smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-06 19:34:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

- closed possible security hole at <?php ... ?> tags

Browse Source 
- bugfix of config file parser on large config files
This commit is contained in:
Uwe.Tews
2010-01-12 22:12:19 +00:00
parent db887adc37
commit 51ed5b7861
3 changed files with 63 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
change_log.txt
View File

@@ -3,6 +3,8 @@
if modifiers are used in side {if...} expression or in mathematical expressions if modifiers are used in side {if...} expression or in mathematical expressions
parentheses must be used. parentheses must be used.
- bugfix the {function..} tag did not accept the name attribute in double quotes - bugfix the {function..} tag did not accept the name attribute in double quotes
- closed possible security hole at <?php ... ?> tags
- bugfix of config file parser on large config files
###beta 6#### ###beta 6####

125
libs/sysplugins/smarty_internal_configfileparser.php
View File

@@ -195,58 +195,54 @@ class Smarty_Internal_Configfileparser#line 79 "smarty_internal_configfileparser
const TPC_NAKED_STRING = 12; const TPC_NAKED_STRING = 12;
const TPC_NEWLINE = 13; const TPC_NEWLINE = 13;
const TPC_COMMENTSTART = 14; const TPC_COMMENTSTART = 14;
const YY_NO_ACTION = 58; const YY_NO_ACTION = 54;
const YY_ACCEPT_ACTION = 57; const YY_ACCEPT_ACTION = 53;
const YY_ERROR_ACTION = 56; const YY_ERROR_ACTION = 52;
const YY_SZ_ACTTAB = 53; const YY_SZ_ACTTAB = 38;
static public $yy_action = array( static public $yy_action = array(
/* 0 */ 24, 34, 33, 32, 31, 35, 21, 57, 6, 14, /* 0 */ 26, 27, 21, 30, 29, 28, 31, 16, 53, 8,
/* 10 */ 22, 7, 2, 9, 29, 8, 2, 9, 19, 11, /* 10 */ 19, 2, 20, 11, 15, 3, 14, 17, 20, 11,
/* 20 */ 19, 11, 26, 23, 2, 9, 15, 20, 46, 2, /* 20 */ 6, 24, 23, 4, 5, 13, 18, 1, 12, 22,
/* 30 */ 9, 12, 25, 46, 2, 9, 10, 17, 18, 27, /* 30 */ 9, 10, 46, 46, 25, 46, 46, 7,
/* 40 */ 16, 5, 13, 30, 28, 46, 5, 46, 3, 4,
/* 50 */ 46, 46, 1,
); );
static public $yy_lookahead = array( static public $yy_lookahead = array(
/* 0 */ 6, 7, 8, 9, 10, 11, 12, 16, 17, 2, /* 0 */ 6, 7, 8, 9, 10, 11, 12, 2, 16, 17,
/* 10 */ 19, 5, 21, 22, 19, 3, 21, 22, 13, 14, /* 10 */ 13, 19, 13, 14, 2, 19, 4, 2, 13, 14,
/* 20 */ 13, 14, 19, 13, 21, 22, 2, 19, 24, 21, /* 20 */ 3, 21, 22, 5, 3, 12, 13, 19, 1, 23,
/* 30 */ 22, 1, 19, 24, 21, 22, 3, 12, 13, 18, /* 30 */ 21, 21, 24, 24, 20, 24, 24, 18,
/* 40 */ 2, 20, 4, 23, 18, 24, 20, 24, 21, 21,
/* 50 */ 24, 24, 21,
); );
const YY_SHIFT_USE_DFLT = -7; const YY_SHIFT_USE_DFLT = -7;
const YY_SHIFT_MAX = 17; const YY_SHIFT_MAX = 17;
static public $yy_shift_ofst = array( static public $yy_shift_ofst = array(
/* 0 */ 7, 7, 7, 7, 7, 30, 30, -6, 5, 5, /* 0 */ -7, 5, 5, 5, -6, -1, -1, 27, -7, -7,
/* 10 */ 5, 25, 38, 24, 6, 12, 33, 10, /* 10 */ -7, 13, 12, -3, 15, 21, 18, 17,
); );
const YY_REDUCE_USE_DFLT = -10; const YY_REDUCE_USE_DFLT = -9;
const YY_REDUCE_MAX = 10; const YY_REDUCE_MAX = 10;
