smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-04 10:24:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

- security possible PHP code injection on custom resources at display() or fetch()

Browse Source 
calls if the resource does not sanitize the template name
This commit is contained in:
Uwe Tews
2017-07-21 05:13:54 +02:00
parent a6f3a518e1
commit 614ad1f8b9
4 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
change_log.txt
View File

@@ -1,4 +1,8 @@
===== 3.1.32 - dev === ===== 3.1.32 - dev ===
21.7.2017
- security possible PHP code injection on custom resources at display() or fetch()
calls if the resource does not sanitize the template name
27.5.2017 27.5.2017
- bugfix change compiled code for registered function and modifiers to called as callable to allow closures - bugfix change compiled code for registered function and modifiers to called as callable to allow closures
https://github.com/smarty-php/smarty/pull/368, https://github.com/smarty-php/smarty/issues/273 https://github.com/smarty-php/smarty/pull/368, https://github.com/smarty-php/smarty/issues/273

2
libs/Smarty.class.php
View File

@@ -108,7 +108,7 @@ class Smarty extends Smarty_Internal_TemplateBase
/** /**
* smarty version * smarty version
*/ */
const SMARTY_VERSION = '3.1.32-dev-11'; const SMARTY_VERSION = '3.1.32-dev-12';
/** /**
* define variable scopes * define variable scopes

4
libs/sysplugins/smarty_internal_runtime_codeframe.php
View File

@@ -41,8 +41,8 @@ class Smarty_Internal_Runtime_CodeFrame
$properties[ 'cache_lifetime' ] = $_template->cache_lifetime; $properties[ 'cache_lifetime' ] = $_template->cache_lifetime;
} }
$output = "<?php\n"; $output = "<?php\n";
$output .= "/* Smarty version " . Smarty::SMARTY_VERSION . ", created on " . strftime("%Y-%m-%d %H:%M:%S") . $output .= "/* Smarty version {Smarty::SMARTY_VERSION}, created on " . strftime("%Y-%m-%d %H:%M:%S") .
"\n from \"" . $_template->source->filepath . "\" */\n\n"; "\n from \"" . str_replace('*/','* /',$_template->source->filepath) . "\" */\n\n";
$output .= "/* @var Smarty_Internal_Template \$_smarty_tpl */\n"; $output .= "/* @var Smarty_Internal_Template \$_smarty_tpl */\n";
$dec = "\$_smarty_tpl->_decodeProperties(\$_smarty_tpl, " . var_export($properties, true) . ',' . $dec = "\$_smarty_tpl->_decodeProperties(\$_smarty_tpl, " . var_export($properties, true) . ',' .
($cache ? 'true' : 'false') . ")"; ($cache ? 'true' : 'false') . ")";

4
libs/sysplugins/smarty_resource_custom.php
View File

@@ -47,7 +47,7 @@ abstract class Smarty_Resource_Custom extends Smarty_Resource
*/ */
public function populate(Smarty_Template_Source $source, Smarty_Internal_Template $_template = null) public function populate(Smarty_Template_Source $source, Smarty_Internal_Template $_template = null)
{ {
$source->filepath = $source->type . ':' . $source->name; $source->filepath = $source->type . ':' . substr(preg_replace('/[^A-Za-z0-9.]/','',$source->name),0,25);
$source->uid = sha1($source->type . ':' . $source->name); $source->uid = sha1($source->type . ':' . $source->name);
$mtime = $this->fetchTimestamp($source->name); $mtime = $this->fetchTimestamp($source->name);
@@ -90,6 +90,6 @@ abstract class Smarty_Resource_Custom extends Smarty_Resource
*/ */
public function getBasename(Smarty_Template_Source $source) public function getBasename(Smarty_Template_Source $source)
{ {
return basename($source->name); return basename(substr(preg_replace('/[^A-Za-z0-9.]/','',$source->name),0,25));
} }
} }