smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-04 10:24:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix known php tag handling problems

Browse Source
This commit is contained in:
mohrt
2003-01-30 16:09:53 +00:00
parent 922c464f10
commit 71b0cc207b
3 changed files with 46 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@@ -1,3 +1,5 @@
- fix known problems with php tag handling in templates
(recursion, echoing <?xml tags) (Monte)
- add support for object registration (Monte) - add support for object registration (Monte)
- add debug template to secure dir, add template_dir - add debug template to secure dir, add template_dir
to secure_dir by default (Ferdinand Beyer, Monte) to secure_dir by default (Ferdinand Beyer, Monte)

29
Smarty_Compiler.class.php
View File

@@ -244,29 +244,28 @@ class Smarty_Compiler extends Smarty {
/* loop through text blocks */ /* loop through text blocks */
for ($curr_tb = 0, $for_max = count($text_blocks); $curr_tb < $for_max; $curr_tb++) { for ($curr_tb = 0, $for_max = count($text_blocks); $curr_tb < $for_max; $curr_tb++) {
/* match anything within <? ?> */ /* match anything resembling php tags */
if (preg_match_all('!(<\?[^?]*?\?>|<script\s+language\s*=\s*[\"\']?php[\"\']?\s*>)!is', $text_blocks[$curr_tb], $sp_match)) { if (preg_match_all('!(<\?(?:\w+|=)?|\?>|language\s*=\s*[\"\']?php[\"\']?)!is', $text_blocks[$curr_tb], $sp_match)) {
/* found at least one match, loop through each one */ /* replace tags with placeholders to prevent recursive replacements */
for ($curr_sp = 0, $for_max2 = count($sp_match[1]); $curr_sp < $for_max2; $curr_sp++) {
$text_blocks[$curr_tb] = str_replace($sp_match[1][$curr_sp],'%%%SMARTYSP'.$curr_sp.'%%%',$text_blocks[$curr_tb]);
}
/* process each one */
for ($curr_sp = 0, $for_max2 = count($sp_match[0]); $curr_sp < $for_max2; $curr_sp++) { for ($curr_sp = 0, $for_max2 = count($sp_match[0]); $curr_sp < $for_max2; $curr_sp++) {
if (preg_match('!^(<\?(php\s|\s|=\s)|<script\s*language\s*=\s*[\"\']?php[\"\']?\s*>)!is', $sp_match[0][$curr_sp])) {
/* php tag */
if ($this->php_handling == SMARTY_PHP_PASSTHRU) { if ($this->php_handling == SMARTY_PHP_PASSTHRU) {
/* echo php contents */ /* echo php contents */
$text_blocks[$curr_tb] = str_replace($sp_match[0][$curr_sp], '<?php echo \''.str_replace("'", "\'", $sp_match[0][$curr_sp]).'\'; ?>'."\n", $text_blocks[$curr_tb]); $text_blocks[$curr_tb] = str_replace('%%%SMARTYSP'.$curr_sp.'%%%', '<?php echo \''.str_replace("'", "\'", $sp_match[1][$curr_sp]).'\'; ?>'."\n", $text_blocks[$curr_tb]);
} else if ($this->php_handling == SMARTY_PHP_QUOTE) { } else if ($this->php_handling == SMARTY_PHP_QUOTE) {
/* quote php tags */ /* quote php tags */
$text_blocks[$curr_tb] = str_replace($sp_match[0][$curr_sp], htmlspecialchars($sp_match[0][$curr_sp]), $text_blocks[$curr_tb]); $text_blocks[$curr_tb] = str_replace('%%%SMARTYSP'.$curr_sp.'%%%', htmlspecialchars($sp_match[1][$curr_sp]), $text_blocks[$curr_tb]);
} else if ($this->php_handling == SMARTY_PHP_REMOVE) { } else if ($this->php_handling == SMARTY_PHP_REMOVE) {
/* remove php tags */ /* remove php tags */
if (substr($sp_match[0][$curr_sp], 0, 2) == '<?') $text_blocks[$curr_tb] = str_replace('%%%SMARTYSP'.$curr_sp.'%%%', '', $text_blocks[$curr_tb]);
$text_blocks[$curr_tb] = str_replace($sp_match[0][$curr_sp], '', $text_blocks[$curr_tb]); } else {
else /* SMARTY_PHP_ALLOW, but echo non php starting tags */
/* attempt to remove everything between <script ...> and </script> */ $sp_match[1][$curr_sp] = preg_replace('%(<\?(?!php|=|$))%i', '<?php echo \'\\1\'?>'."\n", $sp_match[1][$curr_sp]);
$text_blocks[$curr_tb] = preg_replace('!'.preg_quote($sp_match[0][$curr_sp], '!').'.*?</script\s*>!is', '', $text_blocks[$curr_tb]); $text_blocks[$curr_tb] = str_replace('%%%SMARTYSP'.$curr_sp.'%%%',$sp_match[1][$curr_sp],$text_blocks[$curr_tb]);
} }
} else
/* echo the non-php tags */
$text_blocks[$curr_tb] = str_replace($sp_match[0][$curr_sp], '<?php echo \''.str_replace("'", "\'", $sp_match[0][$curr_sp]).'\'; ?>'."\n", $text_blocks[$curr_tb]);
} }
} }
} }

