smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-03 18:04:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix template traversal.

Browse Source
This commit is contained in:
andrey
2001-01-12 16:05:26 +00:00
parent 42f31952df
commit c3036c2287
2 changed files with 26 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
Smarty.class.php
View File

@@ -45,7 +45,7 @@ class Smarty
'html_select_date' => 'smarty_func_html_select_date' 'html_select_date' => 'smarty_func_html_select_date'
); );
var $custom_mods = array( 'lower' => 'strtolower', var $custom_mods = array( 'lower' => 'strtolower',
'upper' => 'strtoupper', 'upper' => 'strtoupper',
'capitalize' => 'ucwords', 'capitalize' => 'ucwords',
'escape' => 'smarty_mod_escape', 'escape' => 'smarty_mod_escape',
@@ -158,16 +158,13 @@ class Smarty
function display($tpl_file) function display($tpl_file)
{ {
if(preg_match("/^(.+)\/([^\/]+)$/",$tpl_file,$match)) // compile files
{ $this->_compile($this->template_dir);
// compile files //assemble compile directory path to file
$this->_compile($match[1]); $_compile_file = preg_replace("/([\.\/]*[^\/]+)(.*)/","\\1".preg_quote($this->compile_dir_ext,"/")."\\2",$tpl_file);
//assemble compile directory path to file
$_compile_file = preg_replace("/([\.\/]*[^\/]+)(.*)/","\\1".preg_quote($this->compile_dir_ext,"/")."\\2",$tpl_file); extract($this->_tpl_vars);
include($_compile_file);
extract($this->_tpl_vars);
include($_compile_file);
}
} }
/*======================================================================*\ /*======================================================================*\
@@ -218,30 +215,22 @@ class Smarty
if(is_dir($tpl_dir)) if(is_dir($tpl_dir))
{ {
if($tpl_dir) if($tpl_dir)
$dir_handle = opendir($tpl_dir);
$dir_handle = opendir($tpl_dir);
while($curr_file = readdir($dir_handle)) while($curr_file = readdir($dir_handle))
{ {
if(!preg_match("/".preg_quote($this->tpl_file_ext,"/")."$/",$curr_file)) if ($curr_file == '.' || $curr_file == '..')
{
//echo "skipping $curr_file<br>\n";
continue; continue;
}
$filepath = $tpl_dir."/".$curr_file; $filepath = $tpl_dir."/".$curr_file;
//echo "filepath is $filepath<br>\n";
if(is_readable($filepath)) if(is_readable($filepath))
{ {
if(is_file($filepath)) if(is_file($filepath) && preg_match("/".preg_quote($this->tpl_file_ext,"/")."$/",$curr_file)) {
{
//echo "is file.<br>\n";
//echo $filepath, $depth<br>\n";
if(!$this->_process_file($filepath)) if(!$this->_process_file($filepath))
return false; return false;
} }
elseif(is_dir($filepath)) elseif(is_dir($filepath))
{ {
//echo "is directory.<br>\n";
if(!$this->_traverse_files($filepath,$depth+1)) if(!$this->_traverse_files($filepath,$depth+1))
return false; return false;
} }

37
libs/Smarty.class.php
View File

@@ -45,7 +45,7 @@ class Smarty
'html_select_date' => 'smarty_func_html_select_date' 'html_select_date' => 'smarty_func_html_select_date'
); );
var $custom_mods = array( 'lower' => 'strtolower', var $custom_mods = array( 'lower' => 'strtolower',
'upper' => 'strtoupper', 'upper' => 'strtoupper',
'capitalize' => 'ucwords', 'capitalize' => 'ucwords',
'escape' => 'smarty_mod_escape', 'escape' => 'smarty_mod_escape',
@@ -158,16 +158,13 @@ class Smarty
function display($tpl_file) function display($tpl_file)
{ {
if(preg_match("/^(.+)\/([^\/]+)$/",$tpl_file,$match)) // compile files
{ $this->_compile($this->template_dir);
// compile files //assemble compile directory path to file
$this->_compile($match[1]); $_compile_file = preg_replace("/([\.\/]*[^\/]+)(.*)/","\\1".preg_quote($this->compile_dir_ext,"/")."\\2",$tpl_file);
//assemble compile directory path to file
$_compile_file = preg_replace("/([\.\/]*[^\/]+)(.*)/","\\1".preg_quote($this->compile_dir_ext,"/")."\\2",$tpl_file); extract($this->_tpl_vars);
include($_compile_file);
extract($this->_tpl_vars);
include($_compile_file);
}
} }
/*======================================================================*\ /*======================================================================*\
@@ -218,30 +215,22 @@ class Smarty
if(is_dir($tpl_dir)) if(is_dir($tpl_dir))
{ {
if($tpl_dir) if($tpl_dir)
$dir_handle = opendir($tpl_dir);
$dir_handle = opendir($tpl_dir);
while($curr_file = readdir($dir_handle)) while($curr_file = readdir($dir_handle))
{ {
if(!preg_match("/".preg_quote($this->tpl_file_ext,"/")."$/",$curr_file)) if ($curr_file == '.' || $curr_file == '..')
{
//echo "skipping $curr_file<br>\n";
continue; continue;
}
$filepath = $tpl_dir."/".$curr_file; $filepath = $tpl_dir."/".$curr_file;
//echo "filepath is $filepath<br>\n";
if(is_readable($filepath)) if(is_readable($filepath))
{ {
if(is_file($filepath)) if(is_file($filepath) && preg_match("/".preg_quote($this->tpl_file_ext,"/")."$/",$curr_file)) {
{
//echo "is file.<br>\n";
//echo $filepath, $depth<br>\n";
if(!$this->_process_file($filepath)) if(!$this->_process_file($filepath))
return false; return false;
} }
elseif(is_dir($filepath)) elseif(is_dir($filepath))
{ {
//echo "is directory.<br>\n";
if(!$this->_traverse_files($filepath,$depth+1)) if(!$this->_traverse_files($filepath,$depth+1))
return false; return false;
} }