mirror of
https://github.com/smarty-php/smarty.git
synced 2025-08-03 01:44:26 +02:00
Using PHP functions in expressions now also triggers a deprecation notice because we will drop support for this in the next major release
Fixes #813
This commit is contained in:
Simon Wisselink
@@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
### Changed
|
||||
- Using PHP functions in expressions now also triggers a deprecation notice because we will drop support for this in the next major release [#813](https://github.com/smarty-php/smarty/issues/813)
|
||||
|
||||
## [4.3.1] - 2023-03-28
|
||||
|
||||
### Security
|
||||
|
||||
@@ -109,7 +109,7 @@ class Smarty_Internal_Compile_Private_Modifier extends Smarty_Internal_CompileBa
|
||||
if (!is_object($compiler->smarty->security_policy)
|
||||
|| $compiler->smarty->security_policy->isTrustedPhpModifier($modifier, $compiler)
|
||||
) {
|
||||
trigger_error('Using php-function "' . $modifier . '" as a modifier is deprecated and will be ' .
|
||||
trigger_error('Using unregistered function "' . $modifier . '" in a template is deprecated and will be ' .
|
||||
'removed in a future release. Use Smarty::registerPlugin to explicitly register ' .
|
||||
'a custom modifier.', E_USER_DEPRECATED);
|
||||
$output = "{$modifier}({$params})";
|
||||
|
||||
@@ -640,7 +640,17 @@ abstract class Smarty_Internal_TemplateCompilerBase
|
||||
return $func_name . '(' . $parameter[ 0 ] . ')';
|
||||
}
|
||||
} else {
|
||||
return $name . '(' . implode(',', $parameter) . ')';
|
||||
$first_param = array_shift($parameter);
|
||||
$modifier = array_merge(array($name), $parameter);
|
||||
// Now, compile the function call as a modifier
|
||||
return $this->compileTag(
|
||||
'private_modifier',
|
||||
array(),
|
||||
array(
|
||||
'modifierlist' => array($modifier),
|
||||
'value' => $first_param
|
||||
)
|
||||
);
|
||||
}
|
||||
} else {
|
||||
$this->trigger_template_error("unknown function '{$name}'");
|
||||
|
||||
@@ -253,7 +253,7 @@ class Smarty_Security
|
||||
*
|
||||
* @param string $function_name
|
||||
* @param object $compiler compiler object
|
||||
*
|
||||
* @deprecated
|
||||
* @return boolean true if function is trusted
|
||||
*/
|
||||
public function isTrustedPhpFunction($function_name, $compiler)
|
||||
|
||||
@@ -52,7 +52,7 @@ class SecurityTest extends PHPUnit_Smarty
|
||||
*/
|
||||
public function testTrustedPHPFunction()
|
||||
{
|
||||
$this->assertEquals("5", $this->smarty->fetch('string:{assign var=foo value=[1,2,3,4,5]}{sizeof($foo)}'));
|
||||
$this->assertEquals("5", $this->smarty->fetch('string:{assign var=foo value=[1,2,3,4,5]}{count($foo)}'));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -75,7 +75,7 @@ class SecurityTest extends PHPUnit_Smarty
|
||||
{
|
||||
$this->smarty->security_policy->php_functions = array('null');
|
||||
$this->smarty->disableSecurity();
|
||||
$this->assertEquals("5", $this->smarty->fetch('string:{assign var=foo value=[1,2,3,4,5]}{sizeof($foo)}'));
|
||||
$this->assertEquals("5", $this->smarty->fetch('string:{assign var=foo value=[1,2,3,4,5]}{count($foo)}'));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -57,6 +57,7 @@ class PhpFunctionTest extends PHPUnit_Smarty
|
||||
public function testEmpty2()
|
||||
{
|
||||
$this->smarty->disableSecurity();
|
||||
$this->smarty->registerPlugin('modifier', 'pass', 'pass');
|
||||
$this->smarty->assign('var', array(null,
|
||||
false,
|
||||
(int) 0,
|
||||
@@ -78,6 +79,7 @@ class PhpFunctionTest extends PHPUnit_Smarty
|
||||
public function testEmpty3()
|
||||
{
|
||||
$this->smarty->disableSecurity();
|
||||
$this->smarty->registerPlugin('modifier', 'pass', 'pass');
|
||||
$this->smarty->assign('var', array(true,
|
||||
(int) 1,
|
||||
(float) 0.1,
|
||||
@@ -114,6 +116,7 @@ class PhpFunctionTest extends PHPUnit_Smarty
|
||||
public function testIsset1()
|
||||
{
|
||||
$this->smarty->disableSecurity();
|
||||
$this->smarty->registerPlugin('modifier', 'pass', 'pass');
|
||||
$this->smarty->assign('isNull', null);
|
||||
$this->smarty->assign('isSet', 1);
|
||||
$this->smarty->assign('arr', array('isNull' => null, 'isSet' => 1));
|
||||
@@ -155,7 +158,7 @@ class PhpFunctionTest extends PHPUnit_Smarty
|
||||
public function testIsset3($strTemplate, $result)
|
||||
{
|
||||
$this->smarty->disableSecurity();
|
||||
|
||||
$this->smarty->registerPlugin('modifier', 'intval', 'intval');
|
||||
$this->smarty->assign('varobject', new TestIsset());
|
||||
$this->smarty->assign('vararray', $vararray = array(
|
||||
'keythatexists' => false,
|
||||
@@ -196,6 +199,38 @@ class PhpFunctionTest extends PHPUnit_Smarty
|
||||
array('{if isset($_varsimple{$key})}true{else}false{/if}', 'true'),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Tests various PHP functions (deprecated)
|
||||
* @dataProvider dataVariousPHPFunctions
|
||||
*/
|
||||
public function testVariousPHPFunctions($strTemplate, $value, $expected) {
|
||||
$this->smarty->disableSecurity();
|
||||
$this->cleanDirs();
|
||||
$this->smarty->assign('value', $value);
|
||||
$this->assertEquals($expected, $this->smarty->fetch('string:' . $strTemplate));
|
||||
}
|
||||
|
||||
/**
|
||||
* Data provider for testIsset3
|
||||
*/
|
||||
public function dataVariousPHPFunctions()
|
||||
{
|
||||
return array(
|
||||
array('{$a = count($value)}{$a}', array(1,2,3), '3'),
|
||||
array('{$a = in_array("b", $value)}{$a}', array(1,'b',3), true),
|
||||
array('{$a = strlen(uniqid())}{$a}', '', 13),
|
||||
array('{$a = date("Y", $value)}{$a}', strtotime("01-01-2030"), 2030),
|
||||
array('{$a = PhpFunctionTest::sayHi($value)}{$a}', 'mario', 'hi mario'),
|
||||
array('{$a = pass($value)}{$a}', 'mario', 'mario'),
|
||||
);
|
||||
}
|
||||
|
||||
public static function sayHi($value) {
|
||||
return 'hi ' . $value;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user