From f81720941c07c76ad5ee25d0d69682463acb504b Mon Sep 17 00:00:00 2001 From: Andrew Dawes Date: Sat, 22 Oct 2022 22:08:38 +0200 Subject: [PATCH 1/2] Fixed several typos and grammar errors (#821) --- docs/appendixes/troubleshooting.md | 2 +- .../language-builtin-functions/language-function-block.md | 6 +++--- .../language-function-extends.md | 4 ++-- .../language-builtin-functions/language-function-for.md | 2 +- .../language-function-include.md | 2 +- .../language-function-insert.md | 2 +- .../language-function-section.md | 4 ++-- .../language-function-setfilter.md | 2 +- .../language-custom-functions/language-function-fetch.md | 2 +- .../language-function-html-image.md | 2 +- docs/designers/language-modifiers.md | 2 +- .../language-modifiers/language-modifier-from-charset.md | 2 +- .../language-modifiers/language-modifier-to-charset.md | 2 +- .../language-variables/language-variables-smarty.md | 4 ++-- .../advanced-features/advanced-features-objects.md | 2 +- .../advanced-features/advanced-features-security.md | 8 ++++---- .../advanced-features-template-inheritance.md | 2 +- .../advanced-features-template-settings.md | 2 +- docs/programmers/api-functions/api-create-data.md | 2 +- docs/programmers/api-functions/api-disable-security.md | 2 +- docs/programmers/api-functions/api-enable-security.md | 2 +- .../programmers/api-functions/api-mute-expected-errors.md | 2 +- .../api-functions/api-register-default-plugin-handler.md | 2 +- docs/programmers/api-functions/api-test-install.md | 2 +- docs/programmers/api-variables/variable-compile-id.md | 4 ++-- .../programmers/api-variables/variable-locking-timeout.md | 2 +- docs/programmers/api-variables/variable-use-sub-dirs.md | 2 +- docs/programmers/caching/caching-groups.md | 4 ++-- docs/programmers/charset.md | 2 +- docs/programmers/resources/resources-extends.md | 6 +++--- docs/programmers/resources/resources-file.md | 2 +- 31 files changed, 43 insertions(+), 43 deletions(-) diff --git a/docs/appendixes/troubleshooting.md b/docs/appendixes/troubleshooting.md index fe012c12..d605dd2b 100644 --- a/docs/appendixes/troubleshooting.md +++ b/docs/appendixes/troubleshooting.md @@ -109,7 +109,7 @@ the corresponding error is in the template. -- This means that your application registered a custom error hander +- This means that your application registered a custom error handler (using [set\_error\_handler()](&url.php-manual;set_error_handler)) which is not respecting the given `$errno` as it should. If, for whatever reason, this is the desired behaviour of your custom error diff --git a/docs/designers/language-builtin-functions/language-function-block.md b/docs/designers/language-builtin-functions/language-function-block.md index 941997a5..82659852 100644 --- a/docs/designers/language-builtin-functions/language-function-block.md +++ b/docs/designers/language-builtin-functions/language-function-block.md @@ -3,14 +3,14 @@ `{block}` is used to define a named area of template source for template inheritance. For details see section of [Template -Interitance](#advanced.features.template.inheritance). +Inheritance](#advanced.features.template.inheritance). The `{block}` template source area of a child template will replace the -correponding areas in the parent template(s). +corresponding areas in the parent template(s). Optionally `{block}` areas of child and parent templates can be merged into each other. You can append or prepend the parent `{block}` content -by using the `append` or `prepend` option flag with the childs `{block}` +by using the `append` or `prepend` option flag with the child's `{block}` definition. With the {\$smarty.block.parent} the `{block}` content of the parent template can be inserted at any location of the child `{block}` content. {\$smarty.block.child} inserts the `{block}` content diff --git a/docs/designers/language-builtin-functions/language-function-extends.md b/docs/designers/language-builtin-functions/language-function-extends.md index 9559e7c5..59f24645 100644 --- a/docs/designers/language-builtin-functions/language-function-extends.md +++ b/docs/designers/language-builtin-functions/language-function-extends.md @@ -3,7 +3,7 @@ `{extends}` tags are used in child templates in template inheritance for extending parent templates. For details see section of [Template -Interitance](#advanced.features.template.inheritance). +Inheritance](#advanced.features.template.inheritance). - The `{extends}` tag must be on the first line of the template. @@ -33,5 +33,5 @@ Interitance](#advanced.features.template.inheritance). -See also [Template Interitance](#advanced.features.template.inheritance) +See also [Template Inheritance](#advanced.features.template.inheritance) and [`{block}`](#language.function.block). diff --git a/docs/designers/language-builtin-functions/language-function-for.md b/docs/designers/language-builtin-functions/language-function-for.md index 0545c172..5445f6f3 100644 --- a/docs/designers/language-builtin-functions/language-function-for.md +++ b/docs/designers/language-builtin-functions/language-function-for.md @@ -2,7 +2,7 @@ ===== The `{for}{forelse}` tag is used to create simple loops. The following -different formarts are supported: +different formats are supported: - `{for $var=$start to $end}` simple