smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-03 09:54:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into patch-1

Browse Source
This commit is contained in:
Rudie Dirkx
2022-11-24 11:33:03 +01:00
committed by GitHub
parent 2235eb218f c0a6b641bf
commit e2ace32f97
265 changed files with 1644 additions and 865 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitattributes vendored
View File

@@ -8,8 +8,9 @@
# exclude from git export
/tests export-ignore
/utilities export-ignore
/docker-compose.yml export-ignore
/.github export-ignore
/run_tests_for_all_php_versions.sh export-ignore
/.gitattributes export-ignore
/.gitignore export-ignore
/make-release.sh export-ignore

16
.github/workflows/ci.yml vendored
View File

@@ -1,8 +1,10 @@
# https://help.github.com/en/categories/automating-your-workflow-with-github-actions
on:
- pull_request
- push
pull_request:
push:
branches:
- 'master'
name: CI
@@ -29,6 +31,7 @@ jobs:
- "7.4"
- "8.0"
- "8.1"
- "8.2"
compiler:
- default
@@ -40,6 +43,9 @@ jobs:
- os: ubuntu-latest
php-version: "8.1"
compiler: jit
- os: ubuntu-latest
php-version: "8.2"
compiler: jit
steps:
- name: Checkout
@@ -69,9 +75,5 @@ jobs:
restore-keys: |
${{ runner.os }}-php-${{ matrix.php-version }}-
- name: Install dependencies
if: steps.composer-cache.outputs.cache-hit != 'true'
run: composer install --prefer-dist --no-progress --no-suggest
- name: Run tests with phpunit
run: ./phpunit.sh
run: ./run-tests.sh

1
.gitignore vendored
View File

@@ -5,7 +5,6 @@
lexer/*.php
lexer/*.php.bak
lexer/*.out
utilies/*.php
# Dev
phpunit*

55
CHANGELOG.md
View File

@@ -7,9 +7,64 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
### Fixed
- `$smarty->muteUndefinedOrNullWarnings()` now also mutes PHP7 notices for undefined array indexes [#736](https://github.com/smarty-php/smarty/issues/736)
- `$smarty->muteUndefinedOrNullWarnings()` now treats undefined vars and array access of a null or false variables
equivalent across all supported PHP versions
## [4.3.0] - 2022-11-22
### Added
- PHP8.2 compatibility [#775](https://github.com/smarty-php/smarty/pull/775)
### Changed
- Include docs and demo in the releases [#799](https://github.com/smarty-php/smarty/issues/799)
- Using PHP functions as modifiers now triggers a deprecation notice because we will drop support for this in the next major release [#813](https://github.com/smarty-php/smarty/issues/813)
- Dropped remaining references to removed PHP-support in Smarty 4 from docs, lexer and security class. [#816](https://github.com/smarty-php/smarty/issues/816)
- Support umask when writing (template) files and set dir permissions to 777 [#548](https://github.com/smarty-php/smarty/issues/548) [#819](https://github.com/smarty-php/smarty/issues/819)
### Fixed
- Output buffer is now cleaned for internal PHP errors as well, not just for Exceptions [#514](https://github.com/smarty-php/smarty/issues/514)
- Fixed recursion and out of memory errors when caching in complicated template set-ups using inheritance and includes [#801](https://github.com/smarty-php/smarty/pull/801)
- Fixed PHP8.1 deprecation errors in strip_tags
- Fix Variable Usage in Exception message when unable to load subtemplate [#808](https://github.com/smarty-php/smarty/pull/808)
- Fixed PHP8.1 deprecation notices for strftime [#672](https://github.com/smarty-php/smarty/issues/672)
- Fixed PHP8.1 deprecation errors passing null to parameter in trim [#807](https://github.com/smarty-php/smarty/pull/807)
- Adapt Smarty upper/lower functions to be codesafe (e.g. for Turkish locale) [#586](https://github.com/smarty-php/smarty/pull/586)
- Bug fix for underscore and limited length in template name in custom resources [#581](https://github.com/smarty-php/smarty/pull/581)
## [4.2.1] - 2022-09-14
### Security
- Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks [#454](https://github.com/smarty-php/smarty/issues/454)
### Fixed
- Fixed PHP8.1 deprecation notices in modifiers (upper, explode, number_format and replace) [#755](https://github.com/smarty-php/smarty/pull/755) and [#788](https://github.com/smarty-php/smarty/pull/788)
- Fixed PHP8.1 deprecation notices in capitalize modifier [#789](https://github.com/smarty-php/smarty/issues/789)
- Fixed use of `rand()` without a parameter in math function [#794](https://github.com/smarty-php/smarty/issues/794)
- Fixed unselected year/month/day not working in html_select_date [#395](https://github.com/smarty-php/smarty/issues/395)
## [4.2.0] - 2022-08-01
### Fixed
- Fixed problems with smarty_mb_str_replace [#549](https://github.com/smarty-php/smarty/issues/549)
- Fixed second parameter of unescape modifier not working [#777](https://github.com/smarty-php/smarty/issues/777)
### Changed
- Updated HTML of the debug template [#599](https://github.com/smarty-php/smarty/pull/599)
## [4.1.1] - 2022-05-17
### Security
- Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022-29221
### Fixed
- Exclude docs and demo from export and composer [#751](https://github.com/smarty-php/smarty/pull/751)
- PHP 8.1 deprecation notices in demo/plugins/cacheresource.pdo.php [#706](https://github.com/smarty-php/smarty/issues/706)
- PHP 8.1 deprecation notices in truncate modifier [#699](https://github.com/smarty-php/smarty/issues/699)
- Math equation `max(x, y)` didn't work anymore [#721](https://github.com/smarty-php/smarty/issues/721)
- Fix PHP 8.1 deprecated warning when calling rtrim [#743](https://github.com/smarty-php/smarty/pull/743)
- PHP 8.1: fix deprecation in escape modifier [#727](https://github.com/smarty-php/smarty/pull/727)
## [4.1.0] - 2022-02-06

2
README.md
View File

@@ -7,7 +7,7 @@ Smarty is a template engine for PHP, facilitating the separation of presentation
Read the [documentation](https://smarty-php.github.io/smarty/) to find out how to use it.
## Requirements
Smarty can be run with PHP 7.1 to PHP 8.1.
Smarty can be run with PHP 7.1 to PHP 8.2.
## Installation
Smarty versions 3.1.11 or later can be installed with [Composer](https://getcomposer.org/).

2
SECURITY.md
View File

@@ -2,7 +2,7 @@
## Supported Versions
Smarty currently supports the latest minor version of Smarty 3 and Smarty 4. (Smarty 4 has not been released yet.)
Smarty currently supports the latest minor version of Smarty 3 and Smarty 4.
| Version | Supported |
| ------- | ------------------ |

45
docker-compose.yml Normal file
View File

@@ -0,0 +1,45 @@
version: "2"
services:
base:
build:
context: .
dockerfile: ./utilities/testrunners/php71/Dockerfile
volumes:
- .:/app
working_dir: /app
entrypoint: sh ./run-tests.sh
php71:
extends:
service: base
build:
dockerfile: ./utilities/testrunners/php71/Dockerfile
php72:
extends:
service: base
build:
dockerfile: ./utilities/testrunners/php72/Dockerfile
php73:
extends:
service: base
build:
dockerfile: ./utilities/testrunners/php73/Dockerfile
php74:
extends:
service: base
build:
dockerfile: ./utilities/testrunners/php74/Dockerfile
php80:
extends:
service: base
build:
dockerfile: ./utilities/testrunners/php80/Dockerfile
php81:
extends:
service: base
build:
dockerfile: ./utilities/testrunners/php81/Dockerfile
php82:
extends:
service: base
build:
dockerfile: ./utilities/testrunners/php82/Dockerfile

67
docs/appendixes/tips.md
View File

@@ -188,67 +188,6 @@ See also [`{html_select_date}`](#language.function.html.select.date),
[`date_format`](#language.modifier.date.format) and
[`$smarty.now`](#language.variables.smarty.now),
WAP/WML {#tips.wap}
=======
WAP/WML templates require a php [Content-Type
header](&url.php-manual;header) to be passed along with the template.
The easist way to do this would be to write a custom function that
prints the header. If you are using [caching](#caching), that won\'t
work so we\'ll do it using the [`{insert}`](#language.function.insert)
tag; remember `{insert}` tags are not cached! Be sure that there is
nothing output to the browser before the template, or else the header
may fail.
<?php
// be sure apache is configure for the .wml extensions!
// put this function somewhere in your application, or in Smarty.addons.php
function insert_header($params)
{
// this function expects $content argument
if (empty($params['content'])) {
return;
}
header($params['content']);
return;
}
?>
your Smarty template *must* begin with the insert tag :
{insert name=header content="Content-Type: text/vnd.wap.wml"}
<?xml version="1.0"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml">
<!-- begin new wml deck -->
<wml>
<!-- begin first card -->
<card>
<do type="accept">
<go href="#two"/>
</do>
<p>
Welcome to WAP with Smarty!
Press OK to continue...
</p>
</card>
<!-- begin second card -->
<card id="two">
<p>
Pretty easy isn't it?
</p>
</card>
</wml>
Componentized Templates {#tips.componentized.templates}
=======================
@@ -259,7 +198,7 @@ Smarty object, [`assign()`](#api.assign) the variables and
[`display()`](#api.display) the template. So lets say for example we
have a stock ticker on our template. We would collect the stock data in
our application, then assign these variables in the template and display
it. Now wouldn\'t it be nice if you could add this stock ticker to any
it. Now wouldn't it be nice if you could add this stock ticker to any
application by merely including the template, and not worry about
fetching the data up front?
@@ -301,9 +240,7 @@ assigning it to a template variable.
See also [`{include_php}`](#language.function.include.php),
[`{include}`](#language.function.include) and
[`{php}`](#language.function.php).
See also: [`{include}`](#language.function.include).
Obfuscating E-mail Addresses {#tips.obfuscating.email}
============================

2
docs/appendixes/troubleshooting.md
View File

@@ -109,7 +109,7 @@ the corresponding error is in the template.
- This means that your application registered a custom error hander
- This means that your application registered a custom error handler
(using [set\_error\_handler()](&url.php-manual;set_error_handler))
which is not respecting the given `$errno` as it should. If, for
whatever reason, this is the desired behaviour of your custom error

2
docs/designers/language-basic-syntax/language-syntax-attributes.md
View File

@@ -3,7 +3,7 @@ Attributes {#language.syntax.attributes}
Most of the [functions](#language.syntax.functions) take attributes that
specify or modify their behavior. Attributes to Smarty functions are
much like HTML attributes. Static values don\'t have to be enclosed in
much like HTML attributes. Static values don't have to be enclosed in
quotes, but it is required for literal strings. Variables with or
without modifiers may also be used, and should not be in quotes. You can
even use PHP function results, plugin results and complex expressions.

1
docs/designers/language-builtin-functions.md
View File

@@ -16,7 +16,6 @@ Built-in Functions {#language.builtin.functions}
- [{function}](./language-builtin-functions/language-function-function.md)
- [{if},{elseif},{else}](./language-builtin-functions/language-function-if.md)
- [{include}](./language-builtin-functions/language-function-include.md)
- [{include_php}](./language-builtin-functions/language-function-include.php)
- [{insert}](./language-builtin-functions/language-function-insert.md)
- [{ldelim},{rdelim}](./language-builtin-functions/language-function-ldelim.md)
- [{literal}](./language-builtin-functions/language-function-literal.md)

1
docs/designers/language-builtin-functions/language-function-assign.md
View File

@@ -135,7 +135,6 @@ The following functions can also *optionally* assign template variables.
[`{capture}`](#language.function.capture),
[`{include}`](#language.function.include),
[`{include_php}`](#language.function.include.php),
[`{insert}`](#language.function.insert),
[`{counter}`](#language.function.counter),
[`{cycle}`](#language.function.cycle),

6
docs/designers/language-builtin-functions/language-function-block.md
View File

@@ -3,14 +3,14 @@
`{block}` is used to define a named area of template source for template
inheritance. For details see section of [Template
Interitance](#advanced.features.template.inheritance).
Inheritance](#advanced.features.template.inheritance).
The `{block}` template source area of a child template will replace the
correponding areas in the parent template(s).
corresponding areas in the parent template(s).
Optionally `{block}` areas of child and parent templates can be merged
into each other. You can append or prepend the parent `{block}` content
by using the `append` or `prepend` option flag with the childs `{block}`
by using the `append` or `prepend` option flag with the child's `{block}`
definition. With the {\$smarty.block.parent} the `{block}` content of
the parent template can be inserted at any location of the child
`{block}` content. {\$smarty.block.child} inserts the `{block}` content

4
docs/designers/language-builtin-functions/language-function-extends.md
View File

@@ -3,7 +3,7 @@
`{extends}` tags are used in child templates in template inheritance for
extending parent templates. For details see section of [Template
Interitance](#advanced.features.template.inheritance).
Inheritance](#advanced.features.template.inheritance).
- The `{extends}` tag must be on the first line of the template.
@@ -33,5 +33,5 @@ Interitance](#advanced.features.template.inheritance).
See also [Template Interitance](#advanced.features.template.inheritance)
See also [Template Inheritance](#advanced.features.template.inheritance)
and [`{block}`](#language.function.block).

