smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-03 18:04:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Prevent access to .template_object when in security mode to prevent PHP code injection vulnerability

Browse Source
This commit is contained in:
Simon Wisselink
2021-01-24 23:13:26 +01:00
parent fedc127057
commit 6463519a6c
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased] ## [Unreleased]
### Fixed
- Prevent access to `$smarty.template_object` in Security mode
## [3.1.38] - 2021-01-08 ## [3.1.38] - 2021-01-08
### Fixed ### Fixed

4
libs/sysplugins/smarty_internal_compile_private_special_variable.php
View File

@@ -81,6 +81,10 @@ class Smarty_Internal_Compile_Private_Special_Variable extends Smarty_Internal_C
case 'template': case 'template':
return 'basename($_smarty_tpl->source->filepath)'; return 'basename($_smarty_tpl->source->filepath)';
case 'template_object': case 'template_object':
if (isset($compiler->smarty->security_policy)) {
$compiler->trigger_template_error("(secure mode) template_object not permitted");
break;
}
return '$_smarty_tpl'; return '$_smarty_tpl';
case 'current_dir': case 'current_dir':
return 'dirname($_smarty_tpl->source->filepath)'; return 'dirname($_smarty_tpl->source->filepath)';