static public $yy_reduce_ofst = array( static public $yy_reduce_ofst = array(
/* 0 */ -9, 8, 13, 3, -5, 21, 26, 20, 31, 28, /* 0 */ -8, 0, 0, 0, 6, 10, 9, 14, 19, -4,
/* 10 */ 27, /* 10 */ 8,
); );
static public $yyExpectedTokens = array( static public $yyExpectedTokens = array(
/* 0 */ array(2, 13, 14, ), /* 0 */ array(),
/* 1 */ array(2, 13, 14, ), /* 1 */ array(2, 13, 14, ),
/* 2 */ array(2, 13, 14, ), /* 2 */ array(2, 13, 14, ),
/* 3 */ array(2, 13, 14, ), /* 3 */ array(2, 13, 14, ),
/* 4 */ array(2, 13, 14, ), /* 4 */ array(6, 7, 8, 9, 10, 11, 12, ),
/* 5 */ array(1, ), /* 5 */ array(13, 14, ),
/* 6 */ array(1, ), /* 6 */ array(13, 14, ),
/* 7 */ array(6, 7, 8, 9, 10, 11, 12, ), /* 7 */ array(1, ),
/* 8 */ array(13, 14, ), /* 8 */ array(),
/* 9 */ array(13, 14, ), /* 9 */ array(),
/* 10 */ array(13, 14, ), /* 10 */ array(),
/* 11 */ array(12, 13, ), /* 11 */ array(12, 13, ),
/* 12 */ array(2, 4, ), /* 12 */ array(2, 4, ),
/* 13 */ array(2, ), /* 13 */ array(13, ),
/* 14 */ array(5, ), /* 14 */ array(2, ),
/* 15 */ array(3, ), /* 15 */ array(3, ),
/* 16 */ array(3, ), /* 16 */ array(5, ),
/* 17 */ array(13, ), /* 17 */ array(3, ),
/* 18 */ array(), /* 18 */ array(),
/* 19 */ array(), /* 19 */ array(),
/* 20 */ array(), /* 20 */ array(),
@@ -261,20 +257,16 @@ static public $yy_action = array(
/* 29 */ array(), /* 29 */ array(),
/* 30 */ array(), /* 30 */ array(),
/* 31 */ array(), /* 31 */ array(),
/* 32 */ array(),
/* 33 */ array(),
/* 34 */ array(),
/* 35 */ array(),
); );
static public $yy_default = array( static public $yy_default = array(
/* 0 */ 44, 44, 44, 44, 44, 39, 39, 56, 56, 56, /* 0 */ 40, 36, 33, 37, 52, 52, 52, 32, 35, 40,
/* 10 */ 56, 56, 56, 56, 56, 56, 56, 56, 54, 53, /* 10 */ 40, 52, 52, 52, 52, 52, 52, 52, 50, 51,
/* 20 */ 41, 52, 37, 55, 46, 42, 40, 38, 36, 43, /* 20 */ 49, 44, 41, 39, 38, 34, 42, 43, 47, 46,
/* 30 */ 45, 50, 49, 48, 47, 51, /* 30 */ 45, 48,
); );
const YYNOCODE = 25; const YYNOCODE = 25;
const YYSTACKDEPTH = 100; const YYSTACKDEPTH = 100;
const YYNSTATE = 36; const YYNSTATE = 32;
const YYNRULE = 20; const YYNRULE = 20;
const YYERRORSYMBOL = 15; const YYERRORSYMBOL = 15;
const YYERRSYMDT = 'yy0'; const YYERRSYMDT = 'yy0';
@@ -316,12 +308,12 @@ static public $yy_action = array(
static public $yyRuleName = array( static public $yyRuleName = array(
/* 0 */ "start ::= global_vars sections", /* 0 */ "start ::= global_vars sections",
/* 1 */ "global_vars ::= var_list", /* 1 */ "global_vars ::= var_list",
/* 2 */ "sections ::= section sections", /* 2 */ "sections ::= sections section",
/* 3 */ "sections ::=", /* 3 */ "sections ::=",
/* 4 */ "section ::= OPENB ID CLOSEB newline var_list", /* 4 */ "section ::= OPENB ID CLOSEB newline var_list",
/* 5 */ "section ::= OPENB DOT ID CLOSEB newline var_list", /* 5 */ "section ::= OPENB DOT ID CLOSEB newline var_list",
/* 6 */ "var_list ::= newline var_list", /* 6 */ "var_list ::= var_list newline",
/* 7 */ "var_list ::= var newline var_list", /* 7 */ "var_list ::= var_list var",
/* 8 */ "var_list ::=", /* 8 */ "var_list ::=",