loop with step size of 1. diff --git a/docs/designers/language-builtin-functions/language-function-include.md b/docs/designers/language-builtin-functions/language-function-include.md index 512f14a3..bda2d802 100644 --- a/docs/designers/language-builtin-functions/language-function-include.md +++ b/docs/designers/language-builtin-functions/language-function-include.md @@ -131,7 +131,7 @@ cache lifetime of 500 seconds. In this example included template will be cached independent of the -global cahing setting. +global caching setting. {include 'sub_template.tpl' caching} diff --git a/docs/designers/language-builtin-functions/language-function-insert.md b/docs/designers/language-builtin-functions/language-function-insert.md index e37c7389..e5bc7dcb 100644 --- a/docs/designers/language-builtin-functions/language-function-insert.md +++ b/docs/designers/language-builtin-functions/language-function-insert.md @@ -65,7 +65,7 @@ and display the returned results in place of the {insert} tag. The path can be either absolute, or relative to [`$trusted_dir`](#variable.trusted.dir). If security is enabled, then the script must be located in the `$trusted_dir` path of the - securty policy. See the [Security](#advanced.features.security) + security policy. See the [Security](#advanced.features.security) section for details. The Smarty object is passed as the second argument. This way you can diff --git a/docs/designers/language-builtin-functions/language-function-section.md b/docs/designers/language-builtin-functions/language-function-section.md index 0bab5c71..b28bb924 100644 --- a/docs/designers/language-builtin-functions/language-function-section.md +++ b/docs/designers/language-builtin-functions/language-function-section.md @@ -251,8 +251,8 @@ The above example will output: {section}\'s can be nested as deep as you like. With nested {section}\'s, you can access complex data structures, such as -multi-dimensional arrays. This is an example `.php` script thats -assign\'s the arrays. +multi-dimensional arrays. This is an example `.php` script that +assigns the arrays. > If security is enabled and you are fetching a file from the local > file system, `{fetch}` will only allow files from within the - > `$secure_dir` path of the securty policy. See the + > `$secure_dir` path of the security policy. See the > [Security](#advanced.features.security) section for details. - If the `assign` attribute is set, the output of the `{fetch}` diff --git a/docs/designers/language-custom-functions/language-function-html-image.md b/docs/designers/language-custom-functions/language-function-html-image.md index 76740a1f..e21f2a12 100644 --- a/docs/designers/language-custom-functions/language-function-html-image.md +++ b/docs/designers/language-custom-functions/language-function-html-image.md @@ -19,7 +19,7 @@ automatically calculated from the image file if they are not supplied. from. If not given, the web server\'s document root `$_ENV['DOCUMENT_ROOT']` is used as the base. If security is enabled, then the image must be located in the `$secure_dir` path of - the securty policy. See the [Security](#advanced.features.security) + the security policy. See the [Security](#advanced.features.security) section for details. - `href` is the href value to link the image to. If link is supplied, diff --git a/docs/designers/language-modifiers.md b/docs/designers/language-modifiers.md index 4cb69cd1..4626dbe5 100644 --- a/docs/designers/language-modifiers.md +++ b/docs/designers/language-modifiers.md @@ -115,7 +115,7 @@ These parameters follow the modifier name and are separated by a `:` - Secondly - if security is enabled, all php-functions that are to be used as modifiers have to be declared trusted in the - `$modifiers` property of the securty policy. See the + `$modifiers` property of the security policy. See the [Security](../programmers/advanced-features/advanced-features-security.md) section for details. See also [`registerPlugin()`](../programmers/api-functions/api-register-plugin.md), [combining diff --git a/docs/designers/language-modifiers/language-modifier-from-charset.md b/docs/designers/language-modifiers/language-modifier-from-charset.md index 8b7fdd50..1c301c3b 100644 --- a/docs/designers/language-modifiers/language-modifier-from-charset.md +++ b/docs/designers/language-modifiers/language-modifier-from-charset.md @@ -15,5 +15,5 @@ modifier](#language.modifier.to_charset). > modifier should only be used in cases where the application cannot > anticipate that a certain string is required in another encoding. -See also [Charset Enconding](#charset), [from\_charset +See also [Charset Encoding](#charset), [from\_charset modifier](#language.modifier.from_charset). diff --git a/docs/designers/language-modifiers/language-modifier-to-charset.md b/docs/designers/language-modifiers/language-modifier-to-charset.md index 6c53232c..a0d95f53 100644 --- a/docs/designers/language-modifiers/language-modifier-to-charset.md +++ b/docs/designers/language-modifiers/language-modifier-to-charset.md @@ -15,5 +15,5 @@ modifier](#language.modifier.from_charset). > modifier should only be used in cases where the application cannot > anticipate that a certain string is required in another encoding. -See also [Charset