From 19df91b6920b64e34fedeb5ffcbcea112b8a8d99 Mon Sep 17 00:00:00 2001 From: Jon <24463871+j-applese3d@users.noreply.github.com> Date: Sun, 30 Apr 2023 14:25:39 -0700 Subject: [PATCH 01/11] Remove `md5` modifier from debug.tpl (#871) * Remove `md5` modifier from debug.tpl Replaced with a regular function call. See https://github.com/smarty-php/smarty/issues/813 * Move `md5()` in debug.tpl to PHP --------- Co-authored-by: jonathan --- libs/debug.tpl | 4 +--- libs/sysplugins/smarty_internal_debug.php | 9 ++++++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/libs/debug.tpl b/libs/debug.tpl index 4f82a582..cd932566 100644 --- a/libs/debug.tpl +++ b/libs/debug.tpl @@ -167,9 +167,7 @@ {/capture} diff --git a/libs/sysplugins/smarty_internal_debug.php b/libs/sysplugins/smarty_internal_debug.php index 570819d2..da67904c 100644 --- a/libs/sysplugins/smarty_internal_debug.php +++ b/libs/sysplugins/smarty_internal_debug.php @@ -238,9 +238,12 @@ class Smarty_Internal_Debug extends Smarty_Internal_Data $_config_vars = $ptr->config_vars; ksort($_config_vars); $debugging = $smarty->debugging; + $templateName = $obj->source->type . ':' . $obj->source->name; + $displayMode = $debugging === 2 || !$full; + $offset = $this->offset * 50; $_template = new Smarty_Internal_Template($debObj->debug_tpl, $debObj); if ($obj->_isTplObj()) { - $_template->assign('template_name', $obj->source->type . ':' . $obj->source->name); + $_template->assign('template_name', $templateName); } if ($obj->_objType === 1 || $full) { $_template->assign('template_data', $this->template_data[ $this->index ]); @@ -250,8 +253,8 @@ class Smarty_Internal_Debug extends Smarty_Internal_Data $_template->assign('assigned_vars', $_assigned_vars); $_template->assign('config_vars', $_config_vars); $_template->assign('execution_time', microtime(true) - $smarty->start_time); - $_template->assign('display_mode', $debugging === 2 || !$full); - $_template->assign('offset', $this->offset * 50); + $_template->assign('targetWindow', $displayMode ? md5("$offset$templateName") : '__Smarty__'); + $_template->assign('offset', $offset); echo $_template->fetch(); if (isset($full)) { $this->index--; From 4434e128c67de0578af1c32147828ae429dc3b53 Mon Sep 17 00:00:00 2001 From: Simon Wisselink Date: Wed, 19 Jul 2023 12:27:17 +0200 Subject: [PATCH 02/11] muteUndefinedOrNullWarnings() now also mutes PHP8 warnings for undefined properties (#891) --- CHANGELOG.md | 3 +++ libs/sysplugins/smarty_internal_errorhandler.php | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 899cfd7e..f3791f9c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Fixed +- `$smarty->muteUndefinedOrNullWarnings()` now also mutes PHP8 warnings for undefined properties + ## [4.3.1] - 2023-03-28 ### Security diff --git a/libs/sysplugins/smarty_internal_errorhandler.php b/libs/sysplugins/smarty_internal_errorhandler.php index f57cc21f..6f526c38 100644 --- a/libs/sysplugins/smarty_internal_errorhandler.php +++ b/libs/sysplugins/smarty_internal_errorhandler.php @@ -17,6 +17,12 @@ class Smarty_Internal_ErrorHandler */ public $allowUndefinedVars = true; + /** + * Allows {$foo->propName} where propName is undefined. + * @var bool + */ + public $allowUndefinedProperties = true; + /** * Allows {$foo.bar} where bar is unset and {$foo.bar1.bar2} where either bar1 or bar2 is unset. * @var bool @@ -80,6 +86,13 @@ class Smarty_Internal_ErrorHandler return; // suppresses this error } + if ($this->allowUndefinedProperties && preg_match( + '/^(Undefined property)/', + $errstr + )) { + return; // suppresses this error + } + if ($this->allowUndefinedArrayKeys && preg_match( '/^(Undefined index|Undefined array key|Trying to access array