View File

@@ -652,7 +652,7 @@ class Smarty_Security
// remember the directory to add it to _resource_dir in case we're successful
$_directory[ $directory ] = true;
// bubble up one level
$directory = preg_replace('#[\\\\/][^\\\\/]+[\\\\/]$#', '/', $directory);
$directory = preg_replace('#[\\\\/][^\\\\/]+[\\\\/]$#', DIRECTORY_SEPARATOR, $directory);
}
}