Enconding](#charset), [from\_charset +See also [Charset Encoding](#charset), [from\_charset modifier](#language.modifier.from_charset). diff --git a/docs/designers/language-variables/language-variables-smarty.md b/docs/designers/language-variables/language-variables-smarty.md index f9aa2330..e2949e0e 100644 --- a/docs/designers/language-variables/language-variables-smarty.md +++ b/docs/designers/language-variables/language-variables-smarty.md @@ -157,13 +157,13 @@ Returns the version of Smarty the template was compiled with. ---------------------- Returns block text from child template. See [Template -interitance](#advanced.features.template.inheritance). +inheritance](#advanced.features.template.inheritance). {\$smarty.block.parent} {#language.variables.smarty.block.parent} ----------------------- Returns block text from parent template. See [Template -interitance](#advanced.features.template.inheritance) +inheritance](#advanced.features.template.inheritance) {\$smarty.ldelim}, {\$smarty.rdelim} {#language.variables.smarty.ldelim} ------------------------------------ diff --git a/docs/programmers/advanced-features/advanced-features-objects.md b/docs/programmers/advanced-features/advanced-features-objects.md index 6b4870b5..88bd647a 100644 --- a/docs/programmers/advanced-features/advanced-features-objects.md +++ b/docs/programmers/advanced-features/advanced-features-objects.md @@ -29,7 +29,7 @@ determined by your needs, but use the first method whenever possible to keep template syntax to a minimum. If security is enabled, no private methods or functions can be accessed -(beginningwith \'\_\'). If a method and property of the same name exist, +(beginning with \'\_\'). If a method and property of the same name exist, the method will be used. You can restrict the methods and properties that can be accessed by diff --git a/docs/programmers/advanced-features/advanced-features-security.md b/docs/programmers/advanced-features/advanced-features-security.md index 15755b42..730915f1 100644 --- a/docs/programmers/advanced-features/advanced-features-security.md +++ b/docs/programmers/advanced-features/advanced-features-security.md @@ -2,7 +2,7 @@ Security {#advanced.features.security} ======== Security is good for situations when you have untrusted parties editing -the templates eg via ftp, and you want to reduce the risk of system +the templates e.g. via ftp, and you want to reduce the risk of system security compromises through the template language. The settings of the security policy are defined by properties of an @@ -10,7 +10,7 @@ instance of the Smarty\_Security class. These are the possible settings: - `$secure_dir` is an array of template directories that are considered secure. [`$template_dir`](#variable.template.dir) - concidered secure implicitly. The default is an empty array. + considered secure implicitly. The default is an empty array. - `$trusted_dir` is an array of all directories that are considered trusted. Trusted directories are where you keep php scripts that are @@ -27,7 +27,7 @@ instance of the Smarty\_Security class. These are the possible settings: like authentication-tokens). The expression `'#https?://.*smarty.net$#i'` would allow accessing - the follwing URIs: + the following URIs: - `http://smarty.net/foo` @@ -140,5 +140,5 @@ Smarty\_Security class or create an instance of it. > **Note** > > Most security policy settings are only checked when the template gets -> compiled. For that reasion you should delete all cached and compiled +> compiled. For that reason you should delete all cached and compiled > template files when you change your security settings. diff --git a/docs/programmers/advanced-features/advanced-features-template-inheritance.md b/docs/programmers/advanced-features/advanced-features-template-inheritance.md index 25295c38..ce47310c 100644 --- a/docs/programmers/advanced-features/advanced-features-template-inheritance.md +++ b/docs/programmers/advanced-features/advanced-features-template-inheritance.md @@ -33,7 +33,7 @@ can override all or some of the parent named block areas. you can define the whole template inheritance tree in the PHP script when you are calling [`fetch()`](#api.fetch) or [`display()`](#api.display) with the `extends:` template resource - type. The later provides even more flexibillity. + type. The later provides even more flexibility. > **Note** > diff --git a/docs/programmers/advanced-features/advanced-features-template-settings.md b/docs/programmers/advanced-features/advanced-features-template-settings.md index df1f86a8..b06430ff 100644 --- a/docs/programmers/advanced-features/advanced-features-template-settings.md +++ b/docs/programmers/advanced-features/advanced-features-template-settings.md @@ -8,7 +8,7 @@ Modifications done to the Smarty object will be global for all templates. However the Smarty class variables and functions can be accessed or -called by induvidual template objects. Modification done to a template +called by individual template objects. Modification done to a template object will apply only for that template and its included subtemplates. diff --git a/docs/programmers/api-functions/api-create-data.md b/docs/programmers/api-functions/api-create-data.md index 2d9f281b..7e083776 100644 --- a/docs/programmers/api-functions/api-create-data.md +++ b/docs/programmers/api-functions/api-create-data.md @@ -26,7 +26,7 @@ the following parameters: variables assigned to any of the objects in it\'s parent chain. Data objects are used to create scopes for assigned variables. They can -be used to have controll which variables are seen by which templates. +be used to control which variables are seen by which templates. `ISO-8859-1` has been PHP\'s default internal charset since the > beginning. Unicode has been evolving since 1991. Since then it has > become the one charset to conquer them all, as it is capable of -> encoding most of the known characters even accross different character +> encoding most of the known characters even across different character > systems (latin, cyrillic, japanese, ...). `UTF-8` is unicode\'s most > used encoding, as it allows referencing the thousands of character > with the smallest size overhead possible. diff --git a/docs/programmers/resources/resources-extends.md b/docs/programmers/resources/resources-extends.md index ad2e8f5d..d7213d89 100644 --- a/docs/programmers/resources/resources-extends.md +++ b/docs/programmers/resources/resources-extends.md @@ -3,20 +3,20 @@ Extends Template Resources {#resources.extends} The `extends:` resource is used to define child/parent relationships for template inheritance from the PHP script. For details see section of -[Template Interitance](#advanced.features.template.inheritance). +[Template Inheritance](#advanced.features.template.inheritance). As of Smarty 3.1 the `extends:` resource may use any available [template resource](#resources), including `string:` and `eval:`. When [templates from strings](#resources.string) are used, make sure they are properly (url or base64) encoded. Is an `eval:` resource found within an inheritance chain, its \"don\'t save a compile file\" property is -superseeded by the `extends:` resource. The templates within an +superseded by the `extends:` resource. The templates within an inheritance chain are not compiled separately, though. Only a single compiled template will be generated. > **Note** > -> Use this when inheritance is required programatically. When inheriting +> Use this when inheritance is required programmatically. When inheriting > within PHP, it is not obvious from the child template what inheritance > took place. If you have a choice, it is normally more flexible and > intuitive to handle inheritance chains from within the templates. diff --git a/docs/programmers/resources/resources-file.md b/docs/programmers/resources/resources-file.md index 986cfffc..e49f4737 100644 --- a/docs/programmers/resources/resources-file.md +++ b/docs/programmers/resources/resources-file.md @@ -47,7 +47,7 @@ Templates from a specific \$template\_dir {#templates.from.specified.template.di Smarty 3.1 introduced the bracket-syntax for specifying an element from [`$template_dir`](#variable.template.dir). This allows websites employing multiple sets of templates better control over which template -to acces. +to access. The bracket-syntax can be used from anywhere you can specify the `file:` resource type. From c016895166af23aa37468e7556577e3f7772065c Mon Sep 17 00:00:00 2001 From: Progi1984 Date: Tue, 22 Nov 2022 21:22:57 +0100 Subject: [PATCH 2/2] PHP8.2 compatibility (#775) * PHP8.2 compatibility * PHP8.2 compatibility : Fixed unit tests * PHP8.2 compatibility : Replace ENT_COMPAT by ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401 * PHP8.2 compatibility : Remove deprecated utf8_decode * PHP8.2 compatibility : Remove HTML-ENTITIES parameter * Removed some unused code for clarity, updated the changelog. * More concise escape implementation and unit test to cover both modifierplugin and modifiercompiler. * Fix htmlall unescape of quotes without mbstring too Co-authored-by: Simon Wisselink --- .github/workflows/ci.yml | 4 + CHANGELOG.md | 3 + README.md | 2 +- docker-compose.yml | 5 ++ docs/getting-started.md | 2 +- libs/plugins/modifier.escape.php | 81 +------------------ libs/plugins/modifiercompiler.escape.php | 41 ++-------- libs/plugins/modifiercompiler.unescape.php | 4 +- .../smarty_internal_extension_handler.php | 1 + .../smarty_internal_runtime_make_nocache.php | 2 +- libs/sysplugins/smarty_internal_template.php | 1 + libs/sysplugins/smarty_security.php | 1 + libs/sysplugins/smarty_variable.php | 1 + .../Stream/StreamResourceTest.php | 1 + .../UnitTests/SecurityTests/SecurityTest.php | 1 + .../CompileRegisteredObjectFunctionTest.php | 5 ++ .../PluginModifierCharsetTest.php | 8 +- .../PluginModifierEscapeTest.php | 40 +++++++-- .../PluginModifierStripTest.php | 2 +- .../PluginModifierUnescapeTest.php | 8 +- .../Variables/Stream/StreamVariableTest.php | 1 + utilities/testrunners/php82/Dockerfile | 10 +++ 22 files changed, 95 insertions(+), 129 deletions(-) create mode 100644 utilities/testrunners/php82/Dockerfile diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 449146c9..33224fcb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,6 +31,7 @@ jobs: - "7.4" - "8.0" - "8.1" + - "8.2" compiler: - default @@ -42,6 +43,9 @@ jobs: - os: ubuntu-latest php-version: "8.1" compiler: jit + - os: ubuntu-latest + php-version: "8.2" + compiler: jit steps: - name: Checkout diff --git