smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-05 10:54:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

disallow variable func calls when security is enabled

Browse Source
This commit is contained in:
mohrt
2005-03-30 16:45:24 +00:00
parent 02b5f9e1b4
commit 3297026a00
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
libs/Smarty_Compiler.class.php
View File

@@ -1372,6 +1372,9 @@ class Smarty_Compiler extends Smarty {
!in_array($token, $this->security_settings['IF_FUNCS'])) { !in_array($token, $this->security_settings['IF_FUNCS'])) {
$this->_syntax_error("(secure mode) '$token' not allowed in if statement", E_USER_ERROR, __FILE__, __LINE__); $this->_syntax_error("(secure mode) '$token' not allowed in if statement", E_USER_ERROR, __FILE__, __LINE__);
} }
} elseif($this->security && preg_match('~^' . $this->_var_regexp . '$~', $token) && isset($tokens[$i+1]) && $tokens[$i+1] == '(') {
// variable function call
$this->_syntax_error("(secure mode) variable function call '$token' not allowed in if statement", E_USER_ERROR, __FILE__, __LINE__);
} elseif(preg_match('~^' . $this->_obj_call_regexp . '|' . $this->_var_regexp . '(?:' . $this->_mod_regexp . '*)$~', $token)) { } elseif(preg_match('~^' . $this->_obj_call_regexp . '|' . $this->_var_regexp . '(?:' . $this->_mod_regexp . '*)$~', $token)) {
// object or variable // object or variable
$token = $this->_parse_var_props($token); $token = $this->_parse_var_props($token);