2
docs/designers/language-builtin-functions/language-function-for.md
View File

@@ -2,7 +2,7 @@
=====
The `{for}{forelse}` tag is used to create simple loops. The following
different formarts are supported:
different formats are supported:
- `{for $var=$start to $end}` simple loop with step size of 1.

74
docs/designers/language-builtin-functions/language-function-include-php.md
View File

@@ -1,74 +0,0 @@
{include\_php} {#language.function.include.php}
==============
> **Note**
>
> `{include_php}` is deprecated from Smarty, use registered plugins to
> properly insulate presentation from the application code. As of Smarty
> 3.1 the `{include_php}` tags are only available from [SmartyBC](#bc).
Attribute Name Type Required Default Description
---------------- --------- ---------- --------- ----------------------------------------------------------------------------------
file string Yes *n/a* The name of the php file to include as absolute path
once boolean No *TRUE* whether or not to include the php file more than once if included multiple times
assign string No *n/a* The name of the variable that the output of include\_php will be assigned to
**Option Flags:**
Name Description
--------- ----------------------------------------
nocache Disables caching of inluded PHP script
`{include_php}` tags are used to include a php script in your template.
The path of the attribute `file` can be either absolute, or relative to
[`$trusted_dir`](#variable.trusted.dir). If security is enabled, then
the script must be located in the `$trusted_dir` path of the securty
policy. See the [Security](#advanced.features.security) section for
details.
By default, php files are only included once even if called multiple
times in the template. You can specify that it should be included every
time with the `once` attribute. Setting once to FALSE will include the
php script each time it is included in the template.
You can optionally pass the `assign` attribute, which will specify a
template variable name that the output of `{include_php}` will be
assigned to instead of displayed.
The smarty object is available as `$_smarty_tpl->smarty` within the PHP
script that you include.
The `load_nav.php` file:
<?php
// load in variables from a mysql db and assign them to the template
require_once('database.class.php');
$db = new Db();
$db->query('select url, name from navigation order by name');
$this->assign('navigation', $db->getRows());
?>
where the template is:
{* absolute path, or relative to $trusted_dir *}
{include_php file='/path/to/load_nav.php'}
{include_php '/path/to/load_nav.php'} {* short-hand *}
{foreach item='nav' from=$navigation}
<a href="{$nav.url}">{$nav.name}</a><br />
{/foreach}
See also [`{include}`](#language.function.include),
[`$trusted_dir`](#variable.trusted.dir),
[`{php}`](#language.function.php),
[`{capture}`](#language.function.capture), [template
resources](#resources) and [componentized
templates](#tips.componentized.templates)

6
docs/designers/language-builtin-functions/language-function-include.md
View File

@@ -131,7 +131,7 @@ cache lifetime of 500 seconds.
In this example included template will be cached independent of the
global cahing setting.
global caching setting.
{include 'sub_template.tpl' caching}
@@ -188,7 +188,5 @@ current template.
See also [`{include_php}`](#language.function.include.php),
[`{insert}`](#language.function.insert),
[`{php}`](#language.function.php), [template resources](#resources) and
See also [`{insert}`](#language.function.insert), [template resources](#resources) and
[componentized templates](#tips.componentized.templates).

2
docs/designers/language-builtin-functions/language-function-insert.md
View File

@@ -65,7 +65,7 @@ and display the returned results in place of the {insert} tag.
The path can be either absolute, or relative to
[`$trusted_dir`](#variable.trusted.dir). If security is enabled,
then the script must be located in the `$trusted_dir` path of the
securty policy. See the [Security](#advanced.features.security)
security policy. See the [Security](#advanced.features.security)
section for details.
The Smarty object is passed as the second argument. This way you can

4
docs/designers/language-builtin-functions/language-function-section.md
View File

@@ -251,8 +251,8 @@ The above example will output:
{section}\'s can be nested as deep as you like. With nested
{section}\'s, you can access complex data structures, such as
multi-dimensional arrays. This is an example `.php` script thats
assign\'s the arrays.
multi-dimensional arrays. This is an example `.php` script that
assigns the arrays.
<?php

2
docs/designers/language-builtin-functions/language-function-setfilter.md
View File

@@ -10,7 +10,7 @@ The filter can be:
- A variable filter plugin specified by it\'s name.
- A modidier specified by it\'s name and optional additional
- A modifier specified by it\'s name and optional additional
parameter.
`{setfilter}...{/setfilter}` blocks can be nested. The filter definition

2
docs/designers/language-custom-functions/language-function-fetch.md
View File

@@ -22,7 +22,7 @@ ftp and display the contents.
>
> If security is enabled and you are fetching a file from the local
> file system, `{fetch}` will only allow files from within the
> `$secure_dir` path of the securty policy. See the
> `$secure_dir` path of the security policy. See the
> [Security](#advanced.features.security) section for details.
- If the `assign` attribute is set, the output of the `{fetch}`

2
docs/designers/language-custom-functions/language-function-html-image.md
View File

@@ -19,7 +19,7 @@ automatically calculated from the image file if they are not supplied.
from. If not given, the web server\'s document root
`$_ENV['DOCUMENT_ROOT']` is used as the base. If security is
enabled, then the image must be located in the `$secure_dir` path of
the securty policy. See the [Security](#advanced.features.security)
the security policy. See the [Security](#advanced.features.security)
section for details.
- `href` is the href value to link the image to. If link is supplied,

2
docs/designers/language-modifiers.md
View File

@@ -115,7 +115,7 @@ These parameters follow the modifier name and are separated by a `:`
- Secondly - if security is enabled, all php-functions that are to
be used as modifiers have to be declared trusted in the
`$modifiers` property of the securty policy. See the
`$modifiers` property of the security policy. See the
[Security](../programmers/advanced-features/advanced-features-security.md) section for details.
See also [`registerPlugin()`](../programmers/api-functions/api-register-plugin.md), [combining

2
docs/designers/language-modifiers/language-modifier-from-charset.md
View File

@@ -15,5 +15,5 @@ modifier](#language.modifier.to_charset).
> modifier should only be used in cases where the application cannot
> anticipate that a certain string is required in another encoding.
See also [Charset Enconding](#charset), [from\_charset
See also [Charset Encoding](#charset), [from\_charset
modifier](#language.modifier.from_charset).

2
docs/designers/language-modifiers/language-modifier-to-charset.md
View File

@@ -15,5 +15,5 @@ modifier](#language.modifier.from_charset).
> modifier should only be used in cases where the application cannot
> anticipate that a certain string is required in another encoding.
See also [Charset Enconding](#charset), [from\_charset
See also [Charset Encoding](#charset), [from\_charset
modifier](#language.modifier.from_charset).

4
docs/designers/language-variables/language-variables-smarty.md
View File

@@ -157,13 +157,13 @@ Returns the version of Smarty the template was compiled with.
----------------------
Returns block text from child template. See [Template
interitance](#advanced.features.template.inheritance).
inheritance](#advanced.features.template.inheritance).
{\$smarty.block.parent} {#language.variables.smarty.block.parent}
-----------------------
Returns block text from parent template. See [Template
interitance](#advanced.features.template.inheritance)
inheritance](#advanced.features.template.inheritance)
{\$smarty.ldelim}, {\$smarty.rdelim} {#language.variables.smarty.ldelim}
------------------------------------

2
docs/getting-started.md
View File

@@ -2,7 +2,7 @@ What is Smarty?
==============
## Requirements
Smarty can be run with PHP 7.1 to PHP 8.1.
Smarty can be run with PHP 7.1 to PHP 8.2.
## Installation
Smarty versions 3.1.11 or later can be installed with [Composer](https://getcomposer.org/).

2
docs/programmers/advanced-features/advanced-features-objects.md
View File

@@ -29,7 +29,7 @@ determined by your needs, but use the first method whenever possible to
keep template syntax to a minimum.
If security is enabled, no private methods or functions can be accessed
(beginningwith \'\_\'). If a method and property of the same name exist,
(beginning with \'\_\'). If a method and property of the same name exist,
the method will be used.
You can restrict the methods and properties that can be accessed by

36
docs/programmers/advanced-features/advanced-features-security.md
View File

@@ -2,36 +2,20 @@ Security {#advanced.features.security}
========
Security is good for situations when you have untrusted parties editing
the templates eg via ftp, and you want to reduce the risk of system
the templates e.g. via ftp, and you want to reduce the risk of system
security compromises through the template language.
The settings of the security policy are defined by properties of an
instance of the Smarty\_Security class. These are the possible settings:
- `$php_handling` determines how Smarty to handle PHP code embedded in
templates. Possible values are:
- Smarty::PHP\_PASSTHRU -\> echo PHP tags as they are
- Smarty::PHP\_QUOTE -\> escape tags as entities
- Smarty::PHP\_REMOVE -\> remove php tags
- Smarty::PHP\_ALLOW -\> execute php tags
The default value is Smarty::PHP\_PASSTHRU.
If security is enabled the [`$php_handling`](#variable.php.handling)
setting of the Smarty object is not checked for security.
- `$secure_dir` is an array of template directories that are
considered secure. [`$template_dir`](#variable.template.dir)
concidered secure implicitly. The default is an empty array.
considered secure implicitly. The default is an empty array.
- `$trusted_dir` is an array of all directories that are considered
trusted. Trusted directories are where you keep php scripts that are
executed directly from the templates with
[`{include_php}`](#language.function.include.php). The default is an
[`{insert}`](#language.function.insert.php). The default is an
empty array.
- `$trusted_uri` is an array of regular expressions matching URIs that
@@ -43,7 +27,7 @@ instance of the Smarty\_Security class. These are the possible settings:
like authentication-tokens).
The expression `'#https?://.*smarty.net$#i'` would allow accessing
the follwing URIs:
the following URIs:
- `http://smarty.net/foo`
@@ -110,12 +94,8 @@ instance of the Smarty\_Security class. These are the possible settings:
super globals can be accessed by the template. The default is
\"true\".
- `$allow_php_tag` is a boolean flag which controls if {php} and
{include\_php} tags can be used by the template. The default is
\"false\".
If security is enabled, no private methods, functions or properties of
static classes or assigned objects can be accessed (beginningwith
static classes or assigned objects can be accessed (beginning with
\'\_\') by the template.
To customize the security policy settings you can extend the
@@ -128,8 +108,6 @@ Smarty\_Security class or create an instance of it.
class My_Security_Policy extends Smarty_Security {
// disable all PHP functions
public $php_functions = null;
// remove PHP tags
public $php_handling = Smarty::PHP_REMOVE;
// allow everthing as modifier
public $php_modifiers = array();
}
@@ -145,8 +123,6 @@ Smarty\_Security class or create an instance of it.
$my_security_policy = new Smarty_Security($smarty);
// disable all PHP functions
$my_security_policy->php_functions = null;
// remove PHP tags
$my_security_policy->php_handling = Smarty::PHP_REMOVE;
// allow everthing as modifier
$my_security_policy->php_modifiers = array();
// enable security
@@ -164,5 +140,5 @@ Smarty\_Security class or create an instance of it.
> **Note**
>
> Most security policy settings are only checked when the template gets
> compiled. For that reasion you should delete all cached and compiled
> compiled. For that reason you should delete all cached and compiled
> template files when you change your security settings.

2
docs/programmers/advanced-features/advanced-features-template-inheritance.md
View File

@@ -33,7 +33,7 @@ can override all or some of the parent named block areas.
you can define the whole template inheritance tree in the PHP script
when you are calling [`fetch()`](#api.fetch) or
[`display()`](#api.display) with the `extends:` template resource
type. The later provides even more flexibillity.
type. The later provides even more flexibility.
> **Note**
>

2
docs/programmers/advanced-features/advanced-features-template-settings.md
View File

@@ -8,7 +8,7 @@ Modifications done to the Smarty object will be global for all
templates.
However the Smarty class variables and functions can be accessed or
called by induvidual template objects. Modification done to a template
called by individual template objects. Modification done to a template
object will apply only for that template and its included subtemplates.

