From 8ee805632dd4b1b826ea64f4177d42eb94527a7f Mon Sep 17 00:00:00 2001
From: Uwe Tews <uwe.tews@googlemail.com>
Date: Wed, 13 May 2015 20:17:02 +0200
Subject: [PATCH] - bugfix in Smarty_Security  'nl2br' should be a trusted
 modifier, not PHP function (code.google issue 223)

---
 change_log.txt                      | 1 +
 libs/sysplugins/smarty_security.php | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/change_log.txt b/change_log.txt
index 2e36f3cf..9783613e 100644
--- a/change_log.txt
+++ b/change_log.txt
@@ -6,6 +6,7 @@
         was extended or Smarty properties had been modified in the class source
       - display Smarty version number
       - Truncate lenght of Origin display and extend strin value display to 80 character
+  - bugfix in Smarty_Security  'nl2br' should be a trusted modifier, not PHP function (code.google issue 223)
   
  12.05.2015
   - bugfix {$smarty.constant.TEST} did fail  on undefined constant https://github.com/smarty-php/smarty/issues/28
diff --git a/libs/sysplugins/smarty_security.php b/libs/sysplugins/smarty_security.php
index 5a70c618..af1ca553 100644
--- a/libs/sysplugins/smarty_security.php
+++ b/libs/sysplugins/smarty_security.php
@@ -108,7 +108,6 @@ class Smarty_Security
         'count', 'sizeof',
         'in_array', 'is_array',
         'time',
-        'nl2br',
     );
     /**
      * This is an array of trusted PHP modifiers.
@@ -119,7 +118,8 @@ class Smarty_Security
      */
     public $php_modifiers = array(
         'escape',
-        'count'
+        'count',
+        'nl2br',
     );
     /**
      * This is an array of allowed tags.