smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-03 18:04:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Using unsupported PHP functions and unregistered static class methods in modifiers and expressions now triggers a deprecation notice

Browse Source 
* Using unsupported PHP functions and unregistered static class methods in modifiers and expressions now triggers a deprecation notice because we will drop support for this in the next major release
This commit is contained in:
Simon Wisselink
2024-03-18 14:44:29 +01:00
committed by GitHub
parent e2cb9873ff
commit c7a271323b
13 changed files with 151 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased] ## [Unreleased]
### Changed
- Using unregistered static class methods in expressions now also triggers a deprecation notice because we will drop support for this in the next major release [#813](https://github.com/smarty-php/smarty/issues/813)
## [4.4.1] - 2024-02-26 ## [4.4.1] - 2024-02-26
- Fixed internal release-tooling - Fixed internal release-tooling

3
lexer/smarty_internal_templateparser.y
View File

@@ -785,6 +785,9 @@ value(res) ::= ns1(c)DOUBLECOLON static_class_access(s). {
if (isset($this->smarty->registered_classes[c])) { if (isset($this->smarty->registered_classes[c])) {
res = $this->smarty->registered_classes[c].'::'.s[0].s[1]; res = $this->smarty->registered_classes[c].'::'.s[0].s[1];
} else { } else {
trigger_error('Using unregistered static method "' . c.'::'.s[0] . '" in a template is deprecated and will be ' .
'removed in a future release. Use Smarty::registerClass to explicitly register ' .
'a class for access.', E_USER_DEPRECATED);
res = c.'::'.s[0].s[1]; res = c.'::'.s[0].s[1];
} }
} else { } else {

8
libs/sysplugins/smarty_internal_compile_private_modifier.php
View File

@@ -109,9 +109,11 @@ class Smarty_Internal_Compile_Private_Modifier extends Smarty_Internal_CompileBa
if (!is_object($compiler->smarty->security_policy) if (!is_object($compiler->smarty->security_policy)
|| $compiler->smarty->security_policy->isTrustedPhpModifier($modifier, $compiler) || $compiler->smarty->security_policy->isTrustedPhpModifier($modifier, $compiler)
) { ) {
trigger_error('Using php-function "' . $modifier . '" as a modifier is deprecated and will be ' . if (!in_array($modifier, ['time', 'join', 'is_array', 'in_array'])) {
'removed in a future release. Use Smarty::registerPlugin to explicitly register ' . trigger_error('Using unregistered function "' . $modifier . '" in a template is deprecated and will be ' .
'a custom modifier.', E_USER_DEPRECATED); 'removed in a future release. Use Smarty::registerPlugin to explicitly register ' .
'a custom modifier.', E_USER_DEPRECATED);
}
$output = "{$modifier}({$params})"; $output = "{$modifier}({$params})";
} }
$compiler->known_modifier_type[ $modifier ] = $type; $compiler->known_modifier_type[ $modifier ] = $type;

12
libs/sysplugins/smarty_internal_templatecompilerbase.php
View File

@@ -640,7 +640,17 @@ abstract class Smarty_Internal_TemplateCompilerBase
return $func_name . '(' . $parameter[ 0 ] . ')'; return $func_name . '(' . $parameter[ 0 ] . ')';
} }
} else { } else {
return $name . '(' . implode(',', $parameter) . ')'; $first_param = array_shift($parameter);
$modifier = array_merge(array($name), $parameter);
// Now, compile the function call as a modifier
return $this->compileTag(
'private_modifier',
array(),
array(
'modifierlist' => array($modifier),
'value' => $first_param
)
);
} }
} else { } else {
$this->trigger_template_error("unknown function '{$name}'"); $this->trigger_template_error("unknown function '{$name}'");

3
libs/sysplugins/smarty_internal_templateparser.php
View File

@@ -2425,6 +2425,9 @@ public static $yy_action = array(
if (isset($this->smarty->registered_classes[$this->yystack[$this->yyidx + -2]->minor])) { if (isset($this->smarty->registered_classes[$this->yystack[$this->yyidx + -2]->minor])) {
$this->_retvalue = $this->smarty->registered_classes[$this->yystack[$this->yyidx + -2]->minor].'::'.$this->yystack[$this->yyidx + 0]->minor[0].$this->yystack[$this->yyidx + 0]->minor[1]; $this->_retvalue = $this->smarty->registered_classes[$this->yystack[$this->yyidx + -2]->minor].'::'.$this->yystack[$this->yyidx + 0]->minor[0].$this->yystack[$this->yyidx + 0]->minor[1];
} else { } else {
trigger_error('Using unregistered static method "' . $this->yystack[$this->yyidx + -2]->minor.'::'.$this->yystack[$this->yyidx + 0]->minor[0] . '" in a template is deprecated and will be ' .
'removed in a future release. Use Smarty::registerClass to explicitly register ' .
'a class for access.', E_USER_DEPRECATED);
$this->_retvalue = $this->yystack[$this->yyidx + -2]->minor.'::'.$this->yystack[$this->yyidx + 0]->minor[0].$this->yystack[$this->yyidx + 0]->minor[1]; $this->_retvalue = $this->yystack[$this->yyidx + -2]->minor.'::'.$this->yystack[$this->yyidx + 0]->minor[0].$this->yystack[$this->yyidx + 0]->minor[1];
} }
} else { } else {