a/CHANGELOG.md b/CHANGELOG.md index 333035ca..0ccdfd6b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Added +- PHP8.2 compatibility [#775](https://github.com/smarty-php/smarty/pull/775) + ### Changed - Include docs and demo in the releases [#799](https://github.com/smarty-php/smarty/issues/799) - Using PHP functions as modifiers now triggers a deprecation notice because we will drop support for this in the next major release [#813](https://github.com/smarty-php/smarty/issues/813) diff --git a/README.md b/README.md index 782f0b2c..0ef3cfab 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Smarty is a template engine for PHP, facilitating the separation of presentation Read the [documentation](https://smarty-php.github.io/smarty/) to find out how to use it. ## Requirements -Smarty can be run with PHP 7.1 to PHP 8.1. +Smarty can be run with PHP 7.1 to PHP 8.2. ## Installation Smarty versions 3.1.11 or later can be installed with [Composer](https://getcomposer.org/). diff --git a/docker-compose.yml b/docker-compose.yml index d46608bf..cc90fb8b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -38,3 +38,8 @@ services: service: base build: dockerfile: ./utilities/testrunners/php81/Dockerfile + php82: + extends: + service: base + build: + dockerfile: ./utilities/testrunners/php82/Dockerfile diff --git a/docs/getting-started.md b/docs/getting-started.md index de55ffe8..2a1391f4 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -2,7 +2,7 @@ What is Smarty? ============== ## Requirements -Smarty can be run with PHP 7.1 to PHP 8.1. +Smarty can be run with PHP 7.1 to PHP 8.2. ## Installation Smarty versions 3.1.11 or later can be installed with [Composer](https://getcomposer.org/). diff --git a/libs/plugins/modifier.escape.php b/libs/plugins/modifier.escape.php index 3ce48382..11e44682 100644 --- a/libs/plugins/modifier.escape.php +++ b/libs/plugins/modifier.escape.php @@ -23,7 +23,6 @@ */ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $double_encode = true) { - static $_double_encode = true; static $is_loaded_1 = false; static $is_loaded_2 = false; if (!$char_set) { @@ -34,87 +33,15 @@ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $ switch ($esc_type) { case 'html': - if ($_double_encode) { - // php >=5.3.2 - go native - return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode); - } else { - if ($double_encode) { - // php <5.2.3 - only handle double encoding - return htmlspecialchars($string, ENT_QUOTES, $char_set); - } else { - // php <5.2.3 - prevent double encoding - $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); - $string = htmlspecialchars($string, ENT_QUOTES, $char_set); - $string = str_replace( - array( - '%%%SMARTY_START%%%', - '%%%SMARTY_END%%%' - ), - array( - '&', - ';' - ), - $string - ); - return $string; - } - } + return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode); // no break case 'htmlall': if (Smarty::$_MBSTRING) { - // mb_convert_encoding ignores htmlspecialchars() - if ($_double_encode) { - // php >=5.3.2 - go native - $string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode); - } else { - if ($double_encode) { - // php <5.2.3 - only handle double encoding - $string = htmlspecialchars($string, ENT_QUOTES, $char_set); - } else { - // php <5.2.3 - prevent double encoding - $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); - $string = htmlspecialchars($string, ENT_QUOTES, $char_set); - $string = - str_replace( - array( - '%%%SMARTY_START%%%', - '%%%SMARTY_END%%%' - ), - array( - '&', - ';' - ), - $string - ); - return $string; - } - } - // htmlentities() won't convert everything, so use mb_convert_encoding - return mb_convert_encoding($string, 'HTML-ENTITIES', $char_set); + $string = mb_convert_encoding($string, 'UTF-8', $char_set); + return htmlentities($string, ENT_QUOTES, 'UTF-8', $double_encode); } // no MBString fallback - if ($_double_encode) { - return htmlentities($string, ENT_QUOTES, $char_set, $double_encode); - } else { - if ($double_encode) { - return htmlentities($string, ENT_QUOTES, $char_set); - } else { - $string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string); - $string = htmlentities($string, ENT_QUOTES, $char_set); - $string = str_replace( - array( - '%%%SMARTY_START%%%', - '%%%SMARTY_END%%%' - ), - array( - '&', - ';' - ), - $string - ); - return $string; - } - } + return htmlentities($string, ENT_QUOTES, $char_set, $double_encode); // no break case 'url': return rawurlencode($string); diff --git a/libs/plugins/modifiercompiler.escape.php b/libs/plugins/modifiercompiler.escape.php index 1fc5e781..602c3dbf 100644 --- a/libs/plugins/modifiercompiler.escape.php +++ b/libs/plugins/modifiercompiler.escape.php @@ -18,12 +18,10 @@ * @param Smarty_Internal_TemplateCompilerBase $compiler * * @return string with compiled code - * @throws \SmartyException + * @throws SmartyException */ function smarty_modifiercompiler_escape($params, Smarty_Internal_TemplateCompilerBase $compiler) { - static $_double_encode = true; - static $is_loaded = false; $compiler->template->_checkPlugins( array( array( @@ -41,41 +39,18 @@ function smarty_modifiercompiler_escape($params, Smarty_Internal_TemplateCompile } switch ($esc_type) { case 'html': - if ($_double_encode) { - return 