2
docs/programmers/api-functions/api-create-data.md
View File

@@ -26,7 +26,7 @@ the following parameters:
variables assigned to any of the objects in it\'s parent chain.
Data objects are used to create scopes for assigned variables. They can
be used to have controll which variables are seen by which templates.
be used to control which variables are seen by which templates.
<?php

2
docs/programmers/api-functions/api-disable-security.md
View File

@@ -9,7 +9,7 @@ string
disableSecurity
This disables securty checking on templates.
This disables security checking on templates.
See also [`enableSecurity()`](#api.enable.security), and
[Security](#advanced.features.security).

2
docs/programmers/api-functions/api-enable-security.md
View File

@@ -25,7 +25,7 @@ string
enableSecurity
This enables securty checking on templates. It uses the following
This enables security checking on templates. It uses the following
parameters:
- `securityclass` is an optional parameter. It\'s the name of the

2
docs/programmers/api-functions/api-mute-expected-errors.md
View File

@@ -16,6 +16,6 @@ given error was produced deliberately and must be ignored, or should be
passed on to the next error handler.
`Smarty::unmuteExpectedErrors()` removes the current error handler.
Please note, that if you\'ve registerd any custom error handlers after
Please note, that if you\'ve registered any custom error handlers after
the muteExpectedErrors() call, the unmute will not remove Smarty\'s
muting error handler, but the one registered last.

2
docs/programmers/api-functions/api-register-default-plugin-handler.md
View File

@@ -18,7 +18,7 @@ not find a definition for a tag otherwise. It uses the following
parameters:
If during compilation Smarty encounters tag which is not defined
internal, registered or loacted in the plugins folder it tries to
internal, registered or located in the plugins folder it tries to
resolve it by calling the registered default plugin handler. The handler
may be called several times for same undefined tag looping over valid
plugin types.

2
docs/programmers/api-functions/api-test-install.md
View File

@@ -10,7 +10,7 @@ void
testInstall
This function verifies that all required working folders of the Smarty
installation can be accessed. It does output a corresponding protocoll.
installation can be accessed. It does output a corresponding protocol.
<?php

1
docs/programmers/api-variables.md
View File

@@ -39,7 +39,6 @@ them directly, or use the corresponding setter/getter methods.
- [$left_delimiter](./api-variables/variable-left-delimiter.md)
- [$locking_timeout](./api-variables/variable-locking-timeout.md)
- [$merge_compiled_includes](./api-variables/variable-merge-compiled-includes.md)
- [$php_handling](./api-variables/variable-php-handling.md)
- [$plugins_dir](./api-variables/variable-plugins-dir.md)
- [$right_delimiter](./api-variables/variable-right-delimiter.md)
- [$smarty_debug_id](./api-variables/variable-smarty-debug-id.md)

4
docs/programmers/api-variables/variable-compile-id.md
View File

@@ -1,7 +1,7 @@
\$compile\_id {#variable.compile.id}
=============
Persistant compile identifier. As an alternative to passing the same
Persistent compile identifier. As an alternative to passing the same
`$compile_id` to each and every function call, you can set this
`$compile_id` and it will be used implicitly thereafter.
@@ -10,7 +10,7 @@ post-filters](#plugins.prefilters.postfilters) you must use a unique
`$compile_id` to keep the compiled template files separated.
For example a [prefilter](#plugins.prefilters.postfilters) that
localizes your templates (that is: translates language dependend parts)
localizes your templates (that is: translates language dependent parts)
at compile time, then you could use the current language as
`$compile_id` and you will get a set of compiled templates for each
language you use.

2
docs/programmers/api-variables/variable-escape-html.md
View File

@@ -3,7 +3,7 @@
Setting `$escape_html` to TRUE will escape all template variable output
by wrapping it in
`htmlspecialchars({$output}, ENT_QUOTES, SMARTY_RESOURCE_CHAR_SET);`,
`htmlspecialchars({$output}, ENT_QUOTES, $char_set);`,
which is the same as `{$variable|escape:"html"}`.
Template designers can choose to selectively disable this feature by

2
docs/programmers/api-variables/variable-locking-timeout.md
View File

@@ -2,6 +2,6 @@
==================
This is maximum time in seconds a cache lock is valid to avoid dead
locks. The deafult value is 10 seconds.
locks. The default value is 10 seconds.
See also [`$cache_locking`](#variable.cache.locking)

21
docs/programmers/api-variables/variable-php-handling.md
View File

@@ -1,21 +0,0 @@
\$php\_handling {#variable.php.handling}
===============
This tells Smarty how to handle PHP code embedded in the templates.
There are four possible settings, the default being
`Smarty::PHP_PASSTHRU`. Note that this does NOT affect php code within
[`{php}{/php}`](#language.function.php) tags in the template.
- `Smarty::PHP_PASSTHRU` - Smarty echos tags as-is.
- `Smarty::PHP_QUOTE` - Smarty quotes the tags as html entities.
- `Smarty::PHP_REMOVE` - Smarty removes the tags from the templates.
- `Smarty::PHP_ALLOW` - Smarty will execute the tags as PHP code.
> **Note**
>
> Embedding PHP code into templates is highly discouraged. Use [custom
> functions](#plugins.functions) or [modifiers](#plugins.modifiers)
> instead.

2
docs/programmers/api-variables/variable-trusted-dir.md
View File

@@ -5,4 +5,4 @@
array of all directories that are considered trusted. Trusted
directories are where you keep php scripts that are executed directly
from the templates with
[`{include_php}`](#language.function.include.php).
[`{insert}`](#language.function.insert.php).

2
docs/programmers/api-variables/variable-use-sub-dirs.md
View File

@@ -10,7 +10,7 @@ environments do not allow PHP processes to create directories, so this
must be disabled which is the default.
Sub directories are more efficient, so use them if you can.
Theoretically you get much better perfomance on a filesystem with 10
Theoretically you get much better performance on a filesystem with 10
directories each having 100 files, than with 1 directory having 1000
files. This was certainly the case with Solaris 7 (UFS)\... with newer
filesystems such as ext3 and especially reiserfs, the difference is

4
docs/programmers/caching/caching-groups.md
View File

@@ -25,10 +25,10 @@ like.
- You CANNOT remove a specified template name under multiple cache
groups such as `'/a/b/*/foo.tpl'`, the cache grouping works
left-to-right ONLY. You will need to group your templates under a
single cache group heirarchy to be able to clear them as a group.
single cache group hierarchy to be able to clear them as a group.
Cache grouping should not be confused with your template directory
heirarchy, the cache grouping has no knowledge of how your templates are
hierarchy, the cache grouping has no knowledge of how your templates are
structured. So for example, if you have a template structure like
`themes/blue/index.tpl` and you want to be able to clear all the cache
files for the "blue" theme, you will need to create a cache group

13
docs/programmers/charset.md
View File

@@ -5,17 +5,17 @@ Charset Encoding {#charset.encoding}
================
There are a variety of encodings for textual data, ISO-8859-1 (Latin1)
and UTF-8 being the most popular. Unless specified otherwise with the
`SMARTY_RESOURCE_CHAR_SET` constant, Smarty recognizes `UTF-8` as the
internal charset if [Multibyte String](https://www.php.net/mbstring) is
available, `ISO-8859-1` if not.
and UTF-8 being the most popular. Unless you change `Smarty::$_CHARSET`,
Smarty recognizes `UTF-8` as the internal charset if
[Multibyte String](https://www.php.net/mbstring) is available,
`ISO-8859-1` if not.
> **Note**
>
> `ISO-8859-1` has been PHP\'s default internal charset since the
> beginning. Unicode has been evolving since 1991. Since then it has
> become the one charset to conquer them all, as it is capable of
> encoding most of the known characters even accross different character
> encoding most of the known characters even across different character
> systems (latin, cyrillic, japanese, ...). `UTF-8` is unicode\'s most
> used encoding, as it allows referencing the thousands of character
> with the smallest size overhead possible.
@@ -36,8 +36,9 @@ available, `ISO-8859-1` if not.
if (function_exists('mb_internal_charset')) {
mb_internal_charset('EUC-JP');
}
define('SMARTY_RESOURCE_CHAR_SET', 'EUC-JP');
require_once 'libs/Smarty.class.php';
Smarty::$_CHARSET = 'EUC-JP';
$smarty = new Smarty();

6
docs/programmers/resources/resources-extends.md
View File

@@ -3,20 +3,20 @@ Extends Template Resources {#resources.extends}
The `extends:` resource is used to define child/parent relationships for
template inheritance from the PHP script. For details see section of
[Template Interitance](#advanced.features.template.inheritance).
[Template Inheritance](#advanced.features.template.inheritance).
As of Smarty 3.1 the `extends:` resource may use any available [template
resource](#resources), including `string:` and `eval:`. When [templates
from strings](#resources.string) are used, make sure they are properly
(url or base64) encoded. Is an `eval:` resource found within an
inheritance chain, its \"don\'t save a compile file\" property is
superseeded by the `extends:` resource. The templates within an
superseded by the `extends:` resource. The templates within an
inheritance chain are not compiled separately, though. Only a single
compiled template will be generated.
> **Note**
>
> Use this when inheritance is required programatically. When inheriting
> Use this when inheritance is required programmatically. When inheriting
> within PHP, it is not obvious from the child template what inheritance
> took place. If you have a choice, it is normally more flexible and
> intuitive to handle inheritance chains from within the templates.

2
docs/programmers/resources/resources-file.md
View File

@@ -47,7 +47,7 @@ Templates from a specific \$template\_dir {#templates.from.specified.template.di
Smarty 3.1 introduced the bracket-syntax for specifying an element from
[`$template_dir`](#variable.template.dir). This allows websites
employing multiple sets of templates better control over which template
to acces.
to access.
The bracket-syntax can be used from anywhere you can specify the `file:`
resource type.

3
docs/programmers/smarty-constants.md
View File

@@ -23,5 +23,4 @@ to determine the appropriate value automatically. If defined, the path
See also [`$smarty.const`](../designers/language-variables/language-variables-smarty.md) and
[`$php_handling constants`](./api-variables/variable-php-handling.md)
See also [`$smarty.const`](../designers/language-variables/language-variables-smarty.md).

1
lexer/smarty_internal_templatelexer.plex
View File

@@ -161,7 +161,6 @@ class Smarty_Internal_Templatelexer
'COMMENT' => 'comment',
'AS' => 'as',
'TO' => 'to',
'PHP' => '"<?php", "<%", "{php}" tag',
'LOGOP' => '"<", "==" ... logical operator',
'TLOGOP' => '"lt", "eq" ... logical operator; "is div by" ... if condition',
'SCOND' => '"is even" ... if condition',

9
libs/Autoloader.php
View File

@@ -5,6 +5,11 @@
* @package Smarty
*/
if (!defined('SMARTY_HELPER_FUNCTIONS_LOADED')) {
include __DIR__ . '/functions.php';
}
/**
* Smarty Autoloader
*
@@ -73,7 +78,7 @@ class Smarty_Autoloader
*/
public static function register($prepend = false)
{
self::$SMARTY_DIR = defined('SMARTY_DIR') ? SMARTY_DIR : dirname(__FILE__) . DIRECTORY_SEPARATOR;
self::$SMARTY_DIR = defined('SMARTY_DIR') ? SMARTY_DIR : __DIR__ . DIRECTORY_SEPARATOR;
self::$SMARTY_SYSPLUGINS_DIR = defined('SMARTY_SYSPLUGINS_DIR') ? SMARTY_SYSPLUGINS_DIR :
self::$SMARTY_DIR . 'sysplugins' . DIRECTORY_SEPARATOR;
spl_autoload_register(array(__CLASS__, 'autoload'), true, $prepend);
@@ -89,7 +94,7 @@ class Smarty_Autoloader
if ($class[ 0 ] !== 'S' || strpos($class, 'Smarty') !== 0) {
return;
}
$_class = strtolower($class);
$_class = smarty_strtolower_ascii($class);
if (isset(self::$rootClasses[ $_class ])) {
$file = self::$SMARTY_DIR . self::$rootClasses[ $_class ];
if (is_file($file)) {