/* 9 */ "var ::= ID EQUAL value", /* 9 */ "var ::= ID EQUAL value",
/* 10 */ "value ::= FLOAT", /* 10 */ "value ::= FLOAT",
@@ -614,7 +606,7 @@ static public $yy_action = array(
array( 'lhs' => 20, 'rhs' => 5 ), array( 'lhs' => 20, 'rhs' => 5 ),
array( 'lhs' => 20, 'rhs' => 6 ), array( 'lhs' => 20, 'rhs' => 6 ),
array( 'lhs' => 19, 'rhs' => 2 ), array( 'lhs' => 19, 'rhs' => 2 ),
array( 'lhs' => 19, 'rhs' => 3 ), array( 'lhs' => 19, 'rhs' => 2 ),
array( 'lhs' => 19, 'rhs' => 0 ), array( 'lhs' => 19, 'rhs' => 0 ),
array( 'lhs' => 22, 'rhs' => 3 ), array( 'lhs' => 22, 'rhs' => 3 ),
array( 'lhs' => 23, 'rhs' => 1 ), array( 'lhs' => 23, 'rhs' => 1 ),
@@ -640,7 +632,6 @@ static public $yy_action = array(
4 => 4, 4 => 4,
5 => 5, 5 => 5,
6 => 6, 6 => 6,
16 => 6,
7 => 7, 7 => 7,
8 => 8, 8 => 8,
9 => 9, 9 => 9,
@@ -650,49 +641,53 @@ static public $yy_action = array(
13 => 13, 13 => 13,
14 => 14, 14 => 14,
15 => 15, 15 => 15,
16 => 16,
); );
#line 127 "smarty_internal_configfileparser.y" #line 127 "smarty_internal_configfileparser.y"
function yy_r0(){ $this->_retvalue = null; } function yy_r0(){ $this->_retvalue = null; }
#line 651 "smarty_internal_configfileparser.php" #line 643 "smarty_internal_configfileparser.php"
#line 130 "smarty_internal_configfileparser.y" #line 130 "smarty_internal_configfileparser.y"
function yy_r1(){ $this->add_global_vars($this->yystack[$this->yyidx + 0]->minor); $this->_retvalue = null; } function yy_r1(){ $this->add_global_vars($this->yystack[$this->yyidx + 0]->minor); $this->_retvalue = null; }
#line 654 "smarty_internal_configfileparser.php" #line 646 "smarty_internal_configfileparser.php"
#line 136 "smarty_internal_configfileparser.y" #line 136 "smarty_internal_configfileparser.y"
function yy_r4(){ $this->add_section_vars($this->yystack[$this->yyidx + -3]->minor, $this->yystack[$this->yyidx + 0]->minor); $this->_retvalue = null; } function yy_r4(){ $this->add_section_vars($this->yystack[$this->yyidx + -3]->minor, $this->yystack[$this->yyidx + 0]->minor); $this->_retvalue = null; }
#line 657 "smarty_internal_configfileparser.php" #line 649 "smarty_internal_configfileparser.php"
#line 137 "smarty_internal_configfileparser.y" #line 137 "smarty_internal_configfileparser.y"
function yy_r5(){ if ($this->smarty->config_read_hidden) { $this->add_section_vars($this->yystack[$this->yyidx + -3]->minor, $this->yystack[$this->yyidx + 0]->minor); } $this->_retvalue = null; } function yy_r5(){ if ($this->smarty->config_read_hidden) { $this->add_section_vars($this->yystack[$this->yyidx + -3]->minor, $this->yystack[$this->yyidx + 0]->minor); } $this->_retvalue = null; }
#line 660 "smarty_internal_configfileparser.php" #line 652 "smarty_internal_configfileparser.php"
#line 141 "smarty_internal_configfileparser.y" #line 141 "smarty_internal_configfileparser.y"
function yy_r6(){ $this->_retvalue = $this->yystack[$this->yyidx + 0]->minor; } function yy_r6(){ $this->_retvalue = $this->yystack[$this->yyidx + -1]->minor; }