'htmlspecialchars((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' . - var_export($double_encode, true) . ')'; - } elseif ($double_encode) { - return 'htmlspecialchars((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ')'; - } else { - // fall back to modifier.escape.php - } + return 'htmlspecialchars((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' . + var_export($double_encode, true) . ')'; // no break case 'htmlall': if (Smarty::$_MBSTRING) { - if ($_double_encode) { - // php >=5.2.3 - go native - return 'mb_convert_encoding(htmlspecialchars((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . - var_export($char_set, true) . ', ' . var_export($double_encode, true) . - '), "HTML-ENTITIES", ' . var_export($char_set, true) . ')'; - } elseif ($double_encode) { - // php <5.2.3 - only handle double encoding - return 'mb_convert_encoding(htmlspecialchars((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . - var_export($char_set, true) . '), "HTML-ENTITIES", ' . var_export($char_set, true) . ')'; - } else { - // fall back to modifier.escape.php - } + return 'htmlentities(mb_convert_encoding((string)' . $params[ 0 ] . ', \'UTF-8\', ' . + var_export($char_set, true) . '), ENT_QUOTES, \'UTF-8\', ' . + var_export($double_encode, true) . ')'; } // no MBString fallback - if ($_double_encode) { - // php >=5.2.3 - go native - return 'htmlentities((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' . - var_export($double_encode, true) . ')'; - } elseif ($double_encode) { - // php <5.2.3 - only handle double encoding - return 'htmlentities((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ')'; - } else { - // fall back to modifier.escape.php - } + return 'htmlentities((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' . + var_export($double_encode, true) . ')'; // no break case 'url': return 'rawurlencode((string)' . $params[ 0 ] . ')'; diff --git a/libs/plugins/modifiercompiler.unescape.php b/libs/plugins/modifiercompiler.unescape.php index 3438fe3e..9e1f06d6 100644 --- a/libs/plugins/modifiercompiler.unescape.php +++ b/libs/plugins/modifiercompiler.unescape.php @@ -39,9 +39,9 @@ function smarty_modifiercompiler_unescape($params, Smarty_Internal_TemplateCompi case 'entity': case 'htmlall': if (Smarty::$_MBSTRING) { - return 'mb_convert_encoding(' . $params[ 0 ] . ', ' . $params[ 2 ] . ', \'HTML-ENTITIES\')'; + return 'html_entity_decode(mb_convert_encoding(' . $params[ 0 ] . ', ' . $params[ 2 ] . ', \'UTF-8\'), ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, ' . $params[ 2 ] . ')'; } - return 'html_entity_decode(' . $params[ 0 ] . ', ENT_NOQUOTES, ' . $params[ 2 ] . ')'; + return 'html_entity_decode(' . $params[ 0 ] . ', ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, ' . $params[ 2 ] . ')'; case 'html': return 'htmlspecialchars_decode(' . $params[ 0 ] . ', ENT_QUOTES)'; case 'url': diff --git a/libs/sysplugins/smarty_internal_extension_handler.php b/libs/sysplugins/smarty_internal_extension_handler.php index 634ad831..3ef040ab 100644 --- a/libs/sysplugins/smarty_internal_extension_handler.php +++ b/libs/sysplugins/smarty_internal_extension_handler.php @@ -36,6 +36,7 @@ * @property Smarty_Internal_Method_RegisterPlugin $registerPlugin * @property mixed|\Smarty_Template_Cached configLoad */ +#[\AllowDynamicProperties] class Smarty_Internal_Extension_Handler { public $objType = null; diff --git a/libs/sysplugins/smarty_internal_runtime_make_nocache.php b/libs/sysplugins/smarty_internal_runtime_make_nocache.php index 53069148..7994aa04 100644 --- a/libs/sysplugins/smarty_internal_runtime_make_nocache.php +++ b/libs/sysplugins/smarty_internal_runtime_make_nocache.php @@ -22,7 +22,7 @@ class Smarty_Internal_Runtime_Make_Nocache { if (isset($tpl->tpl_vars[ $var ])) { $export = - preg_replace('/^Smarty_Variable::__set_state[(]|[)]$/', '', var_export($tpl->tpl_vars[ $var ], true)); + preg_replace('/^\\\\?Smarty_Variable::__set_state[(]|[)]$/', '', var_export($tpl->tpl_vars[ $var ], true)); if (preg_match('/(\w+)::__set_state/', $export, $match)) { throw new SmartyException("{make_nocache \${$var}} in template '{$tpl->source->name}': variable does contain object '{$match[1]}' not implementing method '__set_state'"); } diff --git a/libs/sysplugins/smarty_internal_template.php b/libs/sysplugins/smarty_internal_template.php index bf627ce7..72d1d52e 100644 --- a/libs/sysplugins/smarty_internal_template.php +++ b/libs/sysplugins/smarty_internal_template.php @@ -24,6 +24,7 @@ * * @method bool mustCompile() */ +#[\AllowDynamicProperties] class Smarty_Internal_Template extends Smarty_Internal_TemplateBase { /** diff --git a/libs/sysplugins/smarty_security.php b/libs/sysplugins/smarty_security.php index 974c6352..97cd0521 100644 --- a/libs/sysplugins/smarty_security.php +++ b/libs/sysplugins/smarty_security.php @@ -19,6 +19,7 @@ /** * This class does contain the security settings */ +#[\AllowDynamicProperties] class Smarty_Security { diff --git a/libs/sysplugins/smarty_variable.php b/libs/sysplugins/smarty_variable.php index 914d99bd..6a534228 100644 --- a/libs/sysplugins/smarty_variable.php +++ b/libs/sysplugins/smarty_variable.php @@ -7,6 +7,7 @@ * @package Smarty * @subpackage Template */ +#[\AllowDynamicProperties] class Smarty_Variable { /** diff --git