smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-03 18:04:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

cleaned up logic of if statement security

Browse Source
This commit is contained in:
mohrt
2001-06-15 14:18:54 +00:00
parent 18220173ef
commit b7e210cfa8
2 changed files with 18 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
Smarty_Compiler.class.php
View File

@@ -485,15 +485,7 @@ class Smarty_Compiler extends Smarty {
$is_arg_stack = array(); $is_arg_stack = array();
for ($i = 0; $i < count($tokens); $i++) { for ($i = 0; $i < count($tokens); $i++) {
if($this->security
&& $tokens[$i+1] == '('
&& !preg_match("|[^a-zA-Z_-]+|",$tokens[$i])
&& !in_array($tokens[$i],array('eq','ne','neq','lt','le','lte','gt','ge','gte','and','or','not','mod','is'))
&& !in_array($tokens[$i],$this->security_settings["ALLOW_IF_FUNCS"])) {
$this->_syntax_error("(secure mode) '".$tokens[$i]."' not allowed in if statement");
}
$token = &$tokens[$i]; $token = &$tokens[$i];
switch ($token) { switch ($token) {
case 'eq': case 'eq':
@@ -569,6 +561,14 @@ class Smarty_Compiler extends Smarty {
current position for the next iteration. */ current position for the next iteration. */
$i = $is_arg_start; $i = $is_arg_start;
break; break;
default:
if($this->security
&& $tokens[$i+1] == '('
&& !preg_match("|[^a-zA-Z_-]|",$tokens[$i])
&& !in_array($tokens[$i],$this->security_settings["ALLOW_IF_FUNCS"])) {
$this->_syntax_error("(secure mode) '".$tokens[$i]."' not allowed in if statement");
}
break;
} }
} }

18
libs/Smarty_Compiler.class.php
View File

@@ -485,15 +485,7 @@ class Smarty_Compiler extends Smarty {
$is_arg_stack = array(); $is_arg_stack = array();
for ($i = 0; $i < count($tokens); $i++) { for ($i = 0; $i < count($tokens); $i++) {
if($this->security
&& $tokens[$i+1] == '('
&& !preg_match("|[^a-zA-Z_-]+|",$tokens[$i])
&& !in_array($tokens[$i],array('eq','ne','neq','lt','le','lte','gt','ge','gte','and','or','not','mod','is'))
&& !in_array($tokens[$i],$this->security_settings["ALLOW_IF_FUNCS"])) {
$this->_syntax_error("(secure mode) '".$tokens[$i]."' not allowed in if statement");
}
$token = &$tokens[$i]; $token = &$tokens[$i];
switch ($token) { switch ($token) {
case 'eq': case 'eq':
@@ -569,6 +561,14 @@ class Smarty_Compiler extends Smarty {
current position for the next iteration. */ current position for the next iteration. */
$i = $is_arg_start; $i = $is_arg_start;
break; break;
default:
if($this->security
&& $tokens[$i+1] == '('
&& !preg_match("|[^a-zA-Z_-]|",$tokens[$i])
&& !in_array($tokens[$i],$this->security_settings["ALLOW_IF_FUNCS"])) {
$this->_syntax_error("(secure mode) '".$tokens[$i]."' not allowed in if statement");
}
break;
} }
} }