smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-09 12:54:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

revert patch for secuity hole, update site url

Browse Source
This commit is contained in:
monte.ohrt
2008-09-22 15:29:16 +00:00
parent 1cfe2b63a1
commit 2e61902cdf
1 changed files with 1 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
libs/Smarty_Compiler.class.php
View File

@@ -18,10 +18,6 @@
* License along with this library; if not, write to the Free Software * License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* *
* For questions, help, comments, discussion, etc., please join the
* Smarty mailing list. Send a blank e-mail to
* smarty-discussion-subscribe@googlegroups.com
*
* @link http://www.smarty.net/ * @link http://www.smarty.net/
* @author Monte Ohrt <monte at ohrt dot com> * @author Monte Ohrt <monte at ohrt dot com>
* @author Andrei Zmievski <andrei@php.net> * @author Andrei Zmievski <andrei@php.net>
@@ -1708,10 +1704,7 @@ class Smarty_Compiler extends Smarty {
$_return = $var_expr; $_return = $var_expr;
} }
// replace double quoted literal string with single quotes // replace double quoted literal string with single quotes
$_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
// The follwoing line has been replaced to close a function injection security hole (U.Tews)
// $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
$_return = str_replace('"',"'",$_return);
return $_return; return $_return;
} }