smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-06 19:34:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

- bugfix support of script files relative to trusted_dir

Browse Source
This commit is contained in:
Uwe.Tews
2010-07-07 22:08:10 +00:00
parent c8f22fe247
commit 396d7aa8a5
4 changed files with 37 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
change_log.txt
View File

@@ -1,5 +1,6 @@
07/07/2010 07/07/2010
- bugfix the truncate modifier needs to check if the string is utf-8 encoded or not - bugfix the truncate modifier needs to check if the string is utf-8 encoded or not
- bugfix support of script files relative to trusted_dir
06/07/2010 06/07/2010
- create exception on recursive {extends} calls - create exception on recursive {extends} calls

1
libs/Smarty.class.php
View File

@@ -159,6 +159,7 @@ class Smarty extends Smarty_Internal_Data {
public $security_policy = null; public $security_policy = null;
public $security_handler = null; public $security_handler = null;
public $direct_access_security = true; public $direct_access_security = true;
public $trusted_dir = array();
// debug mode // debug mode
public $debugging = false; public $debugging = false;
public $debugging_ctrl = 'NONE'; public $debugging_ctrl = 'NONE';

2
libs/plugins/modifier.truncate.php
View File

@@ -48,7 +48,7 @@ function smarty_modifier_truncate($string, $length = 80, $etc = '...',
} }
} }
} }
// $string has utf-8 no encoding // $string has no utf-8 encoding
if (strlen($string) > $length) { if (strlen($string) > $length) {
$length -= min($length, strlen($etc)); $length -= min($length, strlen($etc));
if (!$break_words && !$middle) { if (!$break_words && !$middle) {

44
libs/sysplugins/smarty_internal_compile_insert.php
View File

@@ -35,7 +35,6 @@ class Smarty_Internal_Compile_Insert extends Smarty_Internal_CompileBase {
$_output = '<?php '; $_output = '<?php ';
// save posible attributes // save posible attributes
eval('$_name = ' . $_attr['name'] . ';'); eval('$_name = ' . $_attr['name'] . ';');
$_function = "insert_{$_name}";
if (isset($_attr['assign'])) { if (isset($_attr['assign'])) {
// output will be stored in a smarty variable instead of beind displayed // output will be stored in a smarty variable instead of beind displayed
$_assign = $_attr['assign']; $_assign = $_attr['assign'];
@@ -44,22 +43,47 @@ class Smarty_Internal_Compile_Insert extends Smarty_Internal_CompileBase {
} }
if (isset($_attr['script'])) { if (isset($_attr['script'])) {
// script which must be included // script which must be included
$_function = "smarty_insert_{$_name}";
$_smarty_tpl = $compiler->template; $_smarty_tpl = $compiler->template;
$_filepath = false;
eval('$_script = ' . $_attr['script'] . ';'); eval('$_script = ' . $_attr['script'] . ';');
if (!file_exists($_script)) { if (!$this->compiler->smarty->security && file_exists($_script)) {
$this->compiler->trigger_template_error("{insert} missing script file '{$_script}'"); $_filepath = $_script;
} else {
if ($this->compiler->smarty->security) {
$_dir = $this->compiler->smarty->security_policy->trusted_dir;
} else {
$_dir = $this->compiler->smarty->trusted_dir;
}
if (!empty($_dir)) {
foreach((array)$_dir as $_script_dir) {
if (strpos('/\\', substr($_script_dir, -1)) === false) {
$_script_dir .= DS;
}
if (file_exists($_script_dir . $_script)) {
$_filepath = $_script_dir . $_script;
break;
}
}
}
}
if ($_filepath == false) {
$this->compiler->trigger_template_error("{insert} missing script file '{$_script}'", $this->compiler->lex->taglineno);
} }
// code for script file loading // code for script file loading
$_output .= "require_once '{$_script}' ;"; $_output .= "require_once '{$_filepath}' ;";
require_once $_script; require_once $_filepath;
if (!is_callable($_function)) { if (!is_callable($_function)) {
$this->compiler->trigger_template_error(" {insert} function '{$_name}' is not callable"); $this->compiler->trigger_template_error(" {insert} function '{$_function}' is not callable in script file '{$_script}'", $this->compiler->lex->taglineno);
} }
} else { } else {
$_script = 'null'; $_filepath = 'null';
$_function = "insert_{$_name}";
// function in PHP script ?
if (!is_callable($_function)) { if (!is_callable($_function)) {
// try plugin
if (!$_function = $this->compiler->getPlugin($_name, 'insert')) { if (!$_function = $this->compiler->getPlugin($_name, 'insert')) {
$this->compiler->trigger_template_error("{insert} no function or plugin found for '{$_name}'"); $this->compiler->trigger_template_error("{insert} no function or plugin found for '{$_name}'", $this->compiler->lex->taglineno);
} }
} }
} }
@@ -74,14 +98,14 @@ class Smarty_Internal_Compile_Insert extends Smarty_Internal_CompileBase {
// call insert // call insert
if (isset($_assign)) { if (isset($_assign)) {
if ($_smarty_tpl->caching) { if ($_smarty_tpl->caching) {
$_output .= "echo Smarty_Internal_Nocache_Insert::compile ('{$_function}',{$_params}, \$_smarty_tpl, '{$_script}',{$_assign});?>"; $_output .= "echo Smarty_Internal_Nocache_Insert::compile ('{$_function}',{$_params}, \$_smarty_tpl, '{$_filepath}',{$_assign});?>";
} else { } else {
$_output .= "\$_smarty_tpl->assign({$_assign} , {$_function} ({$_params},\$_smarty_tpl->smarty,\$_smarty_tpl), true);?>"; $_output .= "\$_smarty_tpl->assign({$_assign} , {$_function} ({$_params},\$_smarty_tpl->smarty,\$_smarty_tpl), true);?>";
} }
} else { } else {
$this->compiler->has_output = true; $this->compiler->has_output = true;
if ($_smarty_tpl->caching) { if ($_smarty_tpl->caching) {
$_output .= "echo Smarty_Internal_Nocache_Insert::compile ('{$_function}',{$_params}, \$_smarty_tpl, '{$_script}');?>"; $_output .= "echo Smarty_Internal_Nocache_Insert::compile ('{$_function}',{$_params}, \$_smarty_tpl, '{$_filepath}');?>";
} else { } else {
$_output .= "echo {$_function}({$_params},\$_smarty_tpl->smarty,\$_smarty_tpl);?>"; $_output .= "echo {$_function}({$_params},\$_smarty_tpl->smarty,\$_smarty_tpl);?>";
} }