smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-05 19:04:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'v2.6.27'

Browse Source
This commit is contained in:
Uwe Tews
2014-10-31 01:03:22 +01:00
parent ad3e64b890 1594e08924
commit 9a36601dad
5 changed files with 26 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ChangeLog
View File

@@ -1,3 +1,12 @@
2012-09-24 Uwe Tews
* Fixed escape Smarty error messages to avoid possible script execution
2010-04-17 Uwe Tews
* Fixed security hole in {math} plugin
2007-09-27 TAKAGI Masahiro <matakagi@gmail.com>
* docs/ja/designers/language-custom-functions/language-function-html-checkboxes.xml:

3
libs/Smarty.class.php
View File

@@ -1090,7 +1090,8 @@ class Smarty
*/
function trigger_error($error_msg, $error_type = E_USER_WARNING)
{
trigger_error("Smarty error: $error_msg", $error_type);
$msg = htmlentities($error_msg);
trigger_error("Smarty error: $msg", $error_type);
}

6
libs/plugins/function.cycle.php
View File

@@ -63,7 +63,11 @@ function smarty_function_cycle($params, &$smarty)
$cycle_vars[$name]['values'] = $params['values'];
}
$cycle_vars[$name]['delimiter'] = (isset($params['delimiter'])) ? $params['delimiter'] : ',';
if (isset($params['delimiter'])) {
$cycle_vars[$name]['delimiter'] = $params['delimiter'];
} elseif (!isset($cycle_vars[$name]['delimiter'])) {
$cycle_vars[$name]['delimiter'] = ',';
}
if(is_array($cycle_vars[$name]['values'])) {
$cycle_array = $cycle_vars[$name]['values'];

4
libs/plugins/function.fetch.php
View File

@@ -181,12 +181,12 @@ function smarty_function_fetch($params, &$smarty)
$content .= fgets($fp,4096);
}
fclose($fp);
$csplit = split("\r\n\r\n",$content,2);
$csplit = preg_split("!\r\n\r\n!",$content,2);
$content = $csplit[1];
if(!empty($params['assign_headers'])) {
$smarty->assign($params['assign_headers'],split("\r\n",$csplit[0]));
$smarty->assign($params['assign_headers'],preg_split("!\r\n!",$csplit[0]));
}
}
} else {

2
libs/plugins/function.math.php
View File

@@ -37,7 +37,7 @@ function smarty_function_math($params, &$smarty)
}
// match all vars in equation, make sure all are passed
preg_match_all("!(?:0x[a-fA-F0-9]+)|([a-zA-Z][a-zA-Z0-9_]+)!",$equation, $match);
preg_match_all("!(?:0x[a-fA-F0-9]+)|([a-zA-Z][a-zA-Z0-9_]*)!",$equation, $match);
$allowed_funcs = array('int','abs','ceil','cos','exp','floor','log','log10',
'max','min','pi','pow','rand','round','sin','sqrt','srand','tan');