diff --git a/CHANGELOG.md b/CHANGELOG.md index 20c5b00e..8077925b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed - `|strip_tags` does not work if the input is 0 [#890](https://github.com/smarty-php/smarty/issues/890) +- Use of negative numbers in {math} equations [#895](https://github.com/smarty-php/smarty/issues/895) ## [4.3.2] - 2023-07-19 diff --git a/libs/plugins/function.math.php b/libs/plugins/function.math.php index f9cf67fe..34912d23 100644 --- a/libs/plugins/function.math.php +++ b/libs/plugins/function.math.php @@ -67,7 +67,7 @@ function smarty_function_math($params, $template) $equation = preg_replace('/\s+/', '', $equation); // Adapted from https://www.php.net/manual/en/function.eval.php#107377 - $number = '(?:\d+(?:[,.]\d+)?|pi|π)'; // What is a number + $number = '-?(?:\d+(?:[,.]\d+)?|pi|π)'; // What is a number $functionsOrVars = '((?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*))'; $operators = '[,+\/*\^%-]'; // Allowed math operators $regexp = '/^(('.$number.'|'.$functionsOrVars.'|('.$functionsOrVars.'\s*\((?1)*\)|\((?1)*\)))(?:'.$operators.'(?1))?)+$/'; diff --git a/tests/UnitTests/TemplateSource/ValueTests/Math/MathTest.php b/tests/UnitTests/TemplateSource/ValueTests/Math/MathTest.php index e4522e06..f996754c 100644 --- a/tests/UnitTests/TemplateSource/ValueTests/Math/MathTest.php +++ b/tests/UnitTests/TemplateSource/ValueTests/Math/MathTest.php @@ -101,6 +101,14 @@ class MathTest extends PHPUnit_Smarty $this->assertEquals($expected, $this->smarty->fetch($tpl)); } + public function testNegativeNumbers() + { + $this->smarty->disableSecurity(); + $expected = "-19 -- 4.1"; + $tpl = $this->smarty->createTemplate('eval:{$x = 4}{$y = 5.5}{math equation="-2.0*(x+y)" x=$x y=$y} -- {math equation="-20.5 / -5"}'); + $this->assertEquals($expected, $this->smarty->fetch($tpl)); + } + public function testSyntaxFormat() { $this->smarty->disableSecurity();