smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-07 11:54:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

- removed use of PHP shortags SMARTY_PHP_PASSTHRU mode

Browse Source
This commit is contained in:
Uwe.Tews
2010-06-21 18:01:36 +00:00
parent 5a974e69cf
commit 7626cbf093
2 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
change_log.txt
View File

@@ -1,3 +1,6 @@
21/06/2010
- removed use of PHP shortags SMARTY_PHP_PASSTHRU mode
20/06/2010 20/06/2010
- replace internal get_time() calls with standard PHP5 microtime(true) calls - replace internal get_time() calls with standard PHP5 microtime(true) calls
- closed security hole when php.ini asp_tags = on - closed security hole when php.ini asp_tags = on

10
libs/sysplugins/smarty_internal_templateparser.php
View File

@@ -2092,7 +2092,7 @@ static public $yy_action = array(
if ($this->sec_obj->php_handling == SMARTY_PHP_PASSTHRU) { if ($this->sec_obj->php_handling == SMARTY_PHP_PASSTHRU) {
$this->_retvalue = self::escape_start_tag($this->yystack[$this->yyidx + 0]->minor); $this->_retvalue = self::escape_start_tag($this->yystack[$this->yyidx + 0]->minor);
} elseif ($this->sec_obj->php_handling == SMARTY_PHP_QUOTE) { } elseif ($this->sec_obj->php_handling == SMARTY_PHP_QUOTE) {
$this->_retvalue = $this->compiler->processNocacheCode(htmlspecialchars($this->yystack[$this->yyidx + 0]->minor, ENT_QUOTES),false); $this->_retvalue = htmlspecialchars($this->yystack[$this->yyidx + 0]->minor, ENT_QUOTES);
}elseif ($this->sec_obj->php_handling == SMARTY_PHP_ALLOW) { }elseif ($this->sec_obj->php_handling == SMARTY_PHP_ALLOW) {
$this->_retvalue = $this->compiler->processNocacheCode('<?php', true); $this->_retvalue = $this->compiler->processNocacheCode('<?php', true);
}elseif ($this->sec_obj->php_handling == SMARTY_PHP_REMOVE) { }elseif ($this->sec_obj->php_handling == SMARTY_PHP_REMOVE) {
@@ -2106,9 +2106,9 @@ static public $yy_action = array(
$this->is_xml = true; $this->is_xml = true;
$this->_retvalue = $this->compiler->processNocacheCode("<?php echo '?>';?>", $this->compiler, true); $this->_retvalue = $this->compiler->processNocacheCode("<?php echo '?>';?>", $this->compiler, true);
}elseif ($this->sec_obj->php_handling == SMARTY_PHP_PASSTHRU) { }elseif ($this->sec_obj->php_handling == SMARTY_PHP_PASSTHRU) {
$this->_retvalue = '?<??>>'; $this->_retvalue = '?<?php ?>>';
} elseif ($this->sec_obj->php_handling == SMARTY_PHP_QUOTE) { } elseif ($this->sec_obj->php_handling == SMARTY_PHP_QUOTE) {
$this->_retvalue = $this->compiler->processNocacheCode(htmlspecialchars('?>', ENT_QUOTES), false); $this->_retvalue = htmlspecialchars('?>', ENT_QUOTES);
}elseif ($this->sec_obj->php_handling == SMARTY_PHP_ALLOW) { }elseif ($this->sec_obj->php_handling == SMARTY_PHP_ALLOW) {
$this->_retvalue = $this->compiler->processNocacheCode('?>', true); $this->_retvalue = $this->compiler->processNocacheCode('?>', true);
}elseif ($this->sec_obj->php_handling == SMARTY_PHP_REMOVE) { }elseif ($this->sec_obj->php_handling == SMARTY_PHP_REMOVE) {
@@ -2121,7 +2121,7 @@ static public $yy_action = array(
if ($this->sec_obj->php_handling == SMARTY_PHP_PASSTHRU) { if ($this->sec_obj->php_handling == SMARTY_PHP_PASSTHRU) {
$this->_retvalue = '<<?php ?>%'; $this->_retvalue = '<<?php ?>%';
} elseif ($this->sec_obj->php_handling == SMARTY_PHP_QUOTE) { } elseif ($this->sec_obj->php_handling == SMARTY_PHP_QUOTE) {
$this->_retvalue = $this->compiler->processNocacheCode(htmlspecialchars($this->yystack[$this->yyidx + 0]->minor, ENT_QUOTES),false); $this->_retvalue = htmlspecialchars($this->yystack[$this->yyidx + 0]->minor, ENT_QUOTES);
}elseif ($this->sec_obj->php_handling == SMARTY_PHP_ALLOW) { }elseif ($this->sec_obj->php_handling == SMARTY_PHP_ALLOW) {
if ($this->asp_tags) { if ($this->asp_tags) {
$this->_retvalue = $this->compiler->processNocacheCode('<%', true); $this->_retvalue = $this->compiler->processNocacheCode('<%', true);
@@ -2142,7 +2142,7 @@ static public $yy_action = array(
if ($this->sec_obj->php_handling == SMARTY_PHP_PASSTHRU) { if ($this->sec_obj->php_handling == SMARTY_PHP_PASSTHRU) {
$this->_retvalue = '%<?php ?>>'; $this->_retvalue = '%<?php ?>>';
} elseif ($this->sec_obj->php_handling == SMARTY_PHP_QUOTE) { } elseif ($this->sec_obj->php_handling == SMARTY_PHP_QUOTE) {
$this->_retvalue = $this->compiler->processNocacheCode(htmlspecialchars('%>', ENT_QUOTES), false); $this->_retvalue = htmlspecialchars('%>', ENT_QUOTES);
}elseif ($this->sec_obj->php_handling == SMARTY_PHP_ALLOW) { }elseif ($this->sec_obj->php_handling == SMARTY_PHP_ALLOW) {
if ($this->asp_tags) { if ($this->asp_tags) {
$this->_retvalue = $this->compiler->processNocacheCode('%>', true); $this->_retvalue = $this->compiler->processNocacheCode('%>', true);