2
libs/sysplugins/smarty_security.php
View File

@@ -253,7 +253,7 @@ class Smarty_Security
* *
* @param string $function_name * @param string $function_name
* @param object $compiler compiler object * @param object $compiler compiler object
* * @deprecated
* @return boolean true if function is trusted * @return boolean true if function is trusted
*/ */
public function isTrustedPhpFunction($function_name, $compiler) public function isTrustedPhpFunction($function_name, $compiler)

6
phpunit.xml
View File

@@ -15,7 +15,11 @@
timeoutForSmallTests="1" timeoutForSmallTests="1"
timeoutForMediumTests="10" timeoutForMediumTests="10"
timeoutForLargeTests="60" timeoutForLargeTests="60"
verbose="false"> verbose="false"
convertErrorsToExceptions="true"
convertNoticesToExceptions="true"
convertWarningsToExceptions="true"
convertDeprecationsToExceptions="true">
<testsuites> <testsuites>
<testsuite name="foo"> <testsuite name="foo">
<directory>./tests/UnitTests/</directory> <directory>./tests/UnitTests/</directory>

18
run-tests-for-all-php-versions.sh
View File

@@ -5,11 +5,13 @@
# - ./run-tests-for-all-php-versions.sh --group 20221124 # - ./run-tests-for-all-php-versions.sh --group 20221124
# - ./run-tests-for-all-php-versions.sh --exclude-group slow # - ./run-tests-for-all-php-versions.sh --exclude-group slow
docker-compose run php71 ./run-tests.sh $@ && \ COMPOSE_CMD="mutagen-compose"
docker-compose run php72 ./run-tests.sh $@ && \
docker-compose run php73 ./run-tests.sh $@ && \ $COMPOSE_CMD run --rm php71 ./run-tests.sh $@ && \
docker-compose run php74 ./run-tests.sh $@ && \ $COMPOSE_CMD run --rm php72 ./run-tests.sh $@ && \
docker-compose run php80 ./run-tests.sh $@ && \ $COMPOSE_CMD run --rm php73 ./run-tests.sh $@ && \
docker-compose run php81 ./run-tests.sh $@ && \ $COMPOSE_CMD run --rm php74 ./run-tests.sh $@ && \
docker-compose run php82 ./run-tests.sh $@ && \ $COMPOSE_CMD run --rm php80 ./run-tests.sh $@ && \
docker-compose run php83 ./run-tests.sh $@ $COMPOSE_CMD run --rm php81 ./run-tests.sh $@ && \
$COMPOSE_CMD run --rm php82 ./run-tests.sh $@ && \
$COMPOSE_CMD run --rm php83 ./run-tests.sh $@

2
tests/PHPUnit_Smarty.php
View File

@@ -149,7 +149,7 @@ class PHPUnit_Smarty extends PHPUnit\Framework\TestCase
$this->smarty->setCacheDir(__DIR__ . '/cache'); $this->smarty->setCacheDir(__DIR__ . '/cache');
} }
$this->getSmartyObj(); $this->smarty->setErrorReporting(E_ALL &~ E_USER_DEPRECATED);
} }
/** /**

2
tests/UnitTests/A_Core/LoadPlugin/LoadPluginTest.php
View File

@@ -49,6 +49,6 @@ class LoadPluginTest extends PHPUnit_Smarty
*/ */
public function testLoadPluginSmartyPluginCounter() public function testLoadPluginSmartyPluginCounter()
{ {
$this->assertTrue($this->smarty->loadPlugin('Smarty_Function_Counter') == true); $this->assertTrue($this->smarty->loadPlugin('Smarty_function_counter') == true);
} }
} }