26
libs/Smarty.class.php
View File

@@ -36,7 +36,7 @@ if (!defined('SMARTY_DIR')) {
/**
*
*/
define('SMARTY_DIR', dirname(__FILE__) . DIRECTORY_SEPARATOR);
define('SMARTY_DIR', __DIR__ . DIRECTORY_SEPARATOR);
}
/**
* set SMARTY_SYSPLUGINS_DIR to absolute path to Smarty internal plugins.
@@ -60,12 +60,21 @@ if (!defined('SMARTY_MBSTRING')) {
*/
define('SMARTY_MBSTRING', function_exists('mb_get_info'));
}
/**
* Load helper functions
*/
if (!defined('SMARTY_HELPER_FUNCTIONS_LOADED')) {
include __DIR__ . '/functions.php';
}
/**
* Load Smarty_Autoloader
*/
if (!class_exists('Smarty_Autoloader')) {
include dirname(__FILE__) . '/bootstrap.php';
include __DIR__ . '/bootstrap.php';
}
/**
* Load always needed external class files
*/
@@ -98,7 +107,7 @@ class Smarty extends Smarty_Internal_TemplateBase
/**
* smarty version
*/
const SMARTY_VERSION = '4.1.0';
const SMARTY_VERSION = '4.3.0';
/**
* define variable scopes
*/
@@ -867,7 +876,7 @@ class Smarty extends Smarty_Internal_TemplateBase
$this->plugins_dir = (array)$this->plugins_dir;
}
foreach ($this->plugins_dir as $k => $v) {
$this->plugins_dir[ $k ] = $this->_realpath(rtrim($v, '/\\') . DIRECTORY_SEPARATOR, true);
$this->plugins_dir[ $k ] = $this->_realpath(rtrim($v ?? '', '/\\') . DIRECTORY_SEPARATOR, true);
}
$this->_cache[ 'plugin_files' ] = array();
$this->_pluginsDirNormalized = true;
@@ -1345,7 +1354,7 @@ class Smarty extends Smarty_Internal_TemplateBase
*/
private function _normalizeDir($dirName, $dir)
{
$this->{$dirName} = $this->_realpath(rtrim($dir, "/\\") . DIRECTORY_SEPARATOR, true);
$this->{$dirName} = $this->_realpath(rtrim($dir ?? '', "/\\") . DIRECTORY_SEPARATOR, true);
}
/**
@@ -1367,7 +1376,7 @@ class Smarty extends Smarty_Internal_TemplateBase
}
foreach ($dir as $k => $v) {
if (!isset($processed[ $k ])) {
$dir[ $k ] = $v = $this->_realpath(rtrim($v, "/\\") . DIRECTORY_SEPARATOR, true);
$dir[ $k ] = $v = $this->_realpath(rtrim($v ?? '', "/\\") . DIRECTORY_SEPARATOR, true);
$processed[ $k ] = true;
}
}
@@ -1377,8 +1386,7 @@ class Smarty extends Smarty_Internal_TemplateBase
}
/**
* Activates PHP7 compatibility mode:
* - converts E_WARNINGS for "undefined array key" and "trying to read property of null" errors to E_NOTICE
* Mutes errors for "undefined index", "undefined array key" and "trying to read property of null".
*
* @void
*/
@@ -1387,7 +1395,7 @@ class Smarty extends Smarty_Internal_TemplateBase
}
/**
* Indicates if PHP7 compatibility mode is set.
* Indicates if Smarty will mute errors for "undefined index", "undefined array key" and "trying to read property of null".
* @bool
*/
public function isMutingUndefinedOrNullWarnings(): bool {

2
libs/bootstrap.php
View File

@@ -11,6 +11,6 @@
* Load and register Smarty Autoloader
*/
if (!class_exists('Smarty_Autoloader')) {
include dirname(__FILE__) . '/Autoloader.php';
include __DIR__ . '/Autoloader.php';
}
Smarty_Autoloader::register(true);

53
libs/debug.tpl
View File

@@ -1,9 +1,9 @@
{capture name='_smarty_debug' assign=debug_output}
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<!DOCTYPE html>
<html lang="en">
<head>
<title>Smarty Debug Console</title>
<style type="text/css">
<style>
{literal}
body, h1, h2, h3, td, th, p {
font-family: sans-serif;
@@ -31,6 +31,7 @@
padding: 2px;
border-top: 1px solid black;
}
h3 {
text-align: left;
font-weight: bold;
@@ -67,11 +68,11 @@
color: green;
}
.odd {
tr:nth-child(odd) {
background-color: #eeeeee;
}
.even {
tr:nth-child(even) {
background-color: #fafafa;
}
@@ -84,13 +85,16 @@
color: black;
font-weight: bold;
}
#blue h3 {
color: blue;
}
#normal div {
color: black;
font-weight: normal;
}
#table_assigned_vars th {
color: blue;
font-weight: bold;
@@ -99,7 +103,6 @@
#table_config_vars th {
color: maroon;
}
{/literal}
</style>
</head>
@@ -112,11 +115,11 @@
<h2>included templates &amp; config files (load time in seconds)</h2>
<div>
{foreach $template_data as $template}
<font color=brown>{$template.name}</font>
<br />&nbsp;&nbsp;<span class="exectime">
<span style="color: brown;">{$template.name}</span>
<br>&nbsp;&nbsp;<span class="exectime">
(compile {$template['compile_time']|string_format:"%.5f"}) (render {$template['render_time']|string_format:"%.5f"}) (cache {$template['cache_time']|string_format:"%.5f"})
</span>
<br />
<br>
{/foreach}
</div>
{/if}
@@ -125,13 +128,22 @@
<table id="table_assigned_vars">
{foreach $assigned_vars as $vars}
<tr class="{if $vars@iteration % 2 eq 0}odd{else}even{/if}">
<td><h3><font color=blue>${$vars@key}</font></h3>
{if isset($vars['nocache'])}<b>Nocache</b><br />{/if}
{if isset($vars['scope'])}<b>Origin:</b> {$vars['scope']|debug_print_var nofilter}{/if}
<tr>
<td>
<h3 style="color: blue;">${$vars@key}</h3>
{if isset($vars['nocache'])}<strong>Nocache</strong><br>{/if}
{if isset($vars['scope'])}<strong>Origin:</strong> {$vars['scope']|debug_print_var nofilter}{/if}
</td>
<td>
<h3>Value</h3>
{$vars['value']|debug_print_var:10:80 nofilter}
</td>
<td>
{if isset($vars['attributes'])}
<h3>Attributes</h3>
{$vars['attributes']|debug_print_var nofilter}
{/if}
</td>
<td><h3>Value</h3>{$vars['value']|debug_print_var:10:80 nofilter}</td>
<td>{if isset($vars['attributes'])}<h3>Attributes</h3>{$vars['attributes']|debug_print_var nofilter} {/if}</td>
{/foreach}
</table>
@@ -139,11 +151,14 @@
<table id="table_config_vars">
{foreach $config_vars as $vars}
<tr class="{if $vars@iteration % 2 eq 0}odd{else}even{/if}">
<td><h3><font color=blue>#{$vars@key}#</font></h3>
{if isset($vars['scope'])}<b>Origin:</b> {$vars['scope']|debug_print_var nofilter}{/if}
<tr>
<td>
<h3 style="color: blue;">#{$vars@key}#</h3>
{if isset($vars['scope'])}<strong>Origin:</strong> {$vars['scope']|debug_print_var nofilter}{/if}
</td>
<td>
{$vars['value']|debug_print_var:10:80 nofilter}
</td>
<td>{$vars['value']|debug_print_var:10:80 nofilter}</td>
</tr>
{/foreach}

51
libs/functions.php Normal file
View File

@@ -0,0 +1,51 @@
<?php
/**
* This file is part of the Smarty package.
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
/**
* Registers some helper/polyfill functions.
*/
const SMARTY_HELPER_FUNCTIONS_LOADED = true;
/**
* Converts the first characters in $string to uppercase (A-Z) if it is an ASCII lowercase character (a-z).
*
* May not be required when running PHP8.2+: https://wiki.php.net/rfc/strtolower-ascii
*
* @param $string
*
* @return string
*/
function smarty_ucfirst_ascii($string): string {
return smarty_strtoupper_ascii(substr($string, 0, 1)) . substr($string, 1);
}
/**
* Converts all uppercase ASCII characters (A-Z) in $string to lowercase (a-z).
*
* May not be required when running PHP8.2+: https://wiki.php.net/rfc/strtolower-ascii
*
* @param $string
*
* @return string
*/
function smarty_strtolower_ascii($string): string {
return strtr($string, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz');
}
/**
* Converts all lowercase ASCII characters (a-z) in $string to uppercase (A-Z).
*
* May not be required when running PHP8.2+: https://wiki.php.net/rfc/strtolower-ascii
*
* @param $string
*
* @return string
*/
function smarty_strtoupper_ascii($string): string {
return strtr($string, 'abcdefghijklmnopqrstuvwxyz', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ');
}

61
libs/plugins/function.html_select_date.php
View File

@@ -101,6 +101,7 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem
$field_separator = "\n";
$option_separator = "\n";
$time = null;
// $all_empty = null;
// $day_empty = null;
// $month_empty = null;
@@ -113,17 +114,7 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem
foreach ($params as $_key => $_value) {
switch ($_key) {
case 'time':
if (!is_array($_value) && $_value !== null) {
$template->_checkPlugins(
array(
array(
'function' => 'smarty_make_timestamp',
'file' => SMARTY_PLUGINS_DIR . 'shared.make_timestamp.php'
)
)
);
$time = smarty_make_timestamp($_value);
}
$$_key = $_value; // we'll handle conversion below
break;
case 'month_names':
if (is_array($_value) && count($_value) === 12) {
@@ -178,43 +169,59 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem
}
// Note: date() is faster than strftime()
// Note: explode(date()) is faster than date() date() date()
if (isset($params[ 'time' ]) && is_array($params[ 'time' ])) {
if (isset($params[ 'time' ][ $prefix . 'Year' ])) {
if (isset($time) && is_array($time)) {
if (isset($time[$prefix . 'Year'])) {
// $_REQUEST[$field_array] given
foreach (array(
foreach ([
'Y' => 'Year',
'm' => 'Month',
'd' => 'Day'
) as $_elementKey => $_elementName) {
] as $_elementKey => $_elementName) {
$_variableName = '_' . strtolower($_elementName);
$$_variableName =
isset($params[ 'time' ][ $prefix . $_elementName ]) ? $params[ 'time' ][ $prefix . $_elementName ] :
isset($time[$prefix . $_elementName]) ? $time[$prefix . $_elementName] :
date($_elementKey);
}
} elseif (isset($params[ 'time' ][ $field_array ][ $prefix . 'Year' ])) {
} elseif (isset($time[$field_array][$prefix . 'Year'])) {
// $_REQUEST given
foreach (array(
foreach ([
'Y' => 'Year',
'm' => 'Month',
'd' => 'Day'
) as $_elementKey => $_elementName) {
] as $_elementKey => $_elementName) {
$_variableName = '_' . strtolower($_elementName);
$$_variableName = isset($params[ 'time' ][ $field_array ][ $prefix . $_elementName ]) ?
$params[ 'time' ][ $field_array ][ $prefix . $_elementName ] : date($_elementKey);
$$_variableName = isset($time[$field_array][$prefix . $_elementName]) ?
$time[$field_array][$prefix . $_elementName] : date($_elementKey);
}
} else {
// no date found, use NOW
list($_year, $_month, $_day) = $time = explode('-', date('Y-m-d'));
[$_year, $_month, $_day] = explode('-', date('Y-m-d'));
}
} elseif (isset($time) && preg_match("/(\d*)-(\d*)-(\d*)/", $time, $matches)) {
$_year = $_month = $_day = null;
if ($matches[1] > '') $_year = (int) $matches[1];
if ($matches[2] > '') $_month = (int) $matches[2];
if ($matches[3] > '') $_day = (int) $matches[3];
} elseif ($time === null) {
if (array_key_exists('time', $params)) {
$_year = $_month = $_day = $time = null;
$_year = $_month = $_day = null;
} else {
list($_year, $_month, $_day) = $time = explode('-', date('Y-m-d'));
[$_year, $_month, $_day] = explode('-', date('Y-m-d'));
}
} else {
list($_year, $_month, $_day) = $time = explode('-', date('Y-m-d', $time));
$template->_checkPlugins(
array(
array(
'function' => 'smarty_make_timestamp',
'file' => SMARTY_PLUGINS_DIR . 'shared.make_timestamp.php'
)
)
);
$time = smarty_make_timestamp($time);
[$_year, $_month, $_day] = explode('-', date('Y-m-d', $time));
}
// make syntax "+N" or "-N" work with $start_year and $end_year
// Note preg_match('!^(\+|\-)\s*(\d+)$!', $end_year, $match) is slower than trim+substr
foreach (array(
@@ -309,8 +316,8 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem
for ($i = 1; $i <= 12; $i++) {
$_val = sprintf('%02d', $i);
$_text = isset($month_names) ? smarty_function_escape_special_chars($month_names[ $i ]) :
($month_format === '%m' ? $_val : strftime($month_format, $_month_timestamps[ $i ]));
$_value = $month_value_format === '%m' ? $_val : strftime($month_value_format, $_month_timestamps[ $i ]);
($month_format === '%m' ? $_val : @strftime($month_format, $_month_timestamps[ $i ]));
$_value = $month_value_format === '%m' ? $_val : @strftime($month_value_format, $_month_timestamps[ $i ]);
$_html_months .= '<option value="' . $_value . '"' . ($_val == $_month ? ' selected="selected"' : '') .
'>' . $_text . '</option>' . $option_separator;
}

