From a63bc0f83bbc538c947d9424d32cd8afc946726f Mon Sep 17 00:00:00 2001 From: "Uwe.Tews" Date: Tue, 17 Nov 2009 17:46:03 +0000 Subject: [PATCH] - sanitize compile_id and cache_id (replace illegal chars with _) - use _dir_perms and _file_perms properties at file creation - new constant SMARTY_RESOURCE_DATE_FORMAT (default '%b %e, %Y') which is used as default format in modifier date_format --- change_log.txt | 5 +++++ libs/Smarty.class.php | 5 ++++- libs/plugins/modifier.date_format.php | 2 +- .../smarty_internal_cacheresource_file.php | 20 +++++++++++-------- libs/sysplugins/smarty_internal_config.php | 2 +- .../smarty_internal_resource_extend.php | 5 +++-- .../smarty_internal_resource_file.php | 5 +++-- .../smarty_internal_resource_registered.php | 6 +++--- libs/sysplugins/smarty_internal_template.php | 2 +- .../smarty_internal_templatebase.php | 3 ++- .../sysplugins/smarty_internal_write_file.php | 6 +++--- .../smarty_method_clear_compiled_tpl.php | 11 +++++----- 12 files changed, 44 insertions(+), 28 deletions(-) diff --git a/change_log.txt b/change_log.txt index 68dd6cd7..f7ec412e 100644 --- a/change_log.txt +++ b/change_log.txt @@ -1,3 +1,8 @@ +11/17/2009 +- sanitize compile_id and cache_id (replace illegal chars with _) +- use _dir_perms and _file_perms properties at file creation +- new constant SMARTY_RESOURCE_DATE_FORMAT (default '%b %e, %Y') which is used as default format in modifier date_format + 11/15/2009 - lexer/parser optimizations on quoted strings diff --git a/libs/Smarty.class.php b/libs/Smarty.class.php index 24244b1f..e37ea0d0 100644 --- a/libs/Smarty.class.php +++ b/libs/Smarty.class.php @@ -59,7 +59,10 @@ if (!defined('SMARTY_PLUGINS_DIR')) { if (!defined('SMARTY_RESOURCE_CHAR_SET')) { define('SMARTY_RESOURCE_CHAR_SET', 'UTF-8'); } - +if (!defined('SMARTY_RESOURCE_DATE_FORMAT')) { + define('SMARTY_RESOURCE_DATE_FORMAT', '%b %e, %Y'); +} + /** * define variable scopes */ diff --git a/libs/plugins/modifier.date_format.php b/libs/plugins/modifier.date_format.php index 51ed2fc6..ff4a91c8 100644 --- a/libs/plugins/modifier.date_format.php +++ b/libs/plugins/modifier.date_format.php @@ -25,7 +25,7 @@ * @return string |void * @uses smarty_make_timestamp() */ -function smarty_modifier_date_format($string, $format = '%b %e, %Y', $default_date = '') +function smarty_modifier_date_format($string, $format = SMARTY_RESOURCE_DATE_FORMAT, $default_date = '') { /** * Include the {@link shared.make_timestamp.php} plugin diff --git a/libs/sysplugins/smarty_internal_cacheresource_file.php b/libs/sysplugins/smarty_internal_cacheresource_file.php index 4e88b692..269207f5 100644 --- a/libs/sysplugins/smarty_internal_cacheresource_file.php +++ b/libs/sysplugins/smarty_internal_cacheresource_file.php @@ -64,7 +64,7 @@ class Smarty_Internal_CacheResource_File { public function writeCachedContent($template, $content) { if (!$template->isEvaluated()) { - return Smarty_Internal_Write_File::writeFile($template->getCachedFilepath(), $content); + return Smarty_Internal_Write_File::writeFile($template->getCachedFilepath(), $content, $this->smarty); } else { return false; } @@ -91,6 +91,8 @@ class Smarty_Internal_CacheResource_File { */ public function clear($resource_name, $cache_id, $compile_id, $exp_time) { + $_cache_id = isset($cache_id) ? preg_replace('![^\w\|]+!','_',$cache_id) : null; + $_compile_id = isset($compile_id) ? preg_replace('![^\w\|]+!','_',$compile_id) : null; $_dir_sep = $this->smarty->use_sub_dirs ? DS : '^'; if (isset($resource_name)) { $_resource_part = (string)abs(crc32($resource_name)) . '.' . $resource_name . '.php'; @@ -101,8 +103,8 @@ class Smarty_Internal_CacheResource_File { if (strpos('/\\', substr($_dir, -1)) === false) { $_dir .