smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-03 09:54:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

* {math} fix parameter checking order to avoid misleading message

Browse Source 
* {math} replace wrong versiom https://github.com/smarty-php/smarty/issues/265
This commit is contained in:
uwetews
2016-09-11 00:51:19 +02:00
parent c5c9d6514c
commit 5fb8387027
2 changed files with 27 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@@ -1,3 +1,7 @@
2016-09-11 Uwe Tews
* {math} fix parameter checking order to avoid misleading message
* {math} replace wrong versiom
2016-07-19 Uwe Tews 2016-07-19 Uwe Tews
* {math} shell injection vulnerability patch provided by Tim Weber * {math} shell injection vulnerability patch provided by Tim Weber
@@ -783,7 +787,7 @@
docs/fr/programmers/plugins/plugins-inserts.xml: docs/fr/programmers/plugins/plugins-inserts.xml:
sync with EN sync with EN
2006-10-14 Fernando Correa da Concei<65><69>o <fernando_conceicao@yahoo.com.br> 2006-10-14 Fernando Correa da Concei<65><69>o <fernando_conceicao@yahoo.com.br>
* docs/pt_BR/programmers/api-variables/variable-error-reporting.xml: * docs/pt_BR/programmers/api-variables/variable-error-reporting.xml:
New Translation New Translation
@@ -4324,7 +4328,7 @@
fixed bug in _run_mod_handler fixed bug in _run_mod_handler
* libs/Smarty_Compiler.class.php: * libs/Smarty_Compiler.class.php:
fixed bug with autoload-handling of modifiers. thanks <20>ndre. fixed bug with autoload-handling of modifiers. thanks <20>ndre.
2003-08-05 Messju Mohr <messju@lammfellpuschen.de> 2003-08-05 Messju Mohr <messju@lammfellpuschen.de>

37
libs/plugins/function.math.php
View File

@@ -18,11 +18,11 @@
* @author Monte Ohrt <monte at ohrt dot com> * @author Monte Ohrt <monte at ohrt dot com>
* *
* @param array $params parameters * @param array $params parameters
* @param Smarty_Internal_Template $template template object * @param Smarty
* *
* @return string|null * @return string|null
*/ */
function smarty_function_math($params, $template) function smarty_function_math($params, &$smarty)
{ {
static $_allowed_funcs = static $_allowed_funcs =
array('int' => true, 'abs' => true, 'ceil' => true, 'cos' => true, 'exp' => true, 'floor' => true, array('int' => true, 'abs' => true, 'ceil' => true, 'cos' => true, 'exp' => true, 'floor' => true,
@@ -58,12 +58,28 @@ function smarty_function_math($params, $template)
return; return;
} }
foreach ($params as $key => $val) {
if ($key != "equation" && $key != "format" && $key != "assign") {
// make sure value is not empty
if (strlen($val) == 0) {
trigger_error("math: parameter '{$key}' is empty", E_USER_WARNING);
return;
}
if (!is_numeric($val)) {
trigger_error("math: parameter '{$key}' is not numeric", E_USER_WARNING);
return;
}
}
}
// match all vars in equation, make sure all are passed // match all vars in equation, make sure all are passed
preg_match_all('!(?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)!', $equation, $match); preg_match_all('!(?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)!', $equation, $match);
foreach ($match[ 1 ] as $curr_var) { foreach ($match[ 1 ] as $curr_var) {
if ($curr_var && !isset($params[ $curr_var ]) && !isset($_allowed_funcs[ $curr_var ])) { if ($curr_var && !isset($params[ $curr_var ]) && !isset($_allowed_funcs[ $curr_var ])) {
trigger_error("math: function call $curr_var not allowed", E_USER_WARNING); trigger_error("math: function call '{$curr_var}' not allowed, or missing parameter '{$curr_var}'", E_USER_WARNING);
return; return;
} }
@@ -71,17 +87,6 @@ function smarty_function_math($params, $template)
foreach ($params as $key => $val) { foreach ($params as $key => $val) {
if ($key != "equation" && $key != "format" && $key != "assign") { if ($key != "equation" && $key != "format" && $key != "assign") {
// make sure value is not empty
if (strlen($val) == 0) {
trigger_error("math: parameter $key is empty", E_USER_WARNING);
return;
}
if (!is_numeric($val)) {
trigger_error("math: parameter $key: is not numeric", E_USER_WARNING);
return;
}
$equation = preg_replace("/\b$key\b/", " \$params['$key'] ", $equation); $equation = preg_replace("/\b$key\b/", " \$params['$key'] ", $equation);
} }
} }
@@ -92,13 +97,13 @@ function smarty_function_math($params, $template)
if (empty($params[ 'assign' ])) { if (empty($params[ 'assign' ])) {
return $smarty_math_result; return $smarty_math_result;
} else { } else {
$template->assign($params[ 'assign' ], $smarty_math_result); $smarty->assign($params[ 'assign' ], $smarty_math_result);
} }
} else { } else {
if (empty($params[ 'assign' ])) { if (empty($params[ 'assign' ])) {
printf($params[ 'format' ], $smarty_math_result); printf($params[ 'format' ], $smarty_math_result);
} else { } else {
$template->assign($params[ 'assign' ], sprintf($params[ 'format' ], $smarty_math_result)); $smarty->assign($params[ 'assign' ], sprintf($params[ 'format' ], $smarty_math_result));
} }
} }
} }