26
libs/plugins/function.mailto.php
View File

@@ -48,8 +48,13 @@
*/
function smarty_function_mailto($params)
{
static $_allowed_encoding =
array('javascript' => true, 'javascript_charcode' => true, 'hex' => true, 'none' => true);
static $_allowed_encoding = [
'javascript' => true,
'javascript_charcode' => true,
'hex' => true,
'none' => true
];
$extra = '';
if (empty($params[ 'address' ])) {
trigger_error("mailto: missing 'address' parameter", E_USER_WARNING);
@@ -57,19 +62,19 @@ function smarty_function_mailto($params)
} else {
$address = $params[ 'address' ];
}
$text = $address;
// netscape and mozilla do not decode %40 (@) in BCC field (bug?)
// so, don't encode it.
$search = array('%40', '%2C');
$replace = array('@', ',');
$mail_parms = array();
$mail_parms = [];
foreach ($params as $var => $value) {
switch ($var) {
case 'cc':
case 'bcc':
case 'followupto':
if (!empty($value)) {
$mail_parms[] = $var . '=' . str_replace($search, $replace, rawurlencode($value));
$mail_parms[] = $var . '=' . str_replace(['%40', '%2C'], ['@', ','], rawurlencode($value));
}
break;
case 'subject':
@@ -83,6 +88,7 @@ function smarty_function_mailto($params)
default:
}
}
if ($mail_parms) {
$address .= '?' . join('&', $mail_parms);
}
@@ -94,15 +100,17 @@ function smarty_function_mailto($params)
);
return;
}
$string = '<a href="mailto:' . htmlspecialchars($address, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, Smarty::$_CHARSET) .
'" ' . $extra . '>' . htmlspecialchars($text, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, Smarty::$_CHARSET) . '</a>';
if ($encode === 'javascript') {
$string = '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>';
$js_encode = '';
for ($x = 0, $_length = strlen($string); $x < $_length; $x++) {
$js_encode .= '%' . bin2hex($string[ $x ]);
}
return '<script type="text/javascript">document.write(unescape(\'' . $js_encode . '\'))</script>';
} elseif ($encode === 'javascript_charcode') {
$string = '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>';
for ($x = 0, $_length = strlen($string); $x < $_length; $x++) {
$ord[] = ord($string[ $x ]);
}
@@ -129,6 +137,6 @@ function smarty_function_mailto($params)
return '<a href="' . $mailto . $address_encode . '" ' . $extra . '>' . $text_encode . '</a>';
} else {
// no encoding
return '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>';
return $string;
}
}

2
libs/plugins/function.math.php
View File

@@ -70,7 +70,7 @@ function smarty_function_math($params, $template)
$number = '(?:\d+(?:[,.]\d+)?|pi|π)'; // What is a number
$functionsOrVars = '((?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*))';
$operators = '[,+\/*\^%-]'; // Allowed math operators
$regexp = '/^(('.$number.'|'.$functionsOrVars.'|('.$functionsOrVars.'\s*\((?1)+\)|\((?1)+\)))(?:'.$operators.'(?1))?)+$/';
$regexp = '/^(('.$number.'|'.$functionsOrVars.'|('.$functionsOrVars.'\s*\((?1)*\)|\((?1)*\)))(?:'.$operators.'(?1))?)+$/';
if (!preg_match($regexp, $equation)) {
trigger_error("math: illegal characters", E_USER_WARNING);

2
libs/plugins/modifier.capitalize.php
View File

@@ -22,6 +22,8 @@
*/
function smarty_modifier_capitalize($string, $uc_digits = false, $lc_rest = false)
{
$string = (string) $string;
if (Smarty::$_MBSTRING) {
if ($lc_rest) {
// uppercase (including hyphenated words)

36
libs/plugins/modifier.count.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
/**
* Smarty plugin
*
* @package Smarty
* @subpackage PluginsModifier
*/
/**
* Smarty count modifier plugin
* Type: modifier
* Name: count
* Purpose: counts all elements in an array or in a Countable object
* Input:
* - Countable|array: array or object to count
* - mode: int defaults to 0 for normal count mode, if set to 1 counts recursive
*
* @param mixed $arrayOrObject input array/object
* @param int $mode count mode
*
* @return int
*/
function smarty_modifier_count($arrayOrObject, $mode = 0)
{
/*
* @see https://www.php.net/count
* > Prior to PHP 8.0.0, if the parameter was neither an array nor an object that implements the Countable interface,
* > 1 would be returned, unless value was null, in which case 0 would be returned.
*/
if ($arrayOrObject instanceof Countable || is_array($arrayOrObject)) {
return count($arrayOrObject, (int) $mode);
} elseif ($arrayOrObject === null) {
return 0;
}
return 1;
}

3
libs/plugins/modifier.date_format.php
View File

@@ -78,7 +78,8 @@ function smarty_modifier_date_format($string, $format = null, $default_date = ''
}
$format = str_replace($_win_from, $_win_to, $format);
}
return strftime($format, $timestamp);
// @ to suppress deprecation errors when running in PHP8.1 or higher.
return @strftime($format, $timestamp);
} else {
return date($format, $timestamp);
}

80
libs/plugins/modifier.escape.php
View File

@@ -23,95 +23,25 @@
*/
function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $double_encode = true)
{
static $_double_encode = true;
static $is_loaded_1 = false;
static $is_loaded_2 = false;
if (!$char_set) {
$char_set = Smarty::$_CHARSET;
}
$string = (string)$string;
switch ($esc_type) {
case 'html':
if ($_double_encode) {
// php >=5.3.2 - go native
return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
} else {
if ($double_encode) {
// php <5.2.3 - only handle double encoding
return htmlspecialchars($string, ENT_QUOTES, $char_set);
} else {
// php <5.2.3 - prevent double encoding
$string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
$string = htmlspecialchars($string, ENT_QUOTES, $char_set);
$string = str_replace(
array(
'%%%SMARTY_START%%%',
'%%%SMARTY_END%%%'
),
array(
'&',
';'
),
$string
);
return $string;
}
}
// no break
case 'htmlall':
if (Smarty::$_MBSTRING) {
// mb_convert_encoding ignores htmlspecialchars()
if ($_double_encode) {
// php >=5.3.2 - go native
$string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
} else {
if ($double_encode) {
// php <5.2.3 - only handle double encoding
$string = htmlspecialchars($string, ENT_QUOTES, $char_set);
} else {
// php <5.2.3 - prevent double encoding
$string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
$string = htmlspecialchars($string, ENT_QUOTES, $char_set);
$string =
str_replace(
array(
'%%%SMARTY_START%%%',
'%%%SMARTY_END%%%'
),
array(
'&',
';'
),
$string
);
return $string;
}
}
// htmlentities() won't convert everything, so use mb_convert_encoding
return mb_convert_encoding($string, 'HTML-ENTITIES', $char_set);
$string = mb_convert_encoding($string, 'UTF-8', $char_set);
return htmlentities($string, ENT_QUOTES, 'UTF-8', $double_encode);
}
// no MBString fallback
if ($_double_encode) {
return htmlentities($string, ENT_QUOTES, $char_set, $double_encode);
} else {
if ($double_encode) {
return htmlentities($string, ENT_QUOTES, $char_set);
} else {
$string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
$string = htmlentities($string, ENT_QUOTES, $char_set);
$string = str_replace(
array(
'%%%SMARTY_START%%%',
'%%%SMARTY_END%%%'
),
array(
'&',
';'
),
$string
);
return $string;
}
}
// no break
case 'url':
return rawurlencode($string);

25
libs/plugins/modifier.explode.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
/**
* Smarty plugin
*
* @package Smarty
* @subpackage PluginsModifier
*/
/**
* Smarty explode modifier plugin
* Type: modifier
* Name: explode
* Purpose: split a string by a string
*
* @param string $separator
* @param string $string
* @param int|null $limit
*
* @return array
*/
function smarty_modifier_explode($separator, $string, ?int $limit = null)
{
// provide $string default to prevent deprecation errors in PHP >=8.1
return explode($separator, $string ?? '', $limit ?? PHP_INT_MAX);
}

26
libs/plugins/modifier.number_format.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
/**
* Smarty plugin
*
* @package Smarty
* @subpackage PluginsModifier
*/
/**
* Smarty number_format modifier plugin
* Type: modifier
* Name: number_format
* Purpose: Format a number with grouped thousands
*
* @param float|null $num
* @param int $decimals
* @param string|null $decimal_separator
* @param string|null $thousands_separator
*
* @return string
*/
function smarty_modifier_number_format(?float $num, int $decimals = 0, ?string $decimal_separator = ".", ?string $thousands_separator = ",")
{
// provide $num default to prevent deprecation errors in PHP >=8.1
return number_format($num ?? 0.0, $decimals, $decimal_separator, $thousands_separator);
}

45
libs/plugins/modifiercompiler.escape.php
View File

@@ -18,12 +18,10 @@
* @param Smarty_Internal_TemplateCompilerBase $compiler
*
* @return string with compiled code
* @throws \SmartyException
* @throws SmartyException
*/
function smarty_modifiercompiler_escape($params, Smarty_Internal_TemplateCompilerBase $compiler)
{
static $_double_encode = true;
static $is_loaded = false;
$compiler->template->_checkPlugins(
array(
array(
@@ -41,53 +39,30 @@ function smarty_modifiercompiler_escape($params, Smarty_Internal_TemplateCompile
}
switch ($esc_type) {
case 'html':
if ($_double_encode) {
return 'htmlspecialchars(' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' .
return 'htmlspecialchars((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' .
var_export($double_encode, true) . ')';
} elseif ($double_encode) {
return 'htmlspecialchars(' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ')';
} else {
// fall back to modifier.escape.php
}
// no break
case 'htmlall':
if (Smarty::$_MBSTRING) {
if ($_double_encode) {
// php >=5.2.3 - go native
return 'mb_convert_encoding(htmlspecialchars(' . $params[ 0 ] . ', ENT_QUOTES, ' .
var_export($char_set, true) . ', ' . var_export($double_encode, true) .
'), "HTML-ENTITIES", ' . var_export($char_set, true) . ')';
} elseif ($double_encode) {
// php <5.2.3 - only handle double encoding
return 'mb_convert_encoding(htmlspecialchars(' . $params[ 0 ] . ', ENT_QUOTES, ' .
var_export($char_set, true) . '), "HTML-ENTITIES", ' . var_export($char_set, true) . ')';
} else {
// fall back to modifier.escape.php
}
return 'htmlentities(mb_convert_encoding((string)' . $params[ 0 ] . ', \'UTF-8\', ' .
var_export($char_set, true) . '), ENT_QUOTES, \'UTF-8\', ' .
var_export($double_encode, true) . ')';
}
// no MBString fallback
if ($_double_encode) {
// php >=5.2.3 - go native
return 'htmlentities(' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' .
return 'htmlentities((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' .
var_export($double_encode, true) . ')';
} elseif ($double_encode) {
// php <5.2.3 - only handle double encoding
return 'htmlentities(' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ')';
} else {
// fall back to modifier.escape.php
}
// no break
case 'url':
return 'rawurlencode(' . $params[ 0 ] . ')';
return 'rawurlencode((string)' . $params[ 0 ] . ')';
case 'urlpathinfo':
return 'str_replace("%2F", "/", rawurlencode(' . $params[ 0 ] . '))';
return 'str_replace("%2F", "/", rawurlencode((string)' . $params[ 0 ] . '))';
case 'quotes':
// escape unescaped single quotes
return 'preg_replace("%(?<!\\\\\\\\)\'%", "\\\'",' . $params[ 0 ] . ')';
return 'preg_replace("%(?<!\\\\\\\\)\'%", "\\\'", (string)' . $params[ 0 ] . ')';
case 'javascript':
// escape quotes and backslashes, newlines, etc.
// see https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements
return 'strtr(' .
return 'strtr((string)' .
$params[ 0 ] .
', array("\\\\" => "\\\\\\\\", "\'" => "\\\\\'", "\"" => "\\\\\"", "\\r" => "\\\\r", "\\n" => "\\\n", "</" => "<\/", "<!--" => "<\!--", "<s" => "<\s", "<S" => "<\S" ))';
}

