smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-05 10:54:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
Uwe.Tews@googlemail.com
2014-10-12 14:11:34 +00:00
parent a1dac5a053
commit 6af75db3c3
3 changed files with 46 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
change_log.txt
View File

@@ -1,4 +1,7 @@
===== 3.1.21-dev ===== (xx.xx.2014) ===== 3.1.21-dev ===== (xx.xx.2014)
12.10.2014
- bugfix a comment like "<script{*foo*} language=php>" bypassed $php_handling checking (Thue Kristensen)
===== 3.1.20 ===== (09.10.2014) ===== 3.1.20 ===== (09.10.2014)
08.10.2014 08.10.2014
- bugfix security mode of "<script language=php>" must be controlled by $php_handling property (Thue Kristensen) - bugfix security mode of "<script language=php>" must be controlled by $php_handling property (Thue Kristensen)

46
libs/sysplugins/smarty_internal_templatelexer.php
View File

@@ -21,6 +21,7 @@ class Smarty_Internal_Templatelexer
public $line; public $line;
public $taglineno; public $taglineno;
public $is_phpScript = false; public $is_phpScript = false;
public $phpValue = '';
public $state = 1; public $state = 1;
public $smarty; public $smarty;
private $heredoc_id_stack = Array(); private $heredoc_id_stack = Array();
@@ -164,12 +165,13 @@ class Smarty_Internal_Templatelexer
20 => 0, 20 => 0,
21 => 0, 21 => 0,
22 => 0, 22 => 0,
23 => 0, 23 => 4,
28 => 0,
); );
if ($this->counter >= strlen($this->data)) { if ($this->counter >= strlen($this->data)) {
return false; // end of input return false; // end of input
} }
$yy_global_pattern = "/\G(\\{\\})|\G(" . $this->ldel . "\\*([\S\s]*?)\\*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*strip\\s*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*\/strip\\s*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*literal\\s*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*(if|elseif|else if|while)\\s+)|\G(" . $this->ldel . "\\s*for\\s+)|\G(" . $this->ldel . "\\s*foreach(?![^\s]))|\G(" . $this->ldel . "\\s*setfilter\\s+)|\G(" . $this->ldel . "\\s*\/)|\G(" . $this->ldel . "\\s*)|\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<\/script>)|\G(\\s*" . $this->rdel . ")|\G(<%)|\G(%>)|\G([\S\s])/iS"; $yy_global_pattern = "/\G(\\{\\})|\G(" . $this->ldel . "\\*([\S\s]*?)\\*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*strip\\s*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*\/strip\\s*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*literal\\s*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*(if|elseif|else if|while)\\s+)|\G(" . $this->ldel . "\\s*for\\s+)|\G(" . $this->ldel . "\\s*foreach(?![^\s]))|\G(" . $this->ldel . "\\s*setfilter\\s+)|\G(" . $this->ldel . "\\s*\/)|\G(" . $this->ldel . "\\s*)|\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<\/script>)|\G(\\s*" . $this->rdel . ")|\G(<%)|\G(%>)|\G(<(([^>]*?)(?=" . $this->ldel . ")" . $this->ldel . "\\*([\S\s]*?)\\*" . $this->rdel . ")+([^>]*?)(?!" . $this->ldel . ")>)|\G([\S\s])/iS";
do { do {
if (preg_match($yy_global_pattern, $this->data, $yymatches, null, $this->counter)) { if (preg_match($yy_global_pattern, $this->data, $yymatches, null, $this->counter)) {
@@ -341,6 +343,7 @@ class Smarty_Internal_Templatelexer
if ($script) { if ($script) {
$this->is_phpScript = true; $this->is_phpScript = true;
} }
$this->phpValue = $this->value;
$this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG; $this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
} elseif ($this->value == '<?xml') { } elseif ($this->value == '<?xml') {
$this->token = Smarty_Internal_Templateparser::TP_XMLTAG; $this->token = Smarty_Internal_Templateparser::TP_XMLTAG;
@@ -387,11 +390,26 @@ class Smarty_Internal_Templatelexer
} }
function yy_r1_23($yy_subpatterns) function yy_r1_23($yy_subpatterns)
{
$clean = preg_replace("/{$this->ldel}\*([\S\s]*?)\*{$this->rdel}/", '', $this->value);
if (preg_match("/<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>/", $clean, $match)) {
$this->phpValue = $match[0];
$this->is_phpScript = true;
$this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
} else {
preg_match("/([\S\s]*?)(?={$this->ldel})/", $this->value, $match);
$this->value = $match[0];
$this->token = Smarty_Internal_Templateparser::TP_TEXT;
}
}
function yy_r1_28($yy_subpatterns)
{ {
$phpEndScript = $this->is_phpScript ? '|<\\/script>' : ''; $phpEndScript = $this->is_phpScript ? '|<\\/script>' : '';
$to = strlen($this->data); $to = strlen($this->data);
preg_match("/{$this->ldel}|<\?|<%|\?>|%>|<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>{$phpEndScript}/", $this->data, $match, PREG_OFFSET_CAPTURE, $this->counter); preg_match("/<\?|<%|\?>|%>|<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>|<(([^>]*?)(?={$this->ldel}){$this->ldel}\*([\S\s]*?)\*{$this->rdel})+([^>]*?)(?!{$this->ldel})>|{$this->ldel}{$phpEndScript}/", $this->data, $match, PREG_OFFSET_CAPTURE, $this->counter);
if (isset($match[0][1])) { if (isset($match[0][1])) {
$to = $match[0][1]; $to = $match[0][1];
} }
@@ -969,12 +987,13 @@ class Smarty_Internal_Templatelexer
7 => 0, 7 => 0,
8 => 0, 8 => 0,
9 => 0, 9 => 0,
10 => 0, 10 => 4,
15 => 0,
); );
if ($this->counter >= strlen($this->data)) { if ($this->counter >= strlen($this->data)) {
return false; // end of input return false; // end of input
} }
$yy_global_pattern = "/\G(" . $this->ldel . "\\s*literal\\s*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*\/literal\\s*" . $this->rdel . ")|\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<%)|\G(%>)|\G([\S\s])/iS"; $yy_global_pattern = "/\G(" . $this->ldel . "\\s*literal\\s*" . $this->rdel . ")|\G(" . $this->ldel . "\\s*\/literal\\s*" . $this->rdel . ")|\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<%)|\G(%>)|\G(<(([^>]*?)(?=" . $this->ldel . ")" . $this->ldel . "\\*([\S\s]*?)\\*" . $this->rdel . ")+([^>]*?)(?!" . $this->ldel . ")>)|\G([\S\s])/iS";
do { do {
if (preg_match($yy_global_pattern, $this->data, $yymatches, null, $this->counter)) { if (preg_match($yy_global_pattern, $this->data, $yymatches, null, $this->counter)) {
@@ -1085,11 +1104,26 @@ class Smarty_Internal_Templatelexer
} }
function yy_r3_10($yy_subpatterns) function yy_r3_10($yy_subpatterns)
{
$clean = preg_replace("/{$this->ldel}\*([\S\s]*?)\*{$this->rdel}/", '', $this->value);
if (preg_match("/<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>/", $clean, $match)) {
$this->phpValue = $match[0];
$this->is_phpScript = true;
$this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
} else {
preg_match("/([\S\s]*?)(?={$this->ldel})/", $this->value, $match);
$this->value = $match[0];
$this->token = Smarty_Internal_Templateparser::TP_TEXT;
}
}
function yy_r3_15($yy_subpatterns)
{ {
$phpEndScript = $this->is_phpScript ? '|<\\/script>' : ''; $phpEndScript = $this->is_phpScript ? '|<\\/script>' : '';
$to = strlen($this->data); $to = strlen($this->data);
preg_match("/{$this->ldel}\/?literal{$this->rdel}|<\?|<%|\?>|%>|<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>{$phpEndScript}/", $this->data, $match, PREG_OFFSET_CAPTURE, $this->counter); preg_match("/<\?|<%|\?>|%>|<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>|<(([^>]*?)(?={$this->ldel}){$this->ldel}\*([\S\s]*?)\*{$this->rdel})+([^>]*?)(?!{$this->ldel})>|{$this->ldel}\/?literal{$this->rdel}{$phpEndScript}/", $this->data, $match, PREG_OFFSET_CAPTURE, $this->counter);
if (isset($match[0][1])) { if (isset($match[0][1])) {
$to = $match[0][1]; $to = $match[0][1];
} else { } else {

