smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-05 10:54:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

- reverted ./ and ../ handling in fetch() and display() - they're allowed again

Browse Source
This commit is contained in:
rodneyrehm
2011-09-21 23:06:27 +00:00
parent 95ab01f99f
commit 48295d9573
2 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
change_log.txt
View File

@@ -3,6 +3,7 @@
- bugfix look for mixed case plugin file names as in 3.0 if not found try all lowercase
- added $error_muting to suppress error messages even for badly implemented error_handlers
- optimized autoloader
- reverted ./ and ../ handling in fetch() and display() - they're allowed again
20.09.2011
- bugfix removed debug echo output while compiling template inheritance

16
libs/sysplugins/smarty_resource.php
View File

@@ -164,12 +164,11 @@ abstract class Smarty_Resource {
// as expansions (like include_path) have already been done
$file = getcwd() . DS . $file;
}
} elseif ($_file_is_dotted) {
throw new SmartyException("Template '{$file}' may not start with ../ or ./'");
}
}
// resolve relative path
if (!preg_match('/^([\/\\\\]|[a-zA-Z]:[\/\\\\])/', $file)) {
$_was_relative_prefix = $file[0] == '.' ? substr($file, 0, strpos($file, '|')) : null;
$_path = DS . trim($file, '/\\');
$_was_relative = true;
} else {
@@ -201,8 +200,13 @@ abstract class Smarty_Resource {
}
// revert to relative
if (isset($_was_relative)) {
$_path = substr($_path, 1);
if (isset($_was_relative_prefix)){
$_path = $_was_relative_prefix . $_path;
} else {
$_path = substr($_path, 1);
}
}
// this is only required for directories
$file = rtrim($_path, '/\\');
@@ -213,10 +217,6 @@ abstract class Smarty_Resource {
// template_dir index?
if (preg_match('#^\[(?P<key>[^\]]+)\](?P<file>.+)$#', $file, $match)) {
if ($match['file'][0] == '.' && ($match['file'][1] == '.' || $match['file'][1] == '/' || $match['file'][1] == "\\")) {
throw new SmartyException("Template '{$match['file']}' may not start with ../ or ./'");
}
$_directory = null;
// try string indexes
if (isset($_directories[$match['key']])) {