= DS; } - if ($this->smarty->use_sub_dirs && isset($cache_id)) { - $_dir .= str_replace('|', $_dir_sep, $cache_id) . $_dir_sep; + if ($this->smarty->use_sub_dirs && isset($_cache_id)) { + $_dir .= str_replace('|', $_dir_sep, $_cache_id) . $_dir_sep; } $_compile_pos = $this->smarty->use_sub_dirs ? 5 : 2; $_count = 0; @@ -124,7 +126,7 @@ class Smarty_Internal_CacheResource_File { } if ((substr_compare((string)$_file, $_dir, 0, strlen($_dir)) == 0 && (!isset($resource_name) || $_parts[$_parts_count-1] == $_resource_part) && - (!isset($compile_id) || $_parts[$_parts_compile_pos] == $compile_id)) || + (!isset($_compile_id) || $_parts[$_parts_compile_pos] == $_compile_id)) || (isset($resource_name) && (string)$_file == $_dir . $_resource_part)) { if (isset($exp_time)) { if (time() - @filemtime($_file) >= $exp_time) { @@ -148,6 +150,8 @@ class Smarty_Internal_CacheResource_File { */ private function buildCachedFilepath ($resource_name, $cache_id, $compile_id) { + $_cache_id = isset($cache_id) ? preg_replace('![^\w\|]+!','_',$cache_id) : null; + $_compile_id = isset($compile_id) ? preg_replace('![^\w\|]+!','_',$compile_id) : null; $_files = explode('|', $resource_name); $_filepath = (string)abs(crc32($resource_name)); // if use_sub_dirs, break file into directories @@ -158,13 +162,13 @@ class Smarty_Internal_CacheResource_File { . $_filepath; } $_compile_dir_sep = $this->smarty->use_sub_dirs ? DS : '^'; - if (isset($cache_id)) { - $_cache_id = str_replace('|', $_compile_dir_sep, $cache_id) . $_compile_dir_sep; + if (isset($_cache_id)) { + $_cache_id = str_replace('|', $_compile_dir_sep, $_cache_id) . $_compile_dir_sep; } else { $_cache_id = ''; } - if (isset($compile_id)) { - $_compile_id = $compile_id . $_compile_dir_sep; + if (isset($_compile_id)) { + $_compile_id = $_compile_id . $_compile_dir_sep; } else { $_compile_id = ''; } diff --git a/libs/sysplugins/smarty_internal_config.php b/libs/sysplugins/smarty_internal_config.php index 412582b9..8e188ded 100644 --- a/libs/sysplugins/smarty_internal_config.php +++ b/libs/sysplugins/smarty_internal_config.php @@ -206,7 +206,7 @@ class Smarty_Internal_Config { if ($this->compiler_object->compileSource($this)) { // compiling succeded // write compiled template - Smarty_Internal_Write_File::writeFile($this->getCompiledFilepath(), $this->getCompiledConfig()); + Smarty_Internal_Write_File::writeFile($this->getCompiledFilepath(), $this->getCompiledConfig(), $this->smarty); // make template and compiled file timestamp match touch($this->getCompiledFilepath(), $this->getTimestamp()); } else { diff --git a/libs/sysplugins/smarty_internal_resource_extend.php b/libs/sysplugins/smarty_internal_resource_extend.php index d832f01c..8614bcaf 100644 --- a/libs/sysplugins/smarty_internal_resource_extend.php +++ b/libs/sysplugins/smarty_internal_resource_extend.php @@ -167,6 +167,7 @@ class Smarty_Internal_Resource_Extend { */ public function getCompiledFilepath($template) { + $_compile_id = isset($template->compile_id) ? preg_replace('![^\w\|]+!','_',$template->compile_id) : null; $_files = explode('|', $template->resource_name); $_filepath = (string)abs(crc32($template->resource_name)); // if