#line 663 "smarty_internal_configfileparser.php" #line 655 "smarty_internal_configfileparser.php"
#line 142 "smarty_internal_configfileparser.y" #line 142 "smarty_internal_configfileparser.y"
function yy_r7(){ $this->_retvalue = array_merge(Array($this->yystack[$this->yyidx + -2]->minor), $this->yystack[$this->yyidx + 0]->minor); } function yy_r7(){ $this->_retvalue = array_merge($this->yystack[$this->yyidx + -1]->minor, Array($this->yystack[$this->yyidx + 0]->minor)); }
#line 666 "smarty_internal_configfileparser.php" #line 658 "smarty_internal_configfileparser.php"
#line 143 "smarty_internal_configfileparser.y" #line 143 "smarty_internal_configfileparser.y"
function yy_r8(){ $this->_retvalue = Array(); } function yy_r8(){ $this->_retvalue = Array(); }
#line 669 "smarty_internal_configfileparser.php" #line 661 "smarty_internal_configfileparser.php"
#line 147 "smarty_internal_configfileparser.y" #line 147 "smarty_internal_configfileparser.y"
function yy_r9(){ $this->_retvalue = Array("key" => $this->yystack[$this->yyidx + -2]->minor, "value" => $this->yystack[$this->yyidx + 0]->minor); } function yy_r9(){ $this->_retvalue = Array("key" => $this->yystack[$this->yyidx + -2]->minor, "value" => $this->yystack[$this->yyidx + 0]->minor); }
#line 672 "smarty_internal_configfileparser.php" #line 664 "smarty_internal_configfileparser.php"
#line 149 "smarty_internal_configfileparser.y" #line 149 "smarty_internal_configfileparser.y"
function yy_r10(){ $this->_retvalue = (float) $this->yystack[$this->yyidx + 0]->minor; } function yy_r10(){ $this->_retvalue = (float) $this->yystack[$this->yyidx + 0]->minor; }
#line 675 "smarty_internal_configfileparser.php" #line 667 "smarty_internal_configfileparser.php"
#line 150 "smarty_internal_configfileparser.y" #line 150 "smarty_internal_configfileparser.y"
function yy_r11(){ $this->_retvalue = (int) $this->yystack[$this->yyidx + 0]->minor; } function yy_r11(){ $this->_retvalue = (int) $this->yystack[$this->yyidx + 0]->minor; }
#line 678 "smarty_internal_configfileparser.php" #line 670 "smarty_internal_configfileparser.php"
#line 151 "smarty_internal_configfileparser.y" #line 151 "smarty_internal_configfileparser.y"
function yy_r12(){ $this->_retvalue = $this->parse_bool($this->yystack[$this->yyidx + 0]->minor); } function yy_r12(){ $this->_retvalue = $this->parse_bool($this->yystack[$this->yyidx + 0]->minor); }
#line 681 "smarty_internal_configfileparser.php" #line 673 "smarty_internal_configfileparser.php"
#line 152 "smarty_internal_configfileparser.y" #line 152 "smarty_internal_configfileparser.y"
function yy_r13(){ $this->_retvalue = self::parse_single_quoted_string($this->yystack[$this->yyidx + 0]->minor); } function yy_r13(){ $this->_retvalue = self::parse_single_quoted_string($this->yystack[$this->yyidx + 0]->minor); }
#line 684 "smarty_internal_configfileparser.php" #line 676 "smarty_internal_configfileparser.php"
#line 153 "smarty_internal_configfileparser.y" #line 153 "smarty_internal_configfileparser.y"
