smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-02 09:24:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

* {math} fix parameter checking order to avoid misleading message

Browse Source 
* {math} replace wrong versiom https://github.com/smarty-php/smarty/issues/265
This commit is contained in:
uwetews
2016-09-11 00:51:19 +02:00
parent c5c9d6514c
commit 5fb8387027
2 changed files with 27 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@@ -1,3 +1,7 @@
2016-09-11 Uwe Tews
* {math} fix parameter checking order to avoid misleading message
* {math} replace wrong versiom
2016-07-19 Uwe Tews
* {math} shell injection vulnerability patch provided by Tim Weber
@@ -783,7 +787,7 @@
docs/fr/programmers/plugins/plugins-inserts.xml:
sync with EN
2006-10-14 Fernando Correa da Concei<65><69>o <fernando_conceicao@yahoo.com.br>
2006-10-14 Fernando Correa da Concei<65><69>o <fernando_conceicao@yahoo.com.br>
* docs/pt_BR/programmers/api-variables/variable-error-reporting.xml:
New Translation
@@ -4324,7 +4328,7 @@
fixed bug in _run_mod_handler
* libs/Smarty_Compiler.class.php:
fixed bug with autoload-handling of modifiers. thanks <20>ndre.
fixed bug with autoload-handling of modifiers. thanks <20>ndre.
2003-08-05 Messju Mohr <messju@lammfellpuschen.de>

37
libs/plugins/function.math.php
View File

@@ -18,11 +18,11 @@
* @author Monte Ohrt <monte at ohrt dot com>
*
* @param array $params parameters
* @param Smarty_Internal_Template $template template object
* @param Smarty
*
* @return string|null
*/
function smarty_function_math($params, $template)
function smarty_function_math($params, &$smarty)
{
static $_allowed_funcs =
array('int' => true, 'abs' => true, 'ceil' => true, 'cos' => true, 'exp' => true, 'floor' => true,
@@ -58,12 +58,28 @@ function smarty_function_math($params, $template)
return;
}
foreach ($params as $key => $val) {
if ($key != "equation" && $key != "format" && $key != "assign") {
// make sure value is not empty
if (strlen($val) == 0) {
trigger_error("math: parameter '{$key}' is empty", E_USER_WARNING);
return;
}
if (!is_numeric($val)) {
trigger_error("math: parameter '{$key}' is not numeric", E_USER_WARNING);
return;
}
}
}
// match all vars in equation, make sure all are passed
preg_match_all('!(?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)!', $equation, $match);
foreach ($match[ 1 ] as $curr_var) {
if ($curr_var && !isset($params[ $curr_var ]) && !isset($_allowed_funcs[ $curr_var ])) {
trigger_error("math: function call $curr_var not allowed", E_USER_WARNING);
trigger_error("math: function call '{$curr_var}' not allowed, or missing parameter '{$curr_var}'", E_USER_WARNING);
return;
}
@@ -71,17 +87,6 @@ function smarty_function_math($params, $template)
foreach ($params as $key => $val) {
if ($key != "equation" && $key != "format" && $key != "assign") {
// make sure value is not empty
if (strlen($val) == 0) {
trigger_error("math: parameter $key is empty", E_USER_WARNING);
return;
}
if (!is_numeric($val)) {
trigger_error("math: parameter $key: is not numeric", E_USER_WARNING);
return;
}
$equation = preg_replace("/\b$key\b/", " \$params['$key'] ", $equation);
}
}
@@ -92,13 +97,13 @@ function smarty_function_math($params, $template)
if (empty($params[ 'assign' ])) {
return $smarty_math_result;
} else {
$template->assign($params[ 'assign' ], $smarty_math_result);
$smarty->assign($params[ 'assign' ], $smarty_math_result);
}
} else {
if (empty($params[ 'assign' ])) {
printf($params[ 'format' ], $smarty_math_result);
} else {
$template->assign($params[ 'assign' ], sprintf($params[ 'format' ], $smarty_math_result));
$smarty->assign($params[ 'assign' ], sprintf($params[ 'format' ], $smarty_math_result));
}
}
}