use_sub_dirs, break file into directories @@ -177,8 +178,8 @@ class Smarty_Internal_Resource_Extend { . $_filepath; } $_compile_dir_sep = $template->smarty->use_sub_dirs ? DS : '^'; - if (isset($template->compile_id)) { - $_filepath = $template->compile_id . $_compile_dir_sep . $_filepath; + if (isset($_compile_id)) { + $_filepath = $_compile_id . $_compile_dir_sep . $_filepath; } if ($template->caching) { $_cache = '.cache'; diff --git a/libs/sysplugins/smarty_internal_resource_file.php b/libs/sysplugins/smarty_internal_resource_file.php index 194d6cb9..eafc4268 100644 --- a/libs/sysplugins/smarty_internal_resource_file.php +++ b/libs/sysplugins/smarty_internal_resource_file.php @@ -111,6 +111,7 @@ class Smarty_Internal_Resource_File { */ public function getCompiledFilepath($_template) { + $_compile_id = isset($_template->compile_id) ? preg_replace('![^\w\|]+!','_',$_template->compile_id) : null; // $_filepath = md5($_template->resource_name); $_filepath = (string)abs(crc32($_template->resource_name)); // if use_sub_dirs, break file into directories @@ -121,8 +122,8 @@ class Smarty_Internal_Resource_File { . $_filepath; } $_compile_dir_sep = $_template->smarty->use_sub_dirs ? DS : '^'; - if (isset($_template->compile_id)) { - $_filepath = $_template->compile_id . $_compile_dir_sep . $_filepath; + if (isset($_compile_id)) { + $_filepath = $_compile_id . $_compile_dir_sep . $_filepath; } if ($_template->caching) { $_cache = '.cache'; diff --git a/libs/sysplugins/smarty_internal_resource_registered.php b/libs/sysplugins/smarty_internal_resource_registered.php index 07558d2d..43fa0e04 100644 --- a/libs/sysplugins/smarty_internal_resource_registered.php +++ b/libs/sysplugins/smarty_internal_resource_registered.php @@ -123,7 +123,7 @@ class Smarty_Internal_Resource_Registered { */ public function getCompiledFilepath($_template) { - // $_filepath = md5($_template->resource_name); + $_compile_id = isset($_template->compile_id) ? preg_replace('![^\w\|]+!','_',$_template->compile_id) : null; $_filepath = (string)abs(crc32($_template->template_resource)); // if use_sub_dirs, break file into directories if ($_template->smarty->use_sub_dirs) { @@ -133,8 +133,8 @@ class Smarty_Internal_Resource_Registered { . $_filepath; } $_compile_dir_sep = $_template->smarty->use_sub_dirs ? DS : '^'; - if (isset($_template->compile_id)) { - $_filepath = $_template->compile_id . $_compile_dir_sep . $_filepath; + if (isset($_compile_id)) { + $_filepath = $_compile_id . $_compile_dir_sep . $_filepath; } if ($_template->caching) { $_cache = '.cache'; diff --git a/libs/sysplugins/smarty_internal_template.php b/libs/sysplugins/smarty_internal_template.php index 7ff703f4..12d7bc5a 100644 --- a/libs/sysplugins/smarty_internal_template.php +++ b/libs/sysplugins/smarty_internal_template.php @@ -288,7 +288,7 @@ class Smarty_Internal_Template extends Smarty_Internal_TemplateBase { // compiling succeded if (!$this->isEvaluated()) { // write compiled template - Smarty_Internal_Write_File::writeFile($this->getCompiledFilepath(), $this->compiled_template); + Smarty_Internal_Write_File::writeFile($this->getCompiledFilepath(), $this->compiled_template, $this->smarty); // make template and compiled file timestamp match $this->compiled_timestamp = null; touch($this->getCompiledFilepath(), $this->getTemplateTimestamp()); diff --git a/libs/sysplugins/smarty_internal_templatebase.php b/libs/sysplugins/smarty_internal_templatebase.php index