- bugfix allow only fixed string as file attribute at {extends} tag

2025-08-05 19:04:27 +02:00 · 2011-04-21 23:11:24 +00:00
parent d999a7bc5c
commit 44dc14891d
2 changed files with 19 additions and 16 deletions
--- a/change_log.txt
+++ b/change_log.txt
@@ -1,4 +1,7 @@
 ===== SVN trunk  =====
+22/04/2011
+- bugfix allow only fixed string as file attribute at {extends} tag
+
 01/04/2011
 - bugfix do not run filters and default modifier when displaying the debug template
 - bugfix of embedded double quotes within multi line strings (""")
--- a/libs/sysplugins/smarty_internal_compile_extends.php
+++ b/libs/sysplugins/smarty_internal_compile_extends.php
@@ -2,12 +2,12 @@

 /**
 * Smarty Internal Plugin Compile extend
- * 
+ *
 * Compiles the {extends} tag
- * 
+ *
 * @package Smarty
 * @subpackage Compiler
- * @author Uwe Tews 
+ * @author Uwe Tews
 */

 /**
@@ -20,7 +20,7 @@ class Smarty_Internal_Compile_Extends extends Smarty_Internal_CompileBase {

    /**
     * Compiles code for the {extends} tag
-     * 
+     *
     * @param array $args array with attributes from parser
     * @param object $compiler compiler object
     * @return string compiled code
@@ -38,14 +38,14 @@ class Smarty_Internal_Compile_Extends extends Smarty_Internal_CompileBase {
        	$this->compiler->trigger_template_error('nocache option not allowed', $this->compiler->lex->taglineno);
        }

-        $_smarty_tpl = $compiler->template; 
+        $_smarty_tpl = $compiler->template;
        $include_file = null;
-        if (strpos($_attr['file'],'$_tmp') !== false) {
-        	$this->compiler->trigger_template_error('illegal value for file attribute', $this->compiler->lex->taglineno);
+        if (strpos($_attr['file'],'$_tmp') !== false || strpos($_attr['file'],'$_smarty_tpl') !== false || strpos($_attr['file'],'::') !== false) {
+        	$this->compiler->trigger_template_error('a variable file attribute is illegal', $this->compiler->lex->taglineno);
        }
-        eval('$include_file = ' . $_attr['file'] . ';'); 
+        eval('$include_file = ' . $_attr['file'] . ';');
        // create template object
-        $_template = new $compiler->smarty->template_class($include_file, $this->smarty, $compiler->template); 
+        $_template = new $compiler->smarty->template_class($include_file, $this->smarty, $compiler->template);
        // save file dependency
        if (in_array($_template->resource_type,array('eval','string'))) {
        	$template_sha1 = sha1($include_file);
@@ -54,13 +54,13 @@ class Smarty_Internal_Compile_Extends extends Smarty_Internal_CompileBase {
    	}
        if (isset($compiler->template->properties['file_dependency'][$template_sha1])) {
            $this->compiler->trigger_template_error("illegal recursive call of \"{$include_file}\"",$compiler->lex->line-1);
-        } 
+        }
        $compiler->template->properties['file_dependency'][$template_sha1] = array($_template->getTemplateFilepath(), $_template->getTemplateTimestamp(),$_template->resource_type);
        $_content = substr($compiler->template->template_source,$compiler->lex->counter-1);
        if (preg_match_all("!({$this->_ldl}block\s(.+?){$this->_rdl})!", $_content, $s) !=
                preg_match_all("!({$this->_ldl}/block{$this->_rdl})!", $_content, $c)) {
            $this->compiler->trigger_template_error('unmatched {block} {/block} pairs');
-        } 
+        }
        preg_match_all("!{$this->_ldl}block\s(.+?){$this->_rdl}|{$this->_ldl}/block{$this->_rdl}!", $_content, $_result, PREG_OFFSET_CAPTURE);
        $_result_count = count($_result[0]);
        $_start = 0;
@@ -73,18 +73,18 @@ class Smarty_Internal_Compile_Extends extends Smarty_Internal_CompileBase {
                    $_level++;
                } else {
                    $_level--;
-                } 
-            } 
+                }
+            }
            $_block_content = str_replace($this->smarty->left_delimiter . '$smarty.block.parent' . $this->smarty->right_delimiter, '%%%%SMARTY_PARENT%%%%',
                substr($_content, $_result[0][$_start][1] + strlen($_result[0][$_start][0]), $_result[0][$_start + $_end][1] - $_result[0][$_start][1] - + strlen($_result[0][$_start][0])));
            Smarty_Internal_Compile_Block::saveBlockData($_block_content, $_result[0][$_start][0], $compiler->template, $filepath);
            $_start = $_start + $_end + 1;
-        } 
+        }
        $compiler->template->template_source = $_template->getTemplateSource();
        $compiler->template->template_filepath = $_template->getTemplateFilepath();
        $compiler->abort_and_recompile = true;
        return '';
-    } 
+    }

-} 
+}
 ?>