smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-04 18:34:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

- bugfix wrong _realpath with 4 or more parent-directories https://github.com/smarty-php/smarty/issues/190

Browse Source
This commit is contained in:
uwetews
2016-02-25 02:53:55 +01:00
parent b39f561083
commit 8df91e9d0d
2 changed files with 17 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
change_log.txt
View File

@@ -1,4 +1,7 @@
 ===== 3.1.30-dev ===== (xx.xx.xx)  ===== 3.1.30-dev ===== (xx.xx.xx)
25.02.2016
- bugfix wrong _realpath with 4 or more parent-directories https://github.com/smarty-php/smarty/issues/190
20.02.2016 20.02.2016
- bugfix {strip} must keep space between hmtl tags. Broken by changes of 10.2.2016 https://github.com/smarty-php/smarty/issues/184 - bugfix {strip} must keep space between hmtl tags. Broken by changes of 10.2.2016 https://github.com/smarty-php/smarty/issues/184
- new feature/bugfix {foreach}{section} add 'properties' attribute to force compilation of loop properties - new feature/bugfix {foreach}{section} add 'properties' attribute to force compilation of loop properties

20
libs/Smarty.class.php
View File

@@ -121,7 +121,7 @@ class Smarty extends Smarty_Internal_TemplateBase
/** /**
* smarty version * smarty version
*/ */
const SMARTY_VERSION = '3.1.30-dev/47'; const SMARTY_VERSION = '3.1.30-dev/48';
/** /**
* define variable scopes * define variable scopes
@@ -1108,7 +1108,8 @@ class Smarty extends Smarty_Internal_TemplateBase
*/ */
public function _getTemplateId($template_name, $cache_id = null, $compile_id = null, $caching = null) public function _getTemplateId($template_name, $cache_id = null, $compile_id = null, $caching = null)
{ {
$template_name = (strpos($template_name, ':') === false) ? "{$this->default_resource_type}:{$template_name}" : $template_name; $template_name = (strpos($template_name, ':') === false) ? "{$this->default_resource_type}:{$template_name}" :
$template_name;
$cache_id = $cache_id === null ? $this->cache_id : $cache_id; $cache_id = $cache_id === null ? $this->cache_id : $cache_id;
$compile_id = $compile_id === null ? $this->compile_id : $compile_id; $compile_id = $compile_id === null ? $this->compile_id : $compile_id;
$caching = (int) ($caching === null ? $this->caching : $caching); $caching = (int) ($caching === null ? $this->caching : $caching);
@@ -1158,11 +1159,18 @@ class Smarty extends Smarty_Internal_TemplateBase
} }
} }
$count = 1; $count = 1;
while ($count && ((strpos($path, '.' . DS) != false) || (strpos($path, DS . DS) != false))) { if (strpos($path, '..' . DS) != false) {
$path = preg_match('#(([.]?[\\\\/])*([.][.])[\\\\/]([.]?[\\\\/])*)+#', $path, $match);
preg_replace('#([\\\\/][^\\\\/]+[\\\\/]([.]?[\\\\/])*[.][.][\\\\/]([.]?[\\\\/])*)+|([\\\\/]([.]?[\\\\/])+)#', if (!$count = substr_count($match[ 0 ], '..')) {
DS, $path, - 1, $count); $count = 1;
}
} }
while ($count && ((strpos($path, '.' . DS) != false) || (strpos($path, DS . DS) != false))) {
$path = preg_replace('#([\\\\/]([.]?[\\\\/])*[^\\\\/.]+){' . $count .
'}[\\\\/]([.]?[\\\\/])*([.][.][\\\\/]([.]?[\\\\/])*){' . $count .
'}|([\\\\/]([.]?[\\\\/])+)#', DS, $path, - 1, $count);
}
return $parts[ 'root' ] . $path; return $parts[ 'root' ] . $path;
} }