- bugfix string resource could inject code at {block} or inline subtemplates through PHP comments https://github.com/smarty-php/smarty/issues/157

change_log.txt

@@ -3,6 +3,7 @@
   - revert bugfix compiling {section} did create warning
   - bugfix {$smarty.section.customer.loop} did throw compiler error https://github.com/smarty-php/smarty/issues/161
     update of yesterdays fix
+  - bugfix string resource could inject code at {block} or inline subtemplates through PHP comments https://github.com/smarty-php/smarty/issues/157		
 
  26.01.2016
   - improvement observe Smarty::$_CHARSET in debugging console https://github.com/smarty-php/smarty/issues/169

libs/Smarty.class.php

@@ -121,7 +121,7 @@ class Smarty extends Smarty_Internal_TemplateBase
     /**
      * smarty version
      */
-    const SMARTY_VERSION = '3.1.30-dev/21';
+    const SMARTY_VERSION = '3.1.30-dev/22';
 
     /**
      * define variable scopes

libs/sysplugins/smarty_internal_compile_block.php

@@ -181,9 +181,15 @@ class Smarty_Internal_Compile_Blockclose extends Smarty_Internal_Compile_Shared_
         $_functionCode = $compiler->parser->current_buffer;
         // setup buffer for template function code
         $compiler->parser->current_buffer = new Smarty_Internal_ParseTree_Template();
+        if ($compiler->template->source->type == 'file') {
+            $sourceInfo = $compiler->template->source->filepath;
+        } else {
+            $basename = $compiler->template->source->handler->getBasename($compiler->template->source);
+            $sourceInfo = $compiler->template->source->type .':' . ($basename ? $basename : $compiler->template->source->name);
+        }
 
         $output = "<?php\n";
-        $output .= "/* {block '{$_name}'} {$compiler->template->source->type}:{$compiler->template->source->name} */\n";
+        $output .= "/* {block '{$_name}'} {$sourceInfo} */\n";
         $output .= "class {$_className} extends Smarty_Internal_Block\n";
         $output .= "{\n";
         foreach ($_block as $property => $value) {

libs/sysplugins/smarty_internal_compile_include.php

@@ -333,16 +333,22 @@ class Smarty_Internal_Compile_Include extends Smarty_Internal_CompileBase
             $tpl->mustCompile = true;
             $compiler->parent_compiler->mergedSubTemplatesData[$hashResourceName][$t_hash]['nocache_hash'] =
                 $tpl->compiled->nocache_hash;
+            if ($compiler->template->source->type == 'file') {
+                $sourceInfo = $compiler->template->source->filepath;
+            } else {
+                $basename = $compiler->template->source->handler->getBasename($compiler->template->source);
+                $sourceInfo = $compiler->template->source->type .':' . ($basename ? $basename : $compiler->template->source->name);
+            }
             // get compiled code
             $compiled_code = "<?php\n\n";
-            $compiled_code .= "/* Start inline template \"{$tpl->source->type}:{$tpl->source->name}\" =============================*/\n";
+            $compiled_code .= "/* Start inline template \"{$sourceInfo}\" =============================*/\n";
             $compiled_code .= "function {$tpl->compiled->unifunc} (\$_smarty_tpl) {\n";
             $compiled_code .= "?>\n" . $tpl->compiler->compileTemplateSource($tpl, null, $compiler->parent_compiler);
             $compiled_code .= "<?php\n";
             $compiled_code .= "}\n?>\n";
             $compiled_code .= $tpl->compiler->postFilter($tpl->compiler->blockOrFunctionCode);
             $compiled_code .= "<?php\n\n";
-            $compiled_code .= "/* End inline template \"{$tpl->source->type}:{$tpl->source->name}\" =============================*/\n";
+            $compiled_code .= "/* End inline template \"{$sourceInfo}\" =============================*/\n";
             $compiled_code .= "?>";
             unset($tpl->compiler);
             if ($tpl->compiled->has_nocache_code) {