From d195b96411133be10c63c2644dfbfda0add9870d Mon Sep 17 00:00:00 2001
From: "Uwe.Tews" <uwe.tews@localhost>
Date: Thu, 18 Sep 2008 21:03:32 +0000
Subject: [PATCH]  - fix  function injection security hole closed (U.Tews)

---
 libs/Smarty_Compiler.class.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/libs/Smarty_Compiler.class.php b/libs/Smarty_Compiler.class.php
index ec0a8ca4..2ebc59cd 100644
--- a/libs/Smarty_Compiler.class.php
+++ b/libs/Smarty_Compiler.class.php
@@ -18,7 +18,11 @@
  * License along with this library; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  *
- * @link http://smarty.php.net/
+ * For questions, help, comments, discussion, etc., please join the
+ * Smarty mailing list. Send a blank e-mail to
+ * smarty-discussion-subscribe@googlegroups.com 
+ *
+ * @link http://www.smarty.net/
  * @author Monte Ohrt <monte at ohrt dot com>
  * @author Andrei Zmievski <andrei@php.net>
  * @version 2.6.21-dev
@@ -1704,7 +1708,10 @@ class Smarty_Compiler extends Smarty {
             $_return = $var_expr;
         }
         // replace double quoted literal string with single quotes
-        $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
+        
+        // The follwoing line has been replaced to close a function injection security hole  (U.Tews)
+        // $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
+        $_return = str_replace('"',"'",$_return);   
         return $_return;
     }