smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-06 11:24:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

- bugfix allow only fixed string as file attribute at {extends} tag

Browse Source
This commit is contained in:
uwe.tews@googlemail.com
2011-04-21 23:11:24 +00:00
parent d999a7bc5c
commit 44dc14891d
2 changed files with 19 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
change_log.txt
View File

@@ -1,4 +1,7 @@
===== SVN trunk =====
22/04/2011
- bugfix allow only fixed string as file attribute at {extends} tag
01/04/2011
- bugfix do not run filters and default modifier when displaying the debug template
- bugfix of embedded double quotes within multi line strings (""")

4
libs/sysplugins/smarty_internal_compile_extends.php
View File

@@ -40,8 +40,8 @@ class Smarty_Internal_Compile_Extends extends Smarty_Internal_CompileBase {
$_smarty_tpl = $compiler->template;
$include_file = null;
if (strpos($_attr['file'],'$_tmp') !== false) {
$this->compiler->trigger_template_error('illegal value for file attribute', $this->compiler->lex->taglineno);
if (strpos($_attr['file'],'$_tmp') !== false || strpos($_attr['file'],'$_smarty_tpl') !== false || strpos($_attr['file'],'::') !== false) {
$this->compiler->trigger_template_error('a variable file attribute is illegal', $this->compiler->lex->taglineno);
}
eval('$include_file = ' . $_attr['file'] . ';');
// create template object