23
libs/plugins/modifiercompiler.nl2br.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
/**
* Smarty plugin
*
* @package Smarty
* @subpackage PluginsModifierCompiler
*/
/**
* Smarty nl2br modifier plugin
* Type: modifier
* Name: nl2br
* Purpose: insert HTML line breaks before all newlines in a string
*
* @link https://www.smarty.net/docs/en/language.modifier.nl2br.tpl nl2br (Smarty online manual)
*
* @param array $params parameters
*
* @return string with compiled code
*/
function smarty_modifiercompiler_nl2br($params) {
return 'nl2br((string) ' . $params[0] . ', (bool) ' . ($params[1] ?? true) . ')';
}

23
libs/plugins/modifiercompiler.round.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
/**
* Smarty plugin
*
* @package Smarty
* @subpackage PluginsModifierCompiler
*/
/**
* Smarty round modifier plugin
* Type: modifier
* Name: round
* Purpose: Returns the rounded value of num to specified precision (number of digits after the decimal point)
*
* @link https://www.smarty.net/docs/en/language.modifier.round.tpl round (Smarty online manual)
*
* @param array $params parameters
*
* @return string with compiled code
*/
function smarty_modifiercompiler_round($params) {
return 'round((float) ' . $params[0] . ', (int) ' . ($params[1] ?? 0) . ', (int) ' . ($params[2] ?? PHP_ROUND_HALF_UP) . ')';
}

23
libs/plugins/modifiercompiler.str_repeat.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
/**
* Smarty plugin
*
* @package Smarty
* @subpackage PluginsModifierCompiler
*/
/**
* Smarty str_repeat modifier plugin
* Type: modifier
* Name: str_repeat
* Purpose: returns string repeated times times
*
* @link https://www.smarty.net/docs/en/language.modifier.str_repeat.tpl str_repeat (Smarty online manual)
*
* @param array $params parameters
*
* @return string with compiled code
*/
function smarty_modifiercompiler_str_repeat($params) {
return 'str_repeat((string) ' . $params[0] . ', (int) ' . $params[1] . ')';
}

4
libs/plugins/modifiercompiler.strip_tags.php
View File

@@ -21,8 +21,8 @@
function smarty_modifiercompiler_strip_tags($params)
{
if (!isset($params[ 1 ]) || $params[ 1 ] === true || trim($params[ 1 ], '"') === 'true') {
return "preg_replace('!<[^>]*?>!', ' ', {$params[0]})";
return "preg_replace('!<[^>]*?>!', ' ', {$params[0]} ?: '')";
} else {
return 'strip_tags(' . $params[ 0 ] . ')';
return 'strip_tags((string) ' . $params[ 0 ] . ')';
}
}

23
libs/plugins/modifiercompiler.strlen.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
/**
* Smarty plugin
*
* @package Smarty
* @subpackage PluginsModifierCompiler
*/
/**
* Smarty strlen modifier plugin
* Type: modifier
* Name: strlen
* Purpose: return the length of the given string
*
* @link https://www.smarty.net/docs/en/language.modifier.strlen.tpl strlen (Smarty online manual)
*
* @param array $params parameters
*
* @return string with compiled code
*/
function smarty_modifiercompiler_strlen($params) {
return 'strlen((string) ' . $params[0] . ')';
}

26
libs/plugins/modifiercompiler.unescape.php
View File

@@ -14,26 +14,34 @@
* @author Rodney Rehm
*
* @param array $params parameters
* @param Smarty_Internal_TemplateCompilerBase $compiler
*
* @return string with compiled code
*/
function smarty_modifiercompiler_unescape($params)
function smarty_modifiercompiler_unescape($params, Smarty_Internal_TemplateCompilerBase $compiler)
{
if (!isset($params[ 1 ])) {
$params[ 1 ] = 'html';
}
$compiler->template->_checkPlugins(
array(
array(
'function' => 'smarty_literal_compiler_param',
'file' => SMARTY_PLUGINS_DIR . 'shared.literal_compiler_param.php'
)
)
);
$esc_type = smarty_literal_compiler_param($params, 1, 'html');
if (!isset($params[ 2 ])) {
$params[ 2 ] = '\'' . addslashes(Smarty::$_CHARSET) . '\'';
} else {
$params[ 2 ] = "'{$params[ 2 ]}'";
}
switch (trim($params[ 1 ], '"\'')) {
switch ($esc_type) {
case 'entity':
case 'htmlall':
if (Smarty::$_MBSTRING) {
return 'mb_convert_encoding(' . $params[ 0 ] . ', ' . $params[ 2 ] . ', \'HTML-ENTITIES\')';
return 'html_entity_decode(mb_convert_encoding(' . $params[ 0 ] . ', ' . $params[ 2 ] . ', \'UTF-8\'), ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, ' . $params[ 2 ] . ')';
}
return 'html_entity_decode(' . $params[ 0 ] . ', ENT_NOQUOTES, ' . $params[ 2 ] . ')';
return 'html_entity_decode(' . $params[ 0 ] . ', ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, ' . $params[ 2 ] . ')';
case 'html':
return 'htmlspecialchars_decode(' . $params[ 0 ] . ', ENT_QUOTES)';
case 'url':

4
libs/plugins/modifiercompiler.upper.php
View File

@@ -21,8 +21,8 @@
function smarty_modifiercompiler_upper($params)
{
if (Smarty::$_MBSTRING) {
return 'mb_strtoupper(' . $params[ 0 ] . ', \'' . addslashes(Smarty::$_CHARSET) . '\')';
return 'mb_strtoupper(' . $params[ 0 ] . ' ?? \'\', \'' . addslashes(Smarty::$_CHARSET) . '\')';
}
// no MBString fallback
return 'strtoupper(' . $params[ 0 ] . ')';
return 'strtoupper(' . $params[ 0 ] . ' ?? \'\')';
}

36
libs/plugins/shared.mb_str_replace.php
View File

@@ -44,9 +44,43 @@ if (!function_exists('smarty_mb_str_replace')) {
}
}
} else {
$parts = mb_split(preg_quote($search), $subject) ?: array();
$mb_reg_charset = mb_regex_encoding();
// Check if mbstring regex is using UTF-8
$reg_is_unicode = !strcasecmp($mb_reg_charset, "UTF-8");
if(!$reg_is_unicode) {
// ...and set to UTF-8 if not
mb_regex_encoding("UTF-8");
}
// See if charset used by Smarty is matching one used by regex...
$current_charset = mb_regex_encoding();
$convert_result = (bool)strcasecmp(Smarty::$_CHARSET, $current_charset);
if($convert_result) {
// ...convert to it if not.
$subject = mb_convert_encoding($subject, $current_charset, Smarty::$_CHARSET);
$search = mb_convert_encoding($search, $current_charset, Smarty::$_CHARSET);
$replace = mb_convert_encoding($replace, $current_charset, Smarty::$_CHARSET);
}
$parts = mb_split(preg_quote($search), $subject ?? "") ?: array();
// If original regex encoding was not unicode...
if(!$reg_is_unicode) {
// ...restore original regex encoding to avoid breaking the system.
mb_regex_encoding($mb_reg_charset);
}
if($parts === false) {
// This exception is thrown if call to mb_split failed.
// Usually it happens, when $search or $replace are not valid for given mb_regex_encoding().
// There may be other cases for it to fail, please file an issue if you find a reproducible one.
throw new SmartyException("Source string is not a valid $current_charset sequence (probably)");
}
$count = count($parts) - 1;
$subject = implode($replace, $parts);
// Convert results back to charset used by Smarty, if needed.
if($convert_result) {
$subject = mb_convert_encoding($subject, Smarty::$_CHARSET, $current_charset);
}
}
return $subject;
}

4
libs/sysplugins/smarty_cacheresource.php
View File

@@ -205,11 +205,11 @@ abstract class Smarty_CacheResource
}
// try sysplugins dir
if (isset(self::$sysplugins[ $type ])) {
$cache_resource_class = 'Smarty_Internal_CacheResource_' . ucfirst($type);
$cache_resource_class = 'Smarty_Internal_CacheResource_' . smarty_ucfirst_ascii($type);
return $smarty->_cache[ 'cacheresource_handlers' ][ $type ] = new $cache_resource_class();
}
// try plugins dir
$cache_resource_class = 'Smarty_CacheResource_' . ucfirst($type);
$cache_resource_class = 'Smarty_CacheResource_' . smarty_ucfirst_ascii($type);
if ($smarty->loadPlugin($cache_resource_class)) {
return $smarty->_cache[ 'cacheresource_handlers' ][ $type ] = new $cache_resource_class();
}

4
libs/sysplugins/smarty_cacheresource_keyvaluestore.php
View File

@@ -244,7 +244,7 @@ abstract class Smarty_CacheResource_KeyValueStore extends Smarty_CacheResource
*/
protected function sanitize($string)
{
$string = trim($string, '|');
$string = trim((string)$string, '|');
if (!$string) {
return '';
}
@@ -428,7 +428,7 @@ abstract class Smarty_CacheResource_KeyValueStore extends Smarty_CacheResource
$t[] = 'IVK#COMPILE' . $_compile;
}
$_name .= '#';
$cid = trim($cache_id, '|');
$cid = trim((string)$cache_id, '|');
if (!$cid) {
return $t;
}

4
libs/sysplugins/smarty_internal_compile_block.php
View File

@@ -125,7 +125,7 @@ class Smarty_Internal_Compile_Blockclose extends Smarty_Internal_Compile_Shared_
// setup buffer for template function code
$compiler->parser->current_buffer = new Smarty_Internal_ParseTree_Template();
$output = "<?php\n";
$output .= "/* {block {$_name}} */\n";
$output .= $compiler->cStyleComment(" {block {$_name}} ") . "\n";
$output .= "class {$_className} extends Smarty_Internal_Block\n";
$output .= "{\n";
foreach ($_block as $property => $value) {
@@ -155,7 +155,7 @@ class Smarty_Internal_Compile_Blockclose extends Smarty_Internal_Compile_Shared_
}
$output .= "}\n";
$output .= "}\n";
$output .= "/* {/block {$_name}} */\n\n";
$output .= $compiler->cStyleComment(" {/block {$_name}} ") . "\n\n";
$output .= "?>\n";
$compiler->parser->current_buffer->append_subtree(
$compiler->parser,

8
libs/sysplugins/smarty_internal_compile_function.php
View File

@@ -134,7 +134,7 @@ class Smarty_Internal_Compile_Functionclose extends Smarty_Internal_CompileBase
if ($compiler->template->compiled->has_nocache_code) {
$compiler->parent_compiler->tpl_function[ $_name ][ 'call_name_caching' ] = $_funcNameCaching;
$output = "<?php\n";
$output .= "/* {$_funcNameCaching} */\n";
$output .= $compiler->cStyleComment(" {$_funcNameCaching} ") . "\n";
$output .= "if (!function_exists('{$_funcNameCaching}')) {\n";
$output .= "function {$_funcNameCaching} (Smarty_Internal_Template \$_smarty_tpl,\$params) {\n";
$output .= "ob_start();\n";
@@ -159,7 +159,7 @@ class Smarty_Internal_Compile_Functionclose extends Smarty_Internal_CompileBase
$output .= "/*/%%SmartyNocache:{$compiler->template->compiled->nocache_hash}%%*/\";\n?>";
$output .= "<?php echo str_replace('{$compiler->template->compiled->nocache_hash}', \$_smarty_tpl->compiled->nocache_hash ?? '', ob_get_clean());\n";
$output .= "}\n}\n";
$output .= "/*/ {$_funcName}_nocache */\n\n";
$output .= $compiler->cStyleComment("/ {$_funcName}_nocache ") . "\n\n";
$output .= "?>\n";
$compiler->parser->current_buffer->append_subtree(
$compiler->parser,
@@ -179,7 +179,7 @@ class Smarty_Internal_Compile_Functionclose extends Smarty_Internal_CompileBase
}
$compiler->parent_compiler->tpl_function[ $_name ][ 'call_name' ] = $_funcName;
$output = "<?php\n";
$output .= "/* {$_funcName} */\n";
$output .= $compiler->cStyleComment(" {$_funcName} ") . "\n";
$output .= "if (!function_exists('{$_funcName}')) {\n";
$output .= "function {$_funcName}(Smarty_Internal_Template \$_smarty_tpl,\$params) {\n";
$output .= $_paramsCode;
@@ -196,7 +196,7 @@ class Smarty_Internal_Compile_Functionclose extends Smarty_Internal_CompileBase
);
$compiler->parser->current_buffer->append_subtree($compiler->parser, $_functionCode);
$output = "<?php\n}}\n";
$output .= "/*/ {$_funcName} */\n\n";
$output .= $compiler->cStyleComment("/ {$_funcName} ") . "\n\n";
$output .= "?>\n";
$compiler->parser->current_buffer->append_subtree(
$compiler->parser,

