From 7626cbf093320c055ea51619fcc0d58c8e139784 Mon Sep 17 00:00:00 2001 From: "Uwe.Tews" Date: Mon, 21 Jun 2010 18:01:36 +0000 Subject: [PATCH] - removed use of PHP shortags SMARTY_PHP_PASSTHRU mode --- change_log.txt | 3 +++ libs/sysplugins/smarty_internal_templateparser.php | 10 +++++----- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/change_log.txt b/change_log.txt index 141bbd56..ea1d38b2 100644 --- a/change_log.txt +++ b/change_log.txt @@ -1,3 +1,6 @@ +21/06/2010 +- removed use of PHP shortags SMARTY_PHP_PASSTHRU mode + 20/06/2010 - replace internal get_time() calls with standard PHP5 microtime(true) calls - closed security hole when php.ini asp_tags = on diff --git a/libs/sysplugins/smarty_internal_templateparser.php b/libs/sysplugins/smarty_internal_templateparser.php index 2527920e..afcb0fc3 100644 --- a/libs/sysplugins/smarty_internal_templateparser.php +++ b/libs/sysplugins/smarty_internal_templateparser.php @@ -2092,7 +2092,7 @@ static public $yy_action = array( if ($this->sec_obj->php_handling == SMARTY_PHP_PASSTHRU) { $this->_retvalue = self::escape_start_tag($this->yystack[$this->yyidx + 0]->minor); } elseif ($this->sec_obj->php_handling == SMARTY_PHP_QUOTE) { - $this->_retvalue = $this->compiler->processNocacheCode(htmlspecialchars($this->yystack[$this->yyidx + 0]->minor, ENT_QUOTES),false); + $this->_retvalue = htmlspecialchars($this->yystack[$this->yyidx + 0]->minor, ENT_QUOTES); }elseif ($this->sec_obj->php_handling == SMARTY_PHP_ALLOW) { $this->_retvalue = $this->compiler->processNocacheCode('sec_obj->php_handling == SMARTY_PHP_REMOVE) { @@ -2106,9 +2106,9 @@ static public $yy_action = array( $this->is_xml = true; $this->_retvalue = $this->compiler->processNocacheCode("';?>", $this->compiler, true); }elseif ($this->sec_obj->php_handling == SMARTY_PHP_PASSTHRU) { - $this->_retvalue = '?>'; + $this->_retvalue = '?>'; } elseif ($this->sec_obj->php_handling == SMARTY_PHP_QUOTE) { - $this->_retvalue = $this->compiler->processNocacheCode(htmlspecialchars('?>', ENT_QUOTES), false); + $this->_retvalue = htmlspecialchars('?>', ENT_QUOTES); }elseif ($this->sec_obj->php_handling == SMARTY_PHP_ALLOW) { $this->_retvalue = $this->compiler->processNocacheCode('?>', true); }elseif ($this->sec_obj->php_handling == SMARTY_PHP_REMOVE) { @@ -2121,7 +2121,7 @@ static public $yy_action = array( if ($this->sec_obj->php_handling == SMARTY_PHP_PASSTHRU) { $this->_retvalue = '<%'; } elseif ($this->sec_obj->php_handling == SMARTY_PHP_QUOTE) { - $this->_retvalue = $this->compiler->processNocacheCode(htmlspecialchars($this->yystack[$this->yyidx + 0]->minor, ENT_QUOTES),false); + $this->_retvalue = htmlspecialchars($this->yystack[$this->yyidx + 0]->minor, ENT_QUOTES); }elseif ($this->sec_obj->php_handling == SMARTY_PHP_ALLOW) { if ($this->asp_tags) { $this->_retvalue = $this->compiler->processNocacheCode('<%', true); @@ -2142,7 +2142,7 @@ static public $yy_action = array( if ($this->sec_obj->php_handling == SMARTY_PHP_PASSTHRU) { $this->_retvalue = '%>'; } elseif ($this->sec_obj->php_handling == SMARTY_PHP_QUOTE) { - $this->_retvalue = $this->compiler->processNocacheCode(htmlspecialchars('%>', ENT_QUOTES), false); + $this->_retvalue = htmlspecialchars('%>', ENT_QUOTES); }elseif ($this->sec_obj->php_handling == SMARTY_PHP_ALLOW) { if ($this->asp_tags) { $this->_retvalue = $this->compiler->processNocacheCode('%>', true);