smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-05 19:04:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

- reverted ./ and ../ handling in fetch() and display() - they're allowed again

Browse Source
This commit is contained in:
rodneyrehm
2011-09-21 23:06:27 +00:00
parent 95ab01f99f
commit 48295d9573
2 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
change_log.txt
View File

@@ -3,6 +3,7 @@
- bugfix look for mixed case plugin file names as in 3.0 if not found try all lowercase - bugfix look for mixed case plugin file names as in 3.0 if not found try all lowercase
- added $error_muting to suppress error messages even for badly implemented error_handlers - added $error_muting to suppress error messages even for badly implemented error_handlers
- optimized autoloader - optimized autoloader
- reverted ./ and ../ handling in fetch() and display() - they're allowed again
20.09.2011 20.09.2011
- bugfix removed debug echo output while compiling template inheritance - bugfix removed debug echo output while compiling template inheritance

16
libs/sysplugins/smarty_resource.php
View File

@@ -164,12 +164,11 @@ abstract class Smarty_Resource {
// as expansions (like include_path) have already been done // as expansions (like include_path) have already been done
$file = getcwd() . DS . $file; $file = getcwd() . DS . $file;
} }
} elseif ($_file_is_dotted) { }
throw new SmartyException("Template '{$file}' may not start with ../ or ./'");
}
// resolve relative path // resolve relative path
if (!preg_match('/^([\/\\\\]|[a-zA-Z]:[\/\\\\])/', $file)) { if (!preg_match('/^([\/\\\\]|[a-zA-Z]:[\/\\\\])/', $file)) {
$_was_relative_prefix = $file[0] == '.' ? substr($file, 0, strpos($file, '|')) : null;
$_path = DS . trim($file, '/\\'); $_path = DS . trim($file, '/\\');
$_was_relative = true; $_was_relative = true;
} else { } else {
@@ -201,8 +200,13 @@ abstract class Smarty_Resource {
} }
// revert to relative // revert to relative
if (isset($_was_relative)) { if (isset($_was_relative)) {
$_path = substr($_path, 1); if (isset($_was_relative_prefix)){
$_path = $_was_relative_prefix . $_path;
} else {
$_path = substr($_path, 1);
}
} }
// this is only required for directories // this is only required for directories
$file = rtrim($_path, '/\\'); $file = rtrim($_path, '/\\');
@@ -213,10 +217,6 @@ abstract class Smarty_Resource {
// template_dir index? // template_dir index?
if (preg_match('#^\[(?P<key>[^\]]+)\](?P<file>.+)$#', $file, $match)) { if (preg_match('#^\[(?P<key>[^\]]+)\](?P<file>.+)$#', $file, $match)) {
if ($match['file'][0] == '.' && ($match['file'][1] == '.' || $match['file'][1] == '/' || $match['file'][1] == "\\")) {
throw new SmartyException("Template '{$match['file']}' may not start with ../ or ./'");
}
$_directory = null; $_directory = null;
// try string indexes // try string indexes
if (isset($_directories[$match['key']])) { if (isset($_directories[$match['key']])) {