offset on value of type)/', $errstr From edfd4c91daa97739ac6ea7bc6e368ebea84bcdfe Mon Sep 17 00:00:00 2001 From: Simon Wisselink Date: Wed, 19 Jul 2023 12:27:34 +0200 Subject: [PATCH 03/11] version bump --- CHANGELOG.md | 2 ++ libs/Smarty.class.php | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f3791f9c..10c66c77 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [4.3.2] - 2023-07-19 + ### Fixed - `$smarty->muteUndefinedOrNullWarnings()` now also mutes PHP8 warnings for undefined properties diff --git a/libs/Smarty.class.php b/libs/Smarty.class.php index 81dc6ab5..71734274 100644 --- a/libs/Smarty.class.php +++ b/libs/Smarty.class.php @@ -107,7 +107,7 @@ class Smarty extends Smarty_Internal_TemplateBase /** * smarty version */ - const SMARTY_VERSION = '4.3.1'; + const SMARTY_VERSION = '4.3.2'; /** * define variable scopes */ From a3cbdc46fbee148f2e0a7c2bf8f0840e5ef2dce0 Mon Sep 17 00:00:00 2001 From: Simon Wisselink Date: Fri, 4 Aug 2023 22:40:19 +0200 Subject: [PATCH 04/11] Fix strip_tags modifier for falsy input. (#893) Fixes #890 --- CHANGELOG.md | 3 ++ libs/plugins/modifiercompiler.strip_tags.php | 2 +- .../PluginModifierStripTagsTest.php | 46 +++++++++++++++++++ 3 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierStripTagsTest.php diff --git a/CHANGELOG.md b/CHANGELOG.md index 10c66c77..20c5b00e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Fixed +- `|strip_tags` does not work if the input is 0 [#890](https://github.com/smarty-php/smarty/issues/890) + ## [4.3.2] - 2023-07-19 ### Fixed diff --git a/libs/plugins/modifiercompiler.strip_tags.php b/libs/plugins/modifiercompiler.strip_tags.php index bd866a61..fd6cc725 100644 --- a/libs/plugins/modifiercompiler.strip_tags.php +++ b/libs/plugins/modifiercompiler.strip_tags.php @@ -21,7 +21,7 @@ function smarty_modifiercompiler_strip_tags($params) { if (!isset($params[ 1 ]) || $params[ 1 ] === true || trim($params[ 1 ], '"') === 'true') { - return "preg_replace('!<[^>]*?>!', ' ', {$params[0]} ?: '')"; + return "preg_replace('!<[^>]*?>!', ' ', (string) {$params[0]})"; } else { return 'strip_tags((string) ' . $params[ 0 ] . ')'; } diff --git a/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierStripTagsTest.php b/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierStripTagsTest.php new file mode 100644 index 00000000..c0860a27 --- /dev/null +++ b/tests/UnitTests/TemplateSource/TagTests/PluginModifier/PluginModifierStripTagsTest.php @@ -0,0 +1,46 @@ +setUpSmarty(__DIR__); + } + + public function testDefault() { + $tpl = $this->smarty->createTemplate('string:{$x|strip_tags}'); + $tpl->assign('x', 'hi'); + $this->assertEquals(" hi ", $this->smarty->fetch($tpl)); + } + + public function testParam1() { + $tpl = $this->smarty->createTemplate('string:{$x|strip_tags:false}'); + $tpl->assign('x', 'hi'); + $this->assertEquals("hi", $this->smarty->fetch($tpl)); + } + + public function testInputIsFalsy0() { + $tpl = $this->smarty->createTemplate('string:{$x|strip_tags}'); + $tpl->assign('x', 0); + $this->assertEquals("0", $this->smarty->fetch($tpl)); + } + + public function testInputIsFalsy1() { + $tpl = $this->smarty->createTemplate('string:{$x|strip_tags}'); + $tpl->assign('x', ''); + $this->assertEquals("", $this->smarty->fetch($tpl)); + } + +} From d6c4274822af54fee30ed7c7af33810c25ba2ca7 Mon Sep 17 00:00:00 2001 From: Simon Wisselink Date: Wed, 13 Sep 2023 22:10:36 +0200 Subject: [PATCH 05/11] Fix phpdoc. Fixes #897 --- libs/sysplugins/smarty_template_compiled.