ed3c606d..b523a296 100644 --- a/libs/sysplugins/smarty_internal_templatebase.php +++ b/libs/sysplugins/smarty_internal_templatebase.php @@ -333,7 +333,8 @@ class Smarty_Internal_TemplateBase { */ function buildTemplateId ($_resource, $_cache_id, $_compile_id) { - // return md5($_resource . md5($_cache_id) . md5($_compile_id)); + $_cache_id = isset($_cache_id) ? preg_replace('![^\w\|]+!','_',$_cache_id) : null; + $_compile_id = isset($_compile_id) ? preg_replace('![^\w\|]+!','_',$_compile_id) : null; return crc32($_resource . $_cache_id . $_compile_id); } diff --git a/libs/sysplugins/smarty_internal_write_file.php b/libs/sysplugins/smarty_internal_write_file.php index 1f55a24b..85481150 100644 --- a/libs/sysplugins/smarty_internal_write_file.php +++ b/libs/sysplugins/smarty_internal_write_file.php @@ -18,12 +18,12 @@ class Smarty_Internal_Write_File { * @param string $_contents file content * @return boolean true */ - public static function writeFile($_filepath, $_contents) + public static function writeFile($_filepath, $_contents, $smarty) { $_dirpath = dirname($_filepath); // if subdirs, create dir structure if ($_dirpath !== '.' && !file_exists($_dirpath)) { - mkdir($_dirpath, 0755, true); + mkdir($_dirpath, $smarty->_dir_perms, true); } // write to tmp file, then move to overt file lock race condition $_tmp_file = tempnam($_dirpath, 'wrt'); @@ -38,7 +38,7 @@ class Smarty_Internal_Write_File { // rename tmp file rename($_tmp_file, $_filepath); // set file permissions - chmod($_filepath, 0644); + chmod($_filepath, $smarty->_file_perms); return true; } diff --git a/libs/sysplugins/smarty_method_clear_compiled_tpl.php b/libs/sysplugins/smarty_method_clear_compiled_tpl.php index 2105d6c6..4f53d61c 100644 --- a/libs/sysplugins/smarty_method_clear_compiled_tpl.php +++ b/libs/sysplugins/smarty_method_clear_compiled_tpl.php @@ -20,6 +20,7 @@ */ function Smarty_Method_Clear_Compiled_Tpl($smarty, $resource_name = null, $compile_id = null, $exp_time = null) { + $_compile_id = isset($compile_id) ? preg_replace('![^\w\|]+!','_',$compile_id) : null; $_dir_sep = $smarty->use_sub_dirs ? DS : '^'; if (isset($resource_name)) { $_resource_part_1 = $resource_name . '.php'; @@ -28,11 +29,11 @@ function Smarty_Method_Clear_Compiled_Tpl($smarty, $resource_name = null, $comp $_resource_part = ''; } $_dir = $smarty->compile_dir; - if ($smarty->use_sub_dirs && isset($compile_id)) { - $_dir .= $compile_id . $_dir_sep; + if ($smarty->use_sub_dirs && isset($_compile_id)) { + $_dir .= $_compile_id . $_dir_sep; } - if (isset($compile_id)) { - $_compile_id_part = $smarty->compile_dir . $compile_id . $_dir_sep; + if (isset($_compile_id)) { + $_compile_id_part = $smarty->compile_dir . $_compile_id . $_dir_sep; } $_count = 0; $_compileDirs = new RecursiveDirectoryIterator($_dir); @@ -45,7 +46,7 @@ function Smarty_Method_Clear_Compiled_Tpl($smarty, $resource_name = null, $comp @rmdir($_file->getPathname()); } } else { - if ((!isset($compile_id) || substr_compare((string)$_file, $_compile_id_part, 0, strlen($_compile_id_part)) == 0) && + if ((!isset($_compile_id) || substr_compare((string)$_file, $_compile_id_part, 0, strlen($_compile_id_part)) == 0) && (!isset($resource_name) || substr_compare((string)$_file, $_resource_part_1, - strlen($_resource_part_1), strlen($_resource_part_1)) == 0 || substr_compare((string)$_file, $_resource_part_2, - strlen($_resource_part_2), strlen($_resource_part_2)) == 0)) { if (isset($exp_time)) {