function yy_r14(){ $this->_retvalue = self::parse_double_quoted_string($this->yystack[$this->yyidx + 0]->minor); } function yy_r14(){ $this->_retvalue = self::parse_double_quoted_string($this->yystack[$this->yyidx + 0]->minor); }
#line 687 "smarty_internal_configfileparser.php" #line 679 "smarty_internal_configfileparser.php"
#line 154 "smarty_internal_configfileparser.y" #line 154 "smarty_internal_configfileparser.y"
function yy_r15(){ $this->_retvalue = self::parse_tripple_double_quoted_string($this->yystack[$this->yyidx + 0]->minor); } function yy_r15(){ $this->_retvalue = self::parse_tripple_double_quoted_string($this->yystack[$this->yyidx + 0]->minor); }
#line 690 "smarty_internal_configfileparser.php" #line 682 "smarty_internal_configfileparser.php"
#line 155 "smarty_internal_configfileparser.y"
function yy_r16(){ $this->_retvalue = $this->yystack[$this->yyidx + 0]->minor; }
#line 685 "smarty_internal_configfileparser.php"
private $_retvalue; private $_retvalue;
@@ -754,7 +749,7 @@ static public $yy_action = array(
$this->internalError = true; $this->internalError = true;
$this->yymajor = $yymajor; $this->yymajor = $yymajor;
$this->compiler->trigger_config_file_error(); $this->compiler->trigger_config_file_error();
#line 753 "smarty_internal_configfileparser.php" #line 748 "smarty_internal_configfileparser.php"
} }
function yy_accept() function yy_accept()
@@ -771,7 +766,7 @@ static public $yy_action = array(
$this->internalError = false; $this->internalError = false;
$this->retvalue = $this->_retvalue; $this->retvalue = $this->_retvalue;
//echo $this->retvalue."\n\n"; //echo $this->retvalue."\n\n";
#line 771 "smarty_internal_configfileparser.php" #line 766 "smarty_internal_configfileparser.php"
} }
function doParse($yymajor, $yytokenvalue) function doParse($yymajor, $yytokenvalue)

2
libs/sysplugins/smarty_internal_templateparser.php
View File

@@ -1949,7 +1949,7 @@ static public $yy_action = array(
#line 121 "smarty_internal_templateparser.y" #line 121 "smarty_internal_templateparser.y"
function yy_r6(){ function yy_r6(){
if ($this->sec_obj->php_handling == SMARTY_PHP_PASSTHRU) { if ($this->sec_obj->php_handling == SMARTY_PHP_PASSTHRU) {
$this->_retvalue = self::escape_start_tag($this->yystack[$this->yyidx + -2]->minor) . $this->yystack[$this->yyidx + -1]->minor . '?<??>>'; $this->_retvalue = self::escape_start_tag($this->yystack[$this->yyidx + -2]->minor) . str_replace('<?','&lt;?',$this->yystack[$this->yyidx + -1]->minor) . '?<??>>';
} elseif ($this->sec_obj->php_handling == SMARTY_PHP_QUOTE) { } elseif ($this->sec_obj->php_handling == SMARTY_PHP_QUOTE) {
$this->_retvalue = $this->compiler->processNocacheCode(htmlspecialchars($this->yystack[$this->yyidx + -2]->minor.$this->yystack[$this->yyidx + -1]->minor.'?>', ENT_QUOTES), false); $this->_retvalue = $this->compiler->processNocacheCode(htmlspecialchars($this->yystack[$this->yyidx + -2]->minor.$this->yystack[$this->yyidx + -1]->minor.'?>', ENT_QUOTES), false);
}elseif ($this->sec_obj->php_handling == SMARTY_PHP_ALLOW) { }elseif ($this->sec_obj->php_handling == SMARTY_PHP_ALLOW) {