a/tests/UnitTests/ResourceTests/Stream/StreamResourceTest.php b/tests/UnitTests/ResourceTests/Stream/StreamResourceTest.php index 57dbd9eb..e5eedcc1 100644 --- a/tests/UnitTests/ResourceTests/Stream/StreamResourceTest.php +++ b/tests/UnitTests/ResourceTests/Stream/StreamResourceTest.php @@ -206,6 +206,7 @@ class StreamResourceTest extends PHPUnit_Smarty } } +#[AllowDynamicProperties] class ResourceStream { private $position; diff --git a/tests/UnitTests/SecurityTests/SecurityTest.php b/tests/UnitTests/SecurityTests/SecurityTest.php index e1469a8d..7631a0a6 100644 --- a/tests/UnitTests/SecurityTests/SecurityTest.php +++ b/tests/UnitTests/SecurityTests/SecurityTest.php @@ -391,6 +391,7 @@ class Security extends Smarty_Security { } +#[AllowDynamicProperties] class ResourceStreamSecurity { private $position; diff --git a/tests/UnitTests/SmartyMethodsTests/RegisterObject/CompileRegisteredObjectFunctionTest.php b/tests/UnitTests/SmartyMethodsTests/RegisterObject/CompileRegisteredObjectFunctionTest.php index 63a7b52d..eaee1360 100644 --- a/tests/UnitTests/SmartyMethodsTests/RegisterObject/CompileRegisteredObjectFunctionTest.php +++ b/tests/UnitTests/SmartyMethodsTests/RegisterObject/CompileRegisteredObjectFunctionTest.php @@ -15,6 +15,11 @@ */ class CompileRegisteredObjectFunctionTest extends PHPUnit_Smarty { + /** + * @var RegObject + */ + private $object; + public function setUp(): void { $this->setUpSmarty(__DIR__); diff --git a/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierCharsetTest.php b/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierCharsetTest.php index 423b593c..92ff9514 100644 --- a/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierCharsetTest.php +++ b/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierCharsetTest.php @@ -23,7 +23,7 @@ class PluginModifierCharsetTest extends PHPUnit_Smarty public function testToLatin1() { $encoded = "hällö wörld 1"; - $result = utf8_decode($encoded); + $result = mb_convert_encoding($encoded, 'ISO-8859-1', 'UTF-8'); $tpl = $this->smarty->createTemplate('string:{"' . $encoded . '"|to_charset}'); $this->assertEquals(str_replace("\r", '', $result), $tpl->fetch()); } @@ -33,7 +33,7 @@ class PluginModifierCharsetTest extends PHPUnit_Smarty Smarty::$_MBSTRING = false; $this->smarty->setCompileId('mb'); $encoded = "hällö wörld 2"; - $result = utf8_decode($encoded); + $result = mb_convert_encoding($encoded, 'ISO-8859-1', 'UTF-8'); $tpl = $this->smarty->createTemplate('string:{"' . $encoded . '"|to_charset}'); $this->assertEquals($encoded, $tpl->fetch()); Smarty::$_MBSTRING = true; @@ -42,7 +42,7 @@ class PluginModifierCharsetTest extends PHPUnit_Smarty public function testFromLatin1() { $result = "hällö wörld 3"; - $encoded = utf8_decode($result); + $encoded = mb_convert_encoding($result, 'ISO-8859-1', 'UTF-8'); $tpl = $this->smarty->createTemplate('string:{"' . $encoded . '"|from_charset}'); $this->assertEquals(str_replace("\r", '', $result), $tpl->fetch()); } @@ -52,7 +52,7 @@ class PluginModifierCharsetTest extends PHPUnit_Smarty Smarty::$_MBSTRING = false; $this->smarty->setCompileId('mb'); $result = "hällö wörld 4"; - $encoded = utf8_decode($result); + $encoded = mb_convert_encoding($result, 'ISO-8859-1', 'UTF-8'); $tpl = $this->smarty->createTemplate('string:{"' . $encoded . '"|from_charset}'); $this->assertEquals($encoded, $tpl->fetch()); Smarty::$_MBSTRING = true; diff --git a/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierEscapeTest.php b/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierEscapeTest.php index 0782a01c..309a71ab 100644 --- a/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierEscapeTest.php +++ b/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierEscapeTest.php @@ -20,12 +20,19 @@ class PluginModifierEscapeTest extends PHPUnit_Smarty $this->setUpSmarty(__DIR__); } - public function testHtml() + public function testHtmlCompiled() { $tpl = $this->smarty->createTemplate('string:{"I\'m some to ä be \"escaped\" or ©"|escape:"html"}'); $this->assertEquals("I'm some <html> to ä be "escaped" or &copy;", $this->smarty->fetch($tpl)); } + public function testHtmlModifier() + { + $tpl = $this->smarty->createTemplate('string:{"I\'m some to ä be \"escaped\" or ©"|escape:$mode}'); + $this->smarty->assign('mode', 'html'); + $this->assertEquals("I'm some <html> to ä be "escaped" or &copy;", $this->smarty->fetch($tpl)); + } + public function testHtmlWithoutMbstring() { Smarty::$_MBSTRING = false;$this->smarty->setCompileId('mb'); @@ -48,13 +55,20 @@ class PluginModifierEscapeTest extends PHPUnit_Smarty Smarty::$_MBSTRING = true; } - public function testHtmlall() + public function testHtmlallCompiled() { $tpl = $this->smarty->createTemplate('string:{"I\'m some to ä be \"escaped\" or ©"|escape:"htmlall"}'); $this->assertEquals("I'm some <html> to ä be "escaped" or &copy;", $this->smarty->fetch($tpl)); } - public function testHtmlallWithoutMbstring() + public function testHtmlallModifier() + { + $tpl = $this->smarty->createTemplate('string:{"I\'m some to ä be \"escaped\" or ©"|escape:$mode}'); + $this->smarty->assign('mode', 'htmlall'); + $this->assertEquals("I'm some <html> to ä be "escaped" or &copy;", $this->smarty->fetch($tpl)); + } + + public function testHtmlallWithoutMbstringCompiled() { Smarty::$_MBSTRING = false;$this->smarty->setCompileId('mb'); $tpl = $this->smarty->createTemplate('string:{"I\'m some to ä be \"escaped\" or ©"|escape:"htmlall"}'); @@ -62,6 +76,15 @@ class PluginModifierEscapeTest extends PHPUnit_Smarty Smarty::$_MBSTRING = true; } + public function testHtmlallWithoutMbstringModifier() + { + Smarty::$_MBSTRING = false;$this->smarty->setCompileId('mb'); + $tpl = $this->smarty->createTemplate('string:{"I\'m some to ä be \"escaped\" or ©"|escape:$mode}'); + $this->smarty->assign('mode', 'htmlall'); + $this->assertEquals("I'm some <html> to ä be "escaped" or &copy;", $this->smarty->fetch($tpl)); + Smarty::$_MBSTRING = true; + } + public function testHtmlallDouble() { $tpl = $this->smarty->createTemplate('string:{"I\'m some to ä be \"escaped\" or ©"|escape:"htmlall":null:false}'); @@ -76,12 +99,19 @@ class PluginModifierEscapeTest extends PHPUnit_Smarty Smarty::$_MBSTRING = true; } - public function testUrl() + public function testUrlCompiled() { $tpl = $this->smarty->createTemplate('string:{"http://some.encoded.com/url?parts#foo"|escape:"url"}'); $this->assertEquals("http%3A%2F%2Fsome.encoded.com%2Furl%3Fparts%23foo", $this->smarty->fetch($tpl)); } + public function testUrlModifier() + { + $tpl = $this->smarty->createTemplate('string:{"http://some.encoded.com/url?parts#foo"|escape:$mode}'); + $this->smarty->assign('mode', 'url'); + $this->assertEquals("http%3A%2F%2Fsome.encoded.com%2Furl%3Fparts%23foo", $this->smarty->fetch($tpl)); + } + public function testUrlWithoutMbstring() { Smarty::$_MBSTRING = false;$this->smarty->setCompileId('mb'); @@ -203,7 +233,7 @@ class PluginModifierEscapeTest extends PHPUnit_Smarty public function testNonstdWithoutMbstring() { Smarty::$_MBSTRING = false;$this->smarty->setCompileId('mb'); - $tpl = $this->smarty->createTemplate('string:{"' . utf8_decode('sma\'rty@»example«.com') . '"|escape:"nonstd"}'); + $tpl = $this->smarty->createTemplate('string:{"' . mb_convert_encoding('sma\'rty@»example«.com', 'ISO-8859-1', 'UTF-8') . '"|escape:"nonstd"}'); $this->assertEquals("sma'rty@»example«.com", $this->smarty->fetch($tpl)); Smarty::$_MBSTRING = true; } diff --git a/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierStripTest.php b/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierStripTest.php index fbef16b0..ab1a4384 100644 --- a/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierStripTest.php +++ b/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierStripTest.php @@ -30,7 +30,7 @@ class PluginModifierStripTest extends PHPUnit_Smarty { // Some Unicode Spaces $string = " hello spaced       words "; - $string = mb_convert_encoding($string, 'UTF-8', "HTML-ENTITIES"); + $string = html_entity_decode($string, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, 'UTF-8'); $tpl = $this->smarty->createTemplate('string:{"' . $string . '"|strip}'); $this->assertEquals(" hello spaced words ", $this->smarty->fetch($tpl)); } diff --git a/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierUnescapeTest.php b/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierUnescapeTest.php index e3e4ac6b..2fdefb2e 100644 --- a/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierUnescapeTest.php +++ b/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierUnescapeTest.php @@ -40,8 +40,8 @@ class PluginModifierUnescapeTest extends PHPUnit_Smarty public function testHtmlall() { - $encoded = "aäЗдра><&amp;ääвсствуйте"; - $result = "aäЗдра><&ääвсствуйте"; + $encoded = "'"aäЗдра><&amp;ääвсствуйте"; + $result = "'\"aäЗдра><&ääвсствуйте"; $tpl = $this->smarty->createTemplate('string:{"' . $encoded . '"|unescape:"htmlall"}'); $this->assertEquals($result, $this->smarty->fetch($tpl)); } @@ -49,8 +49,8 @@ class PluginModifierUnescapeTest extends PHPUnit_Smarty public function testHtmlallWithoutMbstring() { Smarty::$_MBSTRING = false;$this->smarty->setCompileId('mb'); - $encoded = "aäЗдра><&amp;ääвсствуйте"; - $result = "aäЗдра><&ääвсствуйте"; + $encoded = "'"aäЗдра><&amp;ääвсствуйте"; + $result = "'\"aäЗдра><&ääвсствуйте"; $tpl = $this->smarty->createTemplate('string:{"' . $encoded . '"|unescape:"htmlall"}'); $this->assertEquals($result, $this->smarty->fetch($tpl)); Smarty::$_MBSTRING = true; diff --git a/tests/UnitTests/TemplateSource/ValueTests/Variables/Stream/StreamVariableTest.php b/tests/UnitTests/TemplateSource/ValueTests/Variables/Stream/StreamVariableTest.php index feca410e..c832fc70 100644 --- a/tests/UnitTests/TemplateSource/ValueTests/Variables/Stream/StreamVariableTest.php +++ b/tests/UnitTests/TemplateSource/ValueTests/Variables/Stream/StreamVariableTest.php @@ -68,6 +68,7 @@ class StreamVariableTest extends PHPUnit_Smarty // } } +#[AllowDynamicProperties] class VariableStream { private $position; diff --git a/utilities/testrunners/php82/Dockerfile b/utilities/testrunners/php82/Dockerfile new file mode 100644 index 00000000..6b7392ea --- /dev/null +++ b/utilities/testrunners/php82/Dockerfile @@ -0,0 +1,10 @@ +FROM php:8.2-cli + +## Basic utilities +RUN apt-get update -yqq && apt-get install -y curl apt-utils git zip unzip + +## Composer +COPY ./utilities/testrunners/shared/install-composer.sh /root/install-composer.sh +WORKDIR /root +RUN sh ./install-composer.sh +RUN mv ./composer.phar /usr/local/bin/composer