4
libs/sysplugins/smarty_internal_compile_include.php
View File

@@ -318,14 +318,14 @@ class Smarty_Internal_Compile_Include extends Smarty_Internal_CompileBase
}
// get compiled code
$compiled_code = "<?php\n\n";
$compiled_code .= "/* Start inline template \"{$sourceInfo}\" =============================*/\n";
$compiled_code .= $compiler->cStyleComment(" Start inline template \"{$sourceInfo}\" =============================") . "\n";
$compiled_code .= "function {$tpl->compiled->unifunc} (Smarty_Internal_Template \$_smarty_tpl) {\n";
$compiled_code .= "?>\n" . $tpl->compiler->compileTemplateSource($tpl, null, $compiler->parent_compiler);
$compiled_code .= "<?php\n";
$compiled_code .= "}\n?>\n";
$compiled_code .= $tpl->compiler->postFilter($tpl->compiler->blockOrFunctionCode);
$compiled_code .= "<?php\n\n";
$compiled_code .= "/* End inline template \"{$sourceInfo}\" =============================*/\n";
$compiled_code .= $compiler->cStyleComment(" End inline template \"{$sourceInfo}\" =============================") . "\n";
$compiled_code .= '?>';
unset($tpl->compiler);
if ($tpl->compiled->has_nocache_code) {

2
libs/sysplugins/smarty_internal_compile_insert.php
View File

@@ -93,7 +93,7 @@ class Smarty_Internal_Compile_Insert extends Smarty_Internal_CompileBase
}
if (!empty($_dir)) {
foreach ((array)$_dir as $_script_dir) {
$_script_dir = rtrim($_script_dir, '/\\') . DIRECTORY_SEPARATOR;
$_script_dir = rtrim($_script_dir ?? '', '/\\') . DIRECTORY_SEPARATOR;
if (file_exists($_script_dir . $_script)) {
$_filepath = $_script_dir . $_script;
break;

6
libs/sysplugins/smarty_internal_compile_private_foreachsection.php
View File

@@ -143,7 +143,7 @@ class Smarty_Internal_Compile_Private_ForeachSection extends Smarty_Internal_Com
foreach ($this->resultOffsets as $key => $offset) {
foreach ($match[ $offset ] as $m) {
if (!empty($m)) {
$this->matchResults[ $key ][ strtolower($m) ] = true;
$this->matchResults[ $key ][ smarty_strtolower_ascii($m) ] = true;
}
}
}
@@ -213,12 +213,12 @@ class Smarty_Internal_Compile_Private_ForeachSection extends Smarty_Internal_Com
*/
public function compileSpecialVariable($args, Smarty_Internal_TemplateCompilerBase $compiler, $parameter)
{
$tag = strtolower(trim($parameter[ 0 ], '"\''));
$tag = smarty_strtolower_ascii(trim($parameter[ 0 ], '"\''));
$name = isset($parameter[ 1 ]) ? $compiler->getId($parameter[ 1 ]) : false;
if (!$name) {
$compiler->trigger_template_error("missing or illegal \$smarty.{$tag} name attribute", null, true);
}
$property = isset($parameter[ 2 ]) ? strtolower($compiler->getId($parameter[ 2 ])) : false;
$property = isset($parameter[ 2 ]) ? smarty_strtolower_ascii($compiler->getId($parameter[ 2 ])) : false;
if (!$property || !in_array($property, $this->nameProperties)) {
$compiler->trigger_template_error("missing or illegal \$smarty.{$tag} property attribute", null, true);
}

3
libs/sysplugins/smarty_internal_compile_private_modifier.php
View File

@@ -109,6 +109,9 @@ class Smarty_Internal_Compile_Private_Modifier extends Smarty_Internal_CompileBa
if (!is_object($compiler->smarty->security_policy)
|| $compiler->smarty->security_policy->isTrustedPhpModifier($modifier, $compiler)
) {
trigger_error('Using php-function "' . $modifier . '" as a modifier is deprecated and will be ' .
'removed in a future release. Use Smarty::registerPlugin to explicitly register ' .
'a custom modifier.', E_USER_DEPRECATED);
$output = "{$modifier}({$params})";
}
$compiler->known_modifier_type[ $modifier ] = $type;

2
libs/sysplugins/smarty_internal_compile_private_print_expression.php
View File

@@ -93,7 +93,7 @@ class Smarty_Internal_Compile_Private_Print_Expression extends Smarty_Internal_C
}
// autoescape html
if ($compiler->template->smarty->escape_html) {
$output = "htmlspecialchars({$output}, ENT_QUOTES, '" . addslashes(Smarty::$_CHARSET) . "')";
$output = "htmlspecialchars((string) {$output}, ENT_QUOTES, '" . addslashes(Smarty::$_CHARSET) . "')";
}
// loop over registered filters
if (!empty($compiler->template->smarty->registered_filters[ Smarty::FILTER_VARIABLE ])) {

6
libs/sysplugins/smarty_internal_compile_private_special_variable.php
View File

@@ -29,7 +29,7 @@ class Smarty_Internal_Compile_Private_Special_Variable extends Smarty_Internal_C
public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler, $parameter)
{
$_index = preg_split("/\]\[/", substr($parameter, 1, strlen($parameter) - 2));
$variable = strtolower($compiler->getId($_index[ 0 ]));
$variable = smarty_strtolower_ascii($compiler->getId($_index[ 0 ]));
if ($variable === false) {
$compiler->trigger_template_error("special \$Smarty variable name index can not be variable", null, true);
}
@@ -40,7 +40,7 @@ class Smarty_Internal_Compile_Private_Special_Variable extends Smarty_Internal_C
case 'foreach':
case 'section':
if (!isset(Smarty_Internal_TemplateCompilerBase::$_tag_objects[ $variable ])) {
$class = 'Smarty_Internal_Compile_' . ucfirst($variable);
$class = 'Smarty_Internal_Compile_' . smarty_ucfirst_ascii($variable);
Smarty_Internal_TemplateCompilerBase::$_tag_objects[ $variable ] = new $class;
}
return Smarty_Internal_TemplateCompilerBase::$_tag_objects[ $variable ]->compileSpecialVariable(
@@ -76,7 +76,7 @@ class Smarty_Internal_Compile_Private_Special_Variable extends Smarty_Internal_C
$compiler->trigger_template_error("(secure mode) super globals not permitted");
break;
}
$compiled_ref = '$_' . strtoupper($variable);
$compiled_ref = '$_' . smarty_strtoupper_ascii($variable);
break;
case 'template':
return 'basename($_smarty_tpl->source->filepath)';

10
libs/sysplugins/smarty_internal_config_file_compiler.php
View File

@@ -157,10 +157,12 @@ class Smarty_Internal_Config_File_Compiler
$this->smarty->_debug->end_compile($this->template);
}
// template header code
$template_header =
"<?php /* Smarty version " . Smarty::SMARTY_VERSION . ", created on " . date("Y-m-d H:i:s") .
"\n";
$template_header .= " compiled from '{$this->template->source->filepath}' */ ?>\n";
$template_header = sprintf(
"<?php /* Smarty version %s, created on %s\n compiled from '%s' */ ?>\n",
Smarty::SMARTY_VERSION,
date("Y-m-d H:i:s"),
str_replace('*/', '* /' , $this->template->source->filepath)
);
$code = '<?php $_smarty_tpl->smarty->ext->configLoad->_loadConfigVars($_smarty_tpl, ' .
var_export($this->config_data, true) . '); ?>';
return $template_header . $this->template->smarty->ext->_codeFrame->create($this->template, $code);

4
libs/sysplugins/smarty_internal_debug.php
View File

@@ -210,7 +210,7 @@ class Smarty_Internal_Debug extends Smarty_Internal_Data
// copy the working dirs from application
$debObj->setCompileDir($smarty->getCompileDir());
// init properties by hand as user may have edited the original Smarty class
$debObj->setPluginsDir(is_dir(dirname(__FILE__) . '/../plugins') ? dirname(__FILE__) .
$debObj->setPluginsDir(is_dir(__DIR__ . '/../plugins') ? __DIR__ .
'/../plugins' : $smarty->getPluginsDir());
$debObj->force_compile = false;
$debObj->compile_check = Smarty::COMPILECHECK_ON;
@@ -221,7 +221,7 @@ class Smarty_Internal_Debug extends Smarty_Internal_Data
$debObj->debugging_ctrl = 'NONE';
$debObj->error_reporting = E_ALL & ~E_NOTICE;
$debObj->debug_tpl =
isset($smarty->debug_tpl) ? $smarty->debug_tpl : 'file:' . dirname(__FILE__) . '/../debug.tpl';
isset($smarty->debug_tpl) ? $smarty->debug_tpl : 'file:' . __DIR__ . '/../debug.tpl';
$debObj->registered_plugins = array();
$debObj->registered_resources = array();
$debObj->registered_filters = array();

7
libs/sysplugins/smarty_internal_errorhandler.php
View File

@@ -66,12 +66,15 @@ class Smarty_Internal_ErrorHandler
*/
public function handleError($errno, $errstr, $errfile, $errline, $errcontext = [])
{
if ($this->allowUndefinedVars && preg_match('/^Attempt to read property ".+?" on null$/', $errstr)) {
if ($this->allowUndefinedVars && preg_match(
'/^(Attempt to read property ".+?" on null|Trying to get property (\'.+?\' )?of non-object)/',
$errstr
)) {
return; // suppresses this error
}
if ($this->allowUndefinedArrayKeys && preg_match(
'/^(Undefined array key|Trying to access array offset on value of type null)/',
'/^(Undefined index|Undefined array key|Trying to access array offset on value of type (null|bool))/',
$errstr
)) {
return; // suppresses this error

8
libs/sysplugins/smarty_internal_extension_handler.php
View File

@@ -36,6 +36,7 @@
* @property Smarty_Internal_Method_RegisterPlugin $registerPlugin
* @property mixed|\Smarty_Template_Cached configLoad
*/
#[\AllowDynamicProperties]
class Smarty_Internal_Extension_Handler
{
public $objType = null;
@@ -88,9 +89,8 @@ class Smarty_Internal_Extension_Handler
$objType = $data->_objType;
$propertyType = false;
if (!isset($this->resolvedProperties[ $match[ 0 ] ][ $objType ])) {
$property = isset($this->resolvedProperties[ 'property' ][ $basename ]) ?
$this->resolvedProperties[ 'property' ][ $basename ] :
$property = $this->resolvedProperties[ 'property' ][ $basename ] = strtolower(
$property = $this->resolvedProperties['property'][$basename] ??
$this->resolvedProperties['property'][$basename] = smarty_strtolower_ascii(
join(
'_',
preg_split(
@@ -145,7 +145,7 @@ class Smarty_Internal_Extension_Handler
public function upperCase($name)
{
$_name = explode('_', $name);
$_name = array_map('ucfirst', $_name);
$_name = array_map('smarty_ucfirst_ascii', $_name);
return implode('_', $_name);
}

4
libs/sysplugins/smarty_internal_method_loadplugin.php
View File

@@ -40,7 +40,7 @@ class Smarty_Internal_Method_LoadPlugin
throw new SmartyException("plugin {$plugin_name} is not a valid name format");
}
if (!empty($match[ 2 ])) {
$file = SMARTY_SYSPLUGINS_DIR . strtolower($plugin_name) . '.php';
$file = SMARTY_SYSPLUGINS_DIR . smarty_strtolower_ascii($plugin_name) . '.php';
if (isset($this->plugin_files[ $file ])) {
if ($this->plugin_files[ $file ] !== false) {
return $this->plugin_files[ $file ];
@@ -60,7 +60,7 @@ class Smarty_Internal_Method_LoadPlugin
}
// plugin filename is expected to be: [type].[name].php
$_plugin_filename = "{$match[1]}.{$match[4]}.php";
$_lower_filename = strtolower($_plugin_filename);
$_lower_filename = smarty_strtolower_ascii($_plugin_filename);
if (isset($this->plugin_files)) {
if (isset($this->plugin_files[ 'plugins_dir' ][ $_lower_filename ])) {
if (!$smarty->use_include_path || $this->plugin_files[ 'plugins_dir' ][ $_lower_filename ] !== false) {