6
libs/sysplugins/smarty_internal_templateparser.php
View File

@@ -3313,13 +3313,13 @@ class Smarty_Internal_Templateparser#line 80 "smarty_internal_templateparser.php
#line 152 "smarty_internal_templateparser.y" #line 152 "smarty_internal_templateparser.y"
function yy_r7() function yy_r7()
{ {
if (strpos($this->yystack[$this->yyidx + 0]->minor, '<s') === 0) { if (strpos($this->lex->phpValue, '<s') === 0) {
$this->lex->is_phpScript = true; $this->lex->is_phpScript = true;
} }
if ($this->php_handling == Smarty::PHP_PASSTHRU) { if ($this->php_handling == Smarty::PHP_PASSTHRU) {
$this->_retvalue = new _smarty_text($this, self::escape_start_tag($this->yystack[$this->yyidx + 0]->minor)); $this->_retvalue = new _smarty_text($this, self::escape_start_tag($this->lex->phpValue));
} elseif ($this->php_handling == Smarty::PHP_QUOTE) { } elseif ($this->php_handling == Smarty::PHP_QUOTE) {
$this->_retvalue = new _smarty_text($this, htmlspecialchars($this->yystack[$this->yyidx + 0]->minor, ENT_QUOTES)); $this->_retvalue = new _smarty_text($this, htmlspecialchars($this->lex->phpValue, ENT_QUOTES));
} elseif ($this->php_handling == Smarty::PHP_ALLOW) { } elseif ($this->php_handling == Smarty::PHP_ALLOW) {
if (!($this->smarty instanceof SmartyBC)) { if (!($this->smarty instanceof SmartyBC)) {
$this->compiler->trigger_template_error(self::Err3); $this->compiler->trigger_template_error(self::Err3);