29
libs/Smarty_Compiler.class.php
View File

@@ -244,29 +244,28 @@ class Smarty_Compiler extends Smarty {
/* loop through text blocks */ /* loop through text blocks */
for ($curr_tb = 0, $for_max = count($text_blocks); $curr_tb < $for_max; $curr_tb++) { for ($curr_tb = 0, $for_max = count($text_blocks); $curr_tb < $for_max; $curr_tb++) {
/* match anything within <? ?> */ /* match anything resembling php tags */
if (preg_match_all('!(<\?[^?]*?\?>|<script\s+language\s*=\s*[\"\']?php[\"\']?\s*>)!is', $text_blocks[$curr_tb], $sp_match)) { if (preg_match_all('!(<\?(?:\w+|=)?|\?>|language\s*=\s*[\"\']?php[\"\']?)!is', $text_blocks[$curr_tb], $sp_match)) {
/* found at least one match, loop through each one */ /* replace tags with placeholders to prevent recursive replacements */
for ($curr_sp = 0, $for_max2 = count($sp_match[1]); $curr_sp < $for_max2; $curr_sp++) {
$text_blocks[$curr_tb] = str_replace($sp_match[1][$curr_sp],'%%%SMARTYSP'.$curr_sp.'%%%',$text_blocks[$curr_tb]);
}
/* process each one */
for ($curr_sp = 0, $for_max2 = count($sp_match[0]); $curr_sp < $for_max2; $curr_sp++) { for ($curr_sp = 0, $for_max2 = count($sp_match[0]); $curr_sp < $for_max2; $curr_sp++) {
if (preg_match('!^(<\?(php\s|\s|=\s)|<script\s*language\s*=\s*[\"\']?php[\"\']?\s*>)!is', $sp_match[0][$curr_sp])) {
/* php tag */
if ($this->php_handling == SMARTY_PHP_PASSTHRU) { if ($this->php_handling == SMARTY_PHP_PASSTHRU) {
/* echo php contents */ /* echo php contents */
$text_blocks[$curr_tb] = str_replace($sp_match[0][$curr_sp], '<?php echo \''.str_replace("'", "\'", $sp_match[0][$curr_sp]).'\'; ?>'."\n", $text_blocks[$curr_tb]); $text_blocks[$curr_tb] = str_replace('%%%SMARTYSP'.$curr_sp.'%%%', '<?php echo \''.str_replace("'", "\'", $sp_match[1][$curr_sp]).'\'; ?>'."\n", $text_blocks[$curr_tb]);
} else if ($this->php_handling == SMARTY_PHP_QUOTE) { } else if ($this->php_handling == SMARTY_PHP_QUOTE) {
/* quote php tags */ /* quote php tags */
$text_blocks[$curr_tb] = str_replace($sp_match[0][$curr_sp], htmlspecialchars($sp_match[0][$curr_sp]), $text_blocks[$curr_tb]); $text_blocks[$curr_tb] = str_replace('%%%SMARTYSP'.$curr_sp.'%%%', htmlspecialchars($sp_match[1][$curr_sp]), $text_blocks[$curr_tb]);
} else if ($this->php_handling == SMARTY_PHP_REMOVE) { } else if ($this->php_handling == SMARTY_PHP_REMOVE) {
/* remove php tags */ /* remove php tags */
if (substr($sp_match[0][$curr_sp], 0, 2) == '<?') $text_blocks[$curr_tb] = str_replace('%%%SMARTYSP'.$curr_sp.'%%%', '', $text_blocks[$curr_tb]);
$text_blocks[$curr_tb] = str_replace($sp_match[0][$curr_sp], '', $text_blocks[$curr_tb]); } else {
else /* SMARTY_PHP_ALLOW, but echo non php starting tags */
/* attempt to remove everything between <script ...> and </script> */ $sp_match[1][$curr_sp] = preg_replace('%(<\?(?!php|=|$))%i', '<?php echo \'\\1\'?>'."\n", $sp_match[1][$curr_sp]);
$text_blocks[$curr_tb] = preg_replace('!'.preg_quote($sp_match[0][$curr_sp], '!').'.*?</script\s*>!is', '', $text_blocks[$curr_tb]); $text_blocks[$curr_tb] = str_replace('%%%SMARTYSP'.$curr_sp.'%%%',$sp_match[1][$curr_sp],$text_blocks[$curr_tb]);
} }
} else
/* echo the non-php tags */
$text_blocks[$curr_tb] = str_replace($sp_match[0][$curr_sp], '<?php echo \''.str_replace("'", "\'", $sp_match[0][$curr_sp]).'\'; ?>'."\n", $text_blocks[$curr_tb]);
} }
} }
} }