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libs/sysplugins/smarty_template_compiled.php b/libs/sysplugins/smarty_template_compiled.php index 37d8f0a9..b78a3b60 100644 --- a/libs/sysplugins/smarty_template_compiled.php +++ b/libs/sysplugins/smarty_template_compiled.php @@ -85,7 +85,7 @@ class Smarty_Template_Compiled extends Smarty_Template_Resource_Base * * @param Smarty_Internal_Template $_template * - * @return string + * @return void * @throws Exception */ public function render(Smarty_Internal_Template $_template) From 2ff66e0fcc00455859329c91deff3ac284d7b317 Mon Sep 17 00:00:00 2001 From: Simon Wisselink Date: Thu, 14 Sep 2023 10:38:53 +0200 Subject: [PATCH 06/11] Fix use of negative numbers in math equations. (#904) Fixes #895 --- CHANGELOG.md | 1 + libs/plugins/function.math.php | 2 +- .../UnitTests/TemplateSource/ValueTests/Math/MathTest.php | 8 ++++++++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 20c5b00e..8077925b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed - `|strip_tags` does not work if the input is 0 [#890](https://github.com/smarty-php/smarty/issues/890) +- Use of negative numbers in {math} equations [#895](https://github.com/smarty-php/smarty/issues/895) ## [4.3.2] - 2023-07-19 diff --git a/libs/plugins/function.math.php b/libs/plugins/function.math.php index f9cf67fe..34912d23 100644 --- a/libs/plugins/function.math.php +++ b/libs/plugins/function.math.php @@ -67,7 +67,7 @@ function smarty_function_math($params, $template) $equation = preg_replace('/\s+/', '', $equation); // Adapted from https://www.php.net/manual/en/function.eval.php#107377 - $number = '(?:\d+(?:[,.]\d+)?|pi|π)'; // What is a number + $number = '-?(?:\d+(?:[,.]\d+)?|pi|π)'; // What is a number $functionsOrVars = '((?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*))'; $operators = '[,+\/*\^%-]'; // Allowed math operators $regexp = '/^(('.$number.'|'.$functionsOrVars.'|('.$functionsOrVars.'\s*\((?1)*\)|\((?1)*\)))(?:'.$operators.'(?1))?)+$/'; diff --git a/tests/UnitTests/TemplateSource/ValueTests/Math/MathTest.php b/tests/UnitTests/TemplateSource/ValueTests/Math/MathTest.php index e4522e06..f996754c 100644 --- a/tests/UnitTests/TemplateSource/ValueTests/Math/MathTest.php +++ b/tests/UnitTests/TemplateSource/ValueTests/Math/MathTest.php @@ -101,6 +101,14 @@ class MathTest extends PHPUnit_Smarty $this->assertEquals($expected, $this->smarty->fetch($tpl)); } + public function testNegativeNumbers() + { + $this->smarty->disableSecurity(); + $expected = "-19 -- 4.1"; + $tpl = $this->smarty->createTemplate('eval:{$x = 4}{$y = 5.5}{math equation="-2.0*(x+y)" x=$x y=$y} -- {math equation="-20.5 / -5"}'); + $this->assertEquals($expected, $this->smarty->fetch($tpl)); + } + public function testSyntaxFormat() { $this->smarty->disableSecurity(); From b96a5c39535517a1b9510d85c026e099962931be Mon Sep 17 00:00:00 2001 From: Simon Wisselink Date: Thu, 14 Sep 2023 10:57:44 +0200 Subject: [PATCH 07/11] version bump --- CHANGELOG.md | 2 ++ libs/Smarty.class.php | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8077925b..84cb0d7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [4.3.3] - 2023-09-14 + ### Fixed - `|strip_tags` does not work if the input is 0 [#890](https://github.com/smarty-php/smarty/issues/890) - Use of negative numbers in {math} equations [#895](https://github.com/smarty-php/smarty/issues/895) diff --git a/libs/Smarty.class.php b/libs/Smarty.class.php index 71734274..804d810e 100644 --- a/libs/Smarty.class.php +++ b/libs/Smarty.class.php @@ -107,7 +107,7 @@ class Smarty extends Smarty_Internal_TemplateBase /** * smarty version */ - const SMARTY_VERSION = '4.3.2'; + const SMARTY_VERSION = '4.3.3'; /** * define variable scopes */ From 17a7d6fb5b8582a78edd743ac5579b6b80ac7ad7 Mon Sep 17 00:00:00 2001 From: Simon Wisselink Date: Thu, 14 Sep 2023 11:00:08 +0200 Subject: [PATCH 08/11] Fix release-script to user support-branch --- make-release.