smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-06 11:24:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

updated php escape to handle <script language="php">

Browse Source
This commit is contained in:
mohrt
2001-02-10 23:14:29 +00:00
parent 7b3bdfd837
commit 983c48ec64
2 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
Smarty.class.php
View File

@@ -517,15 +517,17 @@ class Smarty
/* loop through text blocks */ /* loop through text blocks */
for($curr_tb = 0; $curr_tb <= count($text_blocks); $curr_tb++) { for($curr_tb = 0; $curr_tb <= count($text_blocks); $curr_tb++) {
/* match anything within <? ?> */ /* match anything within <? ?> */
if(preg_match_all('!(<\?[^?]*?\?>)!i',$text_blocks[$curr_tb],$sp_match)) { if(preg_match_all('!(<\?[^?]*?\?>|<script\s+language\s*=\s*[\"\']?php[\"\']?\s*>)!i',$text_blocks[$curr_tb],$sp_match)) {
/* found at least one match, loop through each one */ /* found at least one match, loop through each one */
foreach($sp_match[0] as $curr_sp) { foreach($sp_match[0] as $curr_sp) {
if(!$this->allow_php) if(!$this->allow_php) {
/* we don't allow php, so echo anything in <? ?> */ /* we don't allow php, so echo anything in <? ?> */
$text_blocks[$curr_tb] = str_replace($curr_sp,'<?php echo \''.addslashes($curr_sp).'\'; ?>',$text_blocks[$curr_tb]); $text_blocks[$curr_tb] = str_replace($curr_sp,'<?php echo \''.str_replace("'","\'",$curr_sp).'\'; ?>',$text_blocks[$curr_tb]);
elseif(!preg_match("!^<\?(php | )!i",$curr_sp)) /* echo <script language=php> tag */
}
elseif(!preg_match("!^(<\?(php | )|<script\s*language\s*=\s*[\"\']?php[\"\']?\s*>)!i",$curr_sp))
/* we allow php, so echo only non-php such as <?xml ?> */ /* we allow php, so echo only non-php such as <?xml ?> */
$text_blocks[$curr_tb] = str_replace($curr_sp,'<?php echo \''.addslashes($curr_sp).'\'; ?>',$text_blocks[$curr_tb]); $text_blocks[$curr_tb] = str_replace($curr_sp,'<?php echo \''.str_replace("'","\'",$curr_sp).'\'; ?>',$text_blocks[$curr_tb]);
} }
} }
} }

12
libs/Smarty.class.php
View File

@@ -517,15 +517,17 @@ class Smarty
/* loop through text blocks */ /* loop through text blocks */
for($curr_tb = 0; $curr_tb <= count($text_blocks); $curr_tb++) { for($curr_tb = 0; $curr_tb <= count($text_blocks); $curr_tb++) {
/* match anything within <? ?> */ /* match anything within <? ?> */
if(preg_match_all('!(<\?[^?]*?\?>)!i',$text_blocks[$curr_tb],$sp_match)) { if(preg_match_all('!(<\?[^?]*?\?>|<script\s+language\s*=\s*[\"\']?php[\"\']?\s*>)!i',$text_blocks[$curr_tb],$sp_match)) {
/* found at least one match, loop through each one */ /* found at least one match, loop through each one */
foreach($sp_match[0] as $curr_sp) { foreach($sp_match[0] as $curr_sp) {
if(!$this->allow_php) if(!$this->allow_php) {
/* we don't allow php, so echo anything in <? ?> */ /* we don't allow php, so echo anything in <? ?> */
$text_blocks[$curr_tb] = str_replace($curr_sp,'<?php echo \''.addslashes($curr_sp).'\'; ?>',$text_blocks[$curr_tb]); $text_blocks[$curr_tb] = str_replace($curr_sp,'<?php echo \''.str_replace("'","\'",$curr_sp).'\'; ?>',$text_blocks[$curr_tb]);
elseif(!preg_match("!^<\?(php | )!i",$curr_sp)) /* echo <script language=php> tag */
}
elseif(!preg_match("!^(<\?(php | )|<script\s*language\s*=\s*[\"\']?php[\"\']?\s*>)!i",$curr_sp))
/* we allow php, so echo only non-php such as <?xml ?> */ /* we allow php, so echo only non-php such as <?xml ?> */
$text_blocks[$curr_tb] = str_replace($curr_sp,'<?php echo \''.addslashes($curr_sp).'\'; ?>',$text_blocks[$curr_tb]); $text_blocks[$curr_tb] = str_replace($curr_sp,'<?php echo \''.str_replace("'","\'",$curr_sp).'\'; ?>',$text_blocks[$curr_tb]);
} }
} }
} }