From 8c83b9e88b094039361ff758d8eb6be42a523078 Mon Sep 17 00:00:00 2001 From: messju Date: Thu, 1 Jul 2004 15:39:34 +0000 Subject: [PATCH] enhanced error-reporting for {foreach} --- NEWS | 2 ++ libs/Smarty_Compiler.class.php | 14 ++++++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 18d58168..221c0bc8 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,5 @@ + - add error-messages when anything else than an identifier is passed + to foreach's key- or item-attribute (messju) - fix handling of digits inside tagnames (messju) - fix escaping of backslashes in Smarty_Compiler::_quote_replace() (messju) diff --git a/libs/Smarty_Compiler.class.php b/libs/Smarty_Compiler.class.php index f0df4a86..a4e82b7b 100644 --- a/libs/Smarty_Compiler.class.php +++ b/libs/Smarty_Compiler.class.php @@ -1122,15 +1122,18 @@ class Smarty_Compiler extends Smarty { $arg_list = array(); if (empty($attrs['from'])) { - $this->_syntax_error("missing 'from' attribute", E_USER_ERROR, __FILE__, __LINE__); + $this->_syntax_error("foreach: missing 'from' attribute", E_USER_ERROR, __FILE__, __LINE__); } + $from = $attrs['from']; if (empty($attrs['item'])) { - $this->_syntax_error("missing 'item' attribute", E_USER_ERROR, __FILE__, __LINE__); + $this->_syntax_error("foreach: missing 'item' attribute", E_USER_ERROR, __FILE__, __LINE__); + } + $item = $this->_dequote($attrs['item']); + if (!preg_match('!^\w+$!', $item)) { + $this->_syntax_error("'foreach: item' must be a variable name (literal string)", E_USER_ERROR, __FILE__, __LINE__); } - $from = $attrs['from']; - $item = $this->_dequote($attrs['item']); if (isset($attrs['name'])) $name = $attrs['name']; @@ -1146,6 +1149,9 @@ class Smarty_Compiler extends Smarty { switch ($attr_name) { case 'key': $key = $this->_dequote($attrs['key']); + if (!preg_match('!^\w+$!', $key)) { + $this->_syntax_error("foreach: 'key' must to be a variable name (literal string)", E_USER_ERROR, __FILE__, __LINE__); + } $key_part = "\$this->_tpl_vars['$key'] => "; break;