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/make-release.sh b/make-release.sh index 6a652d51..e893deb3 100755 --- a/make-release.sh +++ b/make-release.sh @@ -14,7 +14,7 @@ sed -i "s/const SMARTY_VERSION = '[^']\+';/const SMARTY_VERSION = '$1';/" libs/S git add CHANGELOG.md libs/Smarty.class.php git commit -m "version bump" -git checkout master +git checkout support/4.3 git pull git merge --no-ff "release/$1" git branch -d "release/$1" From 642fd69feab196b0719ac031e625e8715b077d26 Mon Sep 17 00:00:00 2001 From: Simon Wisselink Date: Thu, 14 Sep 2023 11:00:38 +0200 Subject: [PATCH 09/11] version bump --- CHANGELOG.md | 2 ++ libs/Smarty.class.php | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8077925b..84cb0d7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [4.3.3] - 2023-09-14 + ### Fixed - `|strip_tags` does not work if the input is 0 [#890](https://github.com/smarty-php/smarty/issues/890) - Use of negative numbers in {math} equations [#895](https://github.com/smarty-php/smarty/issues/895) diff --git a/libs/Smarty.class.php b/libs/Smarty.class.php index 71734274..804d810e 100644 --- a/libs/Smarty.class.php +++ b/libs/Smarty.class.php @@ -107,7 +107,7 @@ class Smarty extends Smarty_Internal_TemplateBase /** * smarty version */ - const SMARTY_VERSION = '4.3.2'; + const SMARTY_VERSION = '4.3.3'; /** * define variable scopes */ From d8c1dfe56ed7f27a8dc5329bf2309248ebeb7e0e Mon Sep 17 00:00:00 2001 From: Simon Wisselink Date: Thu, 14 Sep 2023 12:59:07 +0200 Subject: [PATCH 10/11] version bump --- CHANGELOG.md | 2 ++ libs/Smarty.class.php | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 84cb0d7f..04be00ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [4.3.4] - 2023-09-14 + ## [4.3.3] - 2023-09-14 ### Fixed diff --git a/libs/Smarty.class.php b/libs/Smarty.class.php index 804d810e..f102d889 100644 --- a/libs/Smarty.class.php +++ b/libs/Smarty.class.php @@ -107,7 +107,7 @@ class Smarty extends Smarty_Internal_TemplateBase /** * smarty version */ - const SMARTY_VERSION = '4.3.3'; + const SMARTY_VERSION = '4.3.4'; /** * define variable scopes */ From 6e067ed32790dcff10695ff6d8de759024d1ef15 Mon Sep 17 00:00:00 2001 From: Simon Wisselink Date: Thu, 21 Sep 2023 23:50:10 +0200 Subject: [PATCH 11/11] Add unit tests to clarify current behavior --- .../A_Core/AutoEscape/AutoEscapeTest.php | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/tests/UnitTests/A_Core/AutoEscape/AutoEscapeTest.php b/tests/UnitTests/A_Core/AutoEscape/AutoEscapeTest.php index f98d9a84..0a4a354b 100644 --- a/tests/UnitTests/A_Core/AutoEscape/AutoEscapeTest.php +++ b/tests/UnitTests/A_Core/AutoEscape/AutoEscapeTest.php @@ -30,4 +30,36 @@ class AutoEscapeTest extends PHPUnit_Smarty $tpl->assign('foo', ''); $this->assertEquals("<a@b.c>", $this->smarty->fetch($tpl)); } + + + /** + * test 'escapeHtml' property + * @group issue906 + */ + public function testAutoEscapeDoesNotEscapeFunctionPlugins() + { + $this->smarty->registerPlugin( + Smarty::PLUGIN_FUNCTION, + 'horizontal_rule', + function ($params, $smarty) { return "
"; } + ); + $tpl = $this->smarty->createTemplate('eval:{horizontal_rule}'); + $this->assertEquals("
", $this->smarty->fetch($tpl)); + } + + /** + * test 'escapeHtml' property + * @group issue906 + */ + public function testAutoEscapeDoesNotEscapeBlockPlugins() + { + $this->smarty->registerPlugin( + Smarty::PLUGIN_BLOCK, + 'paragraphify', + function ($params, $content) { return $content == null ? null : "

".$content."

"; } + ); + $tpl = $this->smarty->createTemplate('eval:{paragraphify}hi{/paragraphify}'); + $this->assertEquals("

hi

", $this->smarty->fetch($tpl)); + } + }