4
tests/UnitTests/SecurityTests/SecurityTest.php
View File

@@ -52,7 +52,7 @@ class SecurityTest extends PHPUnit_Smarty
*/ */
public function testTrustedPHPFunction() public function testTrustedPHPFunction()
{ {
$this->assertEquals("5", $this->smarty->fetch('string:{assign var=foo value=[1,2,3,4,5]}{sizeof($foo)}')); $this->assertEquals("5", $this->smarty->fetch('string:{assign var=foo value=[1,2,3,4,5]}{count($foo)}'));
} }
/** /**
@@ -75,7 +75,7 @@ class SecurityTest extends PHPUnit_Smarty
{ {
$this->smarty->security_policy->php_functions = array('null'); $this->smarty->security_policy->php_functions = array('null');
$this->smarty->disableSecurity(); $this->smarty->disableSecurity();
$this->assertEquals("5", $this->smarty->fetch('string:{assign var=foo value=[1,2,3,4,5]}{sizeof($foo)}')); $this->assertEquals("5", $this->smarty->fetch('string:{assign var=foo value=[1,2,3,4,5]}{count($foo)}'));
} }
/** /**

6
tests/UnitTests/SmartyMethodsTests/ClearAllAssign/ClearAllAssignTest.php
View File

@@ -46,7 +46,7 @@ class ClearAllAssignTest extends PHPUnit_Smarty
*/ */
public function testClearAllAssignInTemplate() public function testClearAllAssignInTemplate()
{ {
error_reporting((error_reporting() & ~(E_NOTICE | E_USER_NOTICE | E_WARNING))); $this->smarty->setErrorReporting($this->smarty->error_reporting & ~(E_NOTICE | E_USER_NOTICE | E_WARNING));
$this->_tpl->clearAllAssign(); $this->_tpl->clearAllAssign();
$this->assertEquals('foobar', $this->smarty->fetch($this->_tpl)); $this->assertEquals('foobar', $this->smarty->fetch($this->_tpl));
} }
@@ -56,7 +56,7 @@ class ClearAllAssignTest extends PHPUnit_Smarty
*/ */
public function testClearAllAssignInData() public function testClearAllAssignInData()
{ {
error_reporting((error_reporting() & ~(E_NOTICE | E_USER_NOTICE | E_WARNING))); $this->smarty->setErrorReporting($this->smarty->error_reporting & ~(E_NOTICE | E_USER_NOTICE | E_WARNING));
$this->_data->clearAllAssign(); $this->_data->clearAllAssign();
$this->assertEquals('fooblar', $this->smarty->fetch($this->_tpl)); $this->assertEquals('fooblar', $this->smarty->fetch($this->_tpl));
} }
@@ -66,7 +66,7 @@ class ClearAllAssignTest extends PHPUnit_Smarty
*/ */
public function testClearAllAssignInSmarty() public function testClearAllAssignInSmarty()
{ {
error_reporting((error_reporting() & ~(E_NOTICE | E_USER_NOTICE | E_WARNING))); $this->smarty->setErrorReporting($this->smarty->error_reporting & ~(E_NOTICE | E_USER_NOTICE | E_WARNING));
$this->smarty->clearAllAssign(); $this->smarty->clearAllAssign();
$this->assertEquals('barblar', $this->smarty->fetch($this->_tpl)); $this->assertEquals('barblar', $this->smarty->fetch($this->_tpl));
} }

104
tests/UnitTests/TemplateSource/ValueTests/PHPfunctions/PhpFunctionTest.php
View File

