From c5f0dad3e2518b5fd3239ee668820d5951f3da8d Mon Sep 17 00:00:00 2001
From: messju <messju@localhost>
Date: Fri, 25 Aug 2006 19:21:27 +0000
Subject: [PATCH] fixed wrong handling of name attribute in {insert} thanks to
 Ivan Kravets for reporting this

---
 NEWS                           | 1 +
 libs/Smarty_Compiler.class.php | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 90728c01..c5d36fb9 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,4 @@
+- fix wrong handling of insert's name attribute. (messju)
 - fix false replacement of "$t" inside double quotes (checat, messju)
 - added support for column headings and caption element to html_table and
   updated the output to use thead/tbody elements (boots)
diff --git a/libs/Smarty_Compiler.class.php b/libs/Smarty_Compiler.class.php
index 3032d480..71d81604 100644
--- a/libs/Smarty_Compiler.class.php
+++ b/libs/Smarty_Compiler.class.php
@@ -927,7 +927,11 @@ class Smarty_Compiler extends Smarty {
         $name = $this->_dequote($attrs['name']);
 
         if (empty($name)) {
-            $this->_syntax_error("missing insert name", E_USER_ERROR, __FILE__, __LINE__);
+            return $this->_syntax_error("missing insert name", E_USER_ERROR, __FILE__, __LINE__);
+        }
+        
+        if (!preg_match('~^\w+$~', $name)) {
+            return $this->_syntax_error("'insert: 'name' must be an insert function name", E_USER_ERROR, __FILE__, __LINE__);
         }
 
         if (!empty($attrs['script'])) {