2
libs/sysplugins/smarty_internal_method_mustcompile.php
View File

@@ -32,7 +32,7 @@ class Smarty_Internal_Method_MustCompile
{
if (!$_template->source->exists) {
if ($_template->_isSubTpl()) {
$parent_resource = " in '$_template->parent->template_resource}'";
$parent_resource = " in '{$_template->parent->template_resource}'";
} else {
$parent_resource = '';
}

9
libs/sysplugins/smarty_internal_runtime_codeframe.php
View File

@@ -44,9 +44,12 @@ class Smarty_Internal_Runtime_CodeFrame
$properties[ 'file_dependency' ] = $_template->cached->file_dependency;
$properties[ 'cache_lifetime' ] = $_template->cache_lifetime;
}
$output = "<?php\n";
$output .= "/* Smarty version {$properties[ 'version' ]}, created on " . date("Y-m-d H:i:s") .
"\n from '" . str_replace('*/', '* /', $_template->source->filepath) . "' */\n\n";
$output = sprintf(
"<?php\n/* Smarty version %s, created on %s\n from '%s' */\n\n",
$properties[ 'version' ],
date("Y-m-d H:i:s"),
str_replace('*/', '* /', $_template->source->filepath)
);
$output .= "/* @var Smarty_Internal_Template \$_smarty_tpl */\n";
$dec = "\$_smarty_tpl->_decodeProperties(\$_smarty_tpl, " . var_export($properties, true) . ',' .
($cache ? 'true' : 'false') . ')';

2
libs/sysplugins/smarty_internal_runtime_make_nocache.php
View File

@@ -22,7 +22,7 @@ class Smarty_Internal_Runtime_Make_Nocache
{
if (isset($tpl->tpl_vars[ $var ])) {
$export =
preg_replace('/^Smarty_Variable::__set_state[(]|[)]$/', '', var_export($tpl->tpl_vars[ $var ], true));
preg_replace('/^\\\\?Smarty_Variable::__set_state[(]|[)]$/', '', var_export($tpl->tpl_vars[ $var ], true));
if (preg_match('/(\w+)::__set_state/', $export, $match)) {
throw new SmartyException("{make_nocache \${$var}} in template '{$tpl->source->name}': variable does contain object '{$match[1]}' not implementing method '__set_state'");
}

13
libs/sysplugins/smarty_internal_runtime_writefile.php
View File

@@ -29,12 +29,6 @@ class Smarty_Internal_Runtime_WriteFile
{
$_error_reporting = error_reporting();
error_reporting($_error_reporting & ~E_NOTICE & ~E_WARNING);
$_file_perms = property_exists($smarty, '_file_perms') ? $smarty->_file_perms : 0644;
$_dir_perms =
property_exists($smarty, '_dir_perms') ? (isset($smarty->_dir_perms) ? $smarty->_dir_perms : 0777) : 0771;
if ($_file_perms !== null) {
$old_umask = umask(0);
}
$_dirpath = dirname($_filepath);
// if subdirs, create dir structure
if ($_dirpath !== '.') {
@@ -42,7 +36,7 @@ class Smarty_Internal_Runtime_WriteFile
// loop if concurrency problem occurs
// see https://bugs.php.net/bug.php?id=35326
while (!is_dir($_dirpath)) {
if (@mkdir($_dirpath, $_dir_perms, true)) {
if (@mkdir($_dirpath, 0777, true)) {
break;
}
clearstatcache();
@@ -89,11 +83,8 @@ class Smarty_Internal_Runtime_WriteFile
error_reporting($_error_reporting);
throw new SmartyException("unable to write file {$_filepath}");
}
if ($_file_perms !== null) {
// set file permissions
chmod($_filepath, $_file_perms);
umask($old_umask);
}
@chmod($_filepath, 0666 & ~umask());
error_reporting($_error_reporting);
return true;
}

5
libs/sysplugins/smarty_internal_template.php
View File

@@ -24,6 +24,7 @@
*
* @method bool mustCompile()
*/
#[\AllowDynamicProperties]
class Smarty_Internal_Template extends Smarty_Internal_TemplateBase
{
/**
@@ -292,7 +293,7 @@ class Smarty_Internal_Template extends Smarty_Internal_TemplateBase
$smarty = &$this->smarty;
$_templateId = $smarty->_getTemplateId($template, $cache_id, $compile_id, $caching, $tpl);
// recursive call ?
if (isset($tpl->templateId) ? $tpl->templateId : $tpl->_getTemplateId() !== $_templateId) {
if ((isset($tpl->templateId) ? $tpl->templateId : $tpl->_getTemplateId()) !== $_templateId) {
// already in template cache?
if (isset(self::$tplObjCache[ $_templateId ])) {
// copy data from cached object
@@ -358,7 +359,7 @@ class Smarty_Internal_Template extends Smarty_Internal_TemplateBase
}
if ($tpl->caching === 9999) {
if (!isset($tpl->compiled)) {
$this->loadCompiled(true);
$tpl->loadCompiled(true);
}
if ($tpl->compiled->has_nocache_code) {
$this->cached->hashes[ $tpl->compiled->nocache_hash ] = true;

2
libs/sysplugins/smarty_internal_templatebase.php
View File

@@ -257,7 +257,7 @@ abstract class Smarty_Internal_TemplateBase extends Smarty_Internal_Data
error_reporting($_smarty_old_error_level);
}
return $result;
} catch (Exception $e) {
} catch (Throwable $e) {
while (ob_get_level() > $level) {
ob_end_clean();
}

19
libs/sysplugins/smarty_internal_templatecompilerbase.php
View File

@@ -422,9 +422,6 @@ abstract class Smarty_Internal_TemplateCompilerBase
try {
// save template object in compiler class
$this->template = $template;
if (property_exists($this->template->smarty, 'plugin_search_order')) {
$this->plugin_search_order = $this->template->smarty->plugin_search_order;
}
if ($this->smarty->debugging) {
if (!isset($this->smarty->_debug)) {
$this->smarty->_debug = new Smarty_Internal_Debug();
@@ -608,7 +605,7 @@ abstract class Smarty_Internal_TemplateCompilerBase
if (strcasecmp($name, 'isset') === 0 || strcasecmp($name, 'empty') === 0
|| strcasecmp($name, 'array') === 0 || is_callable($name)
) {
$func_name = strtolower($name);
$func_name = smarty_strtolower_ascii($name);
if ($func_name === 'isset') {
if (count($parameter) === 0) {
@@ -768,7 +765,7 @@ abstract class Smarty_Internal_TemplateCompilerBase
if (!isset(self::$_tag_objects[ $tag ])) {
// lazy load internal compiler plugin
$_tag = explode('_', $tag);
$_tag = array_map('ucfirst', $_tag);
$_tag = array_map('smarty_ucfirst_ascii', $_tag);
$class_name = 'Smarty_Internal_Compile_' . implode('_', $_tag);
if (class_exists($class_name)
&& (!isset($this->smarty->security_policy) || $this->smarty->security_policy->isTrustedTag($tag, $this))
@@ -1134,8 +1131,12 @@ abstract class Smarty_Internal_TemplateCompilerBase
echo ob_get_clean();
flush();
}
$e = new SmartyCompilerException($error_text);
$e->setLine($line);
$e = new SmartyCompilerException(
$error_text,
0,
$this->template->source->filepath,
$line
);
$e->source = trim(preg_replace('![\t\r\n]+!', ' ', $match[ $line - 1 ]));
$e->desc = $args;
$e->template = $this->template->source->filepath;
@@ -1439,6 +1440,10 @@ abstract class Smarty_Internal_TemplateCompilerBase
*/
abstract protected function doCompile($_content, $isTemplateSource = false);
public function cStyleComment($string) {
return '/*' . str_replace('*/', '* /' , $string) . '*/';
}
/**
* Compile Tag
*

2
libs/sysplugins/smarty_internal_testinstall.php
View File

@@ -144,7 +144,7 @@ class Smarty_Internal_TestInstall
}
// test if all registered plugins_dir are accessible
// and if core plugins directory is still registered
$_core_plugins_dir = realpath(dirname(__FILE__) . '/../plugins');
$_core_plugins_dir = realpath(__DIR__ . '/../plugins');
$_core_plugins_available = false;
foreach ($smarty->getPluginsDir() as $plugin_dir) {
$_plugin_dir = $plugin_dir;

4
libs/sysplugins/smarty_resource.php
View File

@@ -76,11 +76,11 @@ abstract class Smarty_Resource
}
// try sysplugins dir
if (isset(self::$sysplugins[ $type ])) {
$_resource_class = 'Smarty_Internal_Resource_' . ucfirst($type);
$_resource_class = 'Smarty_Internal_Resource_' . smarty_ucfirst_ascii($type);
return $smarty->_cache[ 'resource_handlers' ][ $type ] = new $_resource_class();
}
// try plugins dir
$_resource_class = 'Smarty_Resource_' . ucfirst($type);
$_resource_class = 'Smarty_Resource_' . smarty_ucfirst_ascii($type);
if ($smarty->loadPlugin($_resource_class)) {
if (class_exists($_resource_class, false)) {
return $smarty->_cache[ 'resource_handlers' ][ $type ] = new $_resource_class();

15
libs/sysplugins/smarty_resource_custom.php
View File

@@ -47,7 +47,7 @@ abstract class Smarty_Resource_Custom extends Smarty_Resource
*/
public function populate(Smarty_Template_Source $source, Smarty_Internal_Template $_template = null)
{
$source->filepath = $source->type . ':' . substr(preg_replace('/[^A-Za-z0-9.]/', '', $source->name), 0, 25);
$source->filepath = $source->type . ':' . $this->generateSafeName($source->name);
$source->uid = sha1($source->type . ':' . $source->name);
$mtime = $this->fetchTimestamp($source->name);
if ($mtime !== null) {
@@ -88,6 +88,17 @@ abstract class Smarty_Resource_Custom extends Smarty_Resource
*/
public function getBasename(Smarty_Template_Source $source)
{
return basename(substr(preg_replace('/[^A-Za-z0-9.]/', '', $source->name), 0, 25));
return basename($this->generateSafeName($source->name));
}
/**
* Removes special characters from $name and limits its length to 127 characters.
*
* @param $name
*
* @return string
*/
private function generateSafeName($name): string {
return substr(preg_replace('/[^A-Za-z0-9._]/', '', (string) $name), 0, 127);
}
}

34
libs/sysplugins/smarty_security.php
View File

@@ -19,6 +19,7 @@
/**
* This class does contain the security settings
*/
#[\AllowDynamicProperties]
class Smarty_Security
{
@@ -105,7 +106,7 @@ class Smarty_Security
*
* @var array
*/
public $php_modifiers = array('escape', 'count', 'nl2br',);
public $php_modifiers = array('escape', 'count', 'sizeof', 'nl2br',);
/**
* This is an array of allowed tags.
@@ -328,7 +329,7 @@ class Smarty_Security
*
* @param string $modifier_name
* @param object $compiler compiler object
*
* @deprecated
* @return boolean true if modifier is trusted
*/
public function isTrustedPhpModifier($modifier_name, $compiler)
@@ -555,35 +556,6 @@ class Smarty_Security
throw new SmartyException("URI '{$uri}' not allowed by security setting");
}
/**
* Check if directory of file resource is trusted.
*
* @param string $filepath
*
* @return boolean true if directory is trusted
* @throws SmartyException if PHP directory is not trusted
*/
public function isTrustedPHPDir($filepath)
{
if (empty($this->trusted_dir)) {
throw new SmartyException("directory '{$filepath}' not allowed by security setting (no trusted_dir specified)");
}
// check if index is outdated
if (!$this->_trusted_dir || $this->_trusted_dir !== $this->trusted_dir) {
$this->_php_resource_dir = array();
$this->_trusted_dir = $this->trusted_dir;
foreach ((array)$this->trusted_dir as $directory) {
$directory = $this->smarty->_realpath($directory . '/', true);
$this->_php_resource_dir[ $directory ] = true;
}
}
$addPath = $this->_checkDir($filepath, $this->_php_resource_dir);
if ($addPath !== false) {
$this->_php_resource_dir = array_merge($this->_php_resource_dir, $addPath);
}
return true;
}
/**
* Remove old directories and its sub folders, add new directories
*

1
libs/sysplugins/smarty_variable.php
View File

@@ -7,6 +7,7 @@
* @package Smarty
* @subpackage Template
*/
#[\AllowDynamicProperties]
class Smarty_Variable
{
/**

Some files were not shown because too many files have changed in this diff Show More