@@ -57,6 +57,7 @@ class PhpFunctionTest extends PHPUnit_Smarty
public function testEmpty2() public function testEmpty2()
{ {
$this->smarty->disableSecurity(); $this->smarty->disableSecurity();
$this->smarty->registerPlugin('modifier', 'pass', 'pass');
$this->smarty->assign('var', array(null, $this->smarty->assign('var', array(null,
false, false,
(int) 0, (int) 0,
@@ -78,6 +79,7 @@ class PhpFunctionTest extends PHPUnit_Smarty
public function testEmpty3() public function testEmpty3()
{ {
$this->smarty->disableSecurity(); $this->smarty->disableSecurity();
$this->smarty->registerPlugin('modifier', 'pass', 'pass');
$this->smarty->assign('var', array(true, $this->smarty->assign('var', array(true,
(int) 1, (int) 1,
(float) 0.1, (float) 0.1,
@@ -114,6 +116,7 @@ class PhpFunctionTest extends PHPUnit_Smarty
public function testIsset1() public function testIsset1()
{ {
$this->smarty->disableSecurity(); $this->smarty->disableSecurity();
$this->smarty->registerPlugin('modifier', 'pass', 'pass');
$this->smarty->assign('isNull', null); $this->smarty->assign('isNull', null);
$this->smarty->assign('isSet', 1); $this->smarty->assign('isSet', 1);
$this->smarty->assign('arr', array('isNull' => null, 'isSet' => 1)); $this->smarty->assign('arr', array('isNull' => null, 'isSet' => 1));
@@ -155,7 +158,7 @@ class PhpFunctionTest extends PHPUnit_Smarty
public function testIsset3($strTemplate, $result) public function testIsset3($strTemplate, $result)
{ {
$this->smarty->disableSecurity(); $this->smarty->disableSecurity();
$this->smarty->registerPlugin('modifier', 'intval', 'intval');
$this->smarty->assign('varobject', new TestIsset()); $this->smarty->assign('varobject', new TestIsset());
$this->smarty->assign('vararray', $vararray = array( $this->smarty->assign('vararray', $vararray = array(
'keythatexists' => false, 'keythatexists' => false,
@@ -196,6 +199,105 @@ class PhpFunctionTest extends PHPUnit_Smarty
array('{if isset($_varsimple{$key})}true{else}false{/if}', 'true'), array('{if isset($_varsimple{$key})}true{else}false{/if}', 'true'),
); );
} }
/**
* Tests various PHP functions (deprecated)
* @dataProvider dataVariousPHPFunctions
*/
public function testVariousPHPFunctions($strTemplate, $value, $expected) {
$this->smarty->disableSecurity();
$this->cleanDirs();
$this->smarty->assign('value', $value);
$this->assertEquals($expected, $this->smarty->fetch('string:' . $strTemplate));
}
/**
* Data provider for testIsset3
*/
public function dataVariousPHPFunctions()
{
return array(
array('{$a = count($value)}{$a}', array(1,2,3), '3'),
array('{$a = in_array("b", $value)}{$a}', array(1,'b',3), true),
array('{$a = strlen(uniqid())}{$a}', '', 13),
array('{$a = date("Y", $value)}{$a}', strtotime("01-01-2030"), 2030),
array('{$a = PhpFunctionTest::sayHi($value)}{$a}', 'mario', 'hi mario'),
array('{$a = pass($value)}{$a}', 'mario', 'mario'),
array('{$a = 1}{$b = Closure::fromCallable($value)}{$a}', 'strlen', 1),
);
}
public static function sayHi($value) {
return 'hi ' . $value;
}
/**
* Tests that each function that will not be supported in Smarty 5 does throw an E_USER_DEPRECATED notice.
* @dataProvider dataDeprecationNoticesForSmarty5
* @deprecated
*/
public function testDeprecationNoticesForSmarty5($strTemplateSource, $expected = '', $shouldTriggerDeprecationNotice = false) {
// this overrides the error reporting level set in \PHPUnit_Smarty::setUpSmarty
$previousErrorReporting = $this->smarty->error_reporting;
$this->smarty->setErrorReporting($previousErrorReporting | E_USER_DEPRECATED);
$this->smarty->assign('a', 'a');
$this->smarty->assign('ar', [1,2]);
$this->smarty->assign('f', 3.14);
$errorMessage = '';
try {
$output = $this->smarty->fetch('string:' . $strTemplateSource);
} catch (Exception $e) {
$errorMessage = $e->getMessage();
}
if ($shouldTriggerDeprecationNotice) {
$this->assertStringContainsString('Using unregistered function', $errorMessage);
} else {
$this->assertEquals($expected, $output);
$this->assertEquals('', $errorMessage);
}
$this->smarty->setErrorReporting($previousErrorReporting);
}
public function dataDeprecationNoticesForSmarty5()
{
return [
['{if empty($a)}{else}b{/if}', 'b', false],
['{json_encode($a)}', '"a"', false],
['{nl2br($a)}', 'a', false],
['{$a|nl2br}', 'a', false],
['{round($f, 1)}', '3.1', false],
['{$f|round}', '3', false],
['{str_repeat($a, 2)}', 'aa', false],
['{$a|str_repeat:3}', 'aaa', false],
['{$a|strip_tags}', 'a', false],
['{$a|strlen}', '1', false],
['{$a|substr:-1}', 'a', false],
['{$f|substr:-1}', '4', false],
['{$ar|count}', '2', false],
['{foreach "."|explode:$f as $n}{$n}{/foreach}', '314', false],
['{"-"|implode:$ar}', '1-2', false],
['{"-"|join:$ar}', '1-2', false],
['{$f|wordwrap:2:"k":true}', "3.k14", false],
['{$f|number_format:1:","}', "3,1", false],
['{if in_array(1, $ar)}yes{/if}', "yes", false],
['{if is_array($ar)}yes{/if}', "yes", false],
['{if time() gt 0}yes{/if}', "yes", false],
['{if array_chunk($ar, 2)}x{else}y{/if}', '', true],
['{$a|addslashes}', '', true],
['{$a|sha1}', '', true],
['{$a|get_parent_class}', '', true],
];
}
} }
/** /**