smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-09 12:54:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

- fix function injection security hole closed (U.Tews)

Browse Source
This commit is contained in:
Uwe.Tews
2008-09-18 21:03:32 +00:00
parent e7305a7571
commit d195b96411
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
libs/Smarty_Compiler.class.php
View File

@@ -18,7 +18,11 @@
* License along with this library; if not, write to the Free Software * License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* *
* @link http://smarty.php.net/ * For questions, help, comments, discussion, etc., please join the
* Smarty mailing list. Send a blank e-mail to
* smarty-discussion-subscribe@googlegroups.com
*
* @link http://www.smarty.net/
* @author Monte Ohrt <monte at ohrt dot com> * @author Monte Ohrt <monte at ohrt dot com>
* @author Andrei Zmievski <andrei@php.net> * @author Andrei Zmievski <andrei@php.net>
* @version 2.6.21-dev * @version 2.6.21-dev
@@ -1704,7 +1708,10 @@ class Smarty_Compiler extends Smarty {
$_return = $var_expr; $_return = $var_expr;
} }
// replace double quoted literal string with single quotes // replace double quoted literal string with single quotes
$_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
// The follwoing line has been replaced to close a function injection security hole (U.Tews)
// $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
$_return = str_replace('"',"'",$_return);
return $_return; return $_return;
} }