diff --git a/libs/plugins/function.math.php b/libs/plugins/function.math.php index fd5b3d16..8560e944 100644 --- a/libs/plugins/function.math.php +++ b/libs/plugins/function.math.php @@ -69,7 +69,7 @@ function smarty_function_math($params, $template) // Adapted from https://www.php.net/manual/en/function.eval.php#107377 $number = '(?:\d+(?:[,.]\d+)?|pi|π)'; // What is a number $functionsOrVars = '((?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*))'; - $operators = '[+\/*\^%-]'; // Allowed math operators + $operators = '[,+\/*\^%-]'; // Allowed math operators $regexp = '/^(('.$number.'|'.$functionsOrVars.'|('.$functionsOrVars.'\s*\((?1)+\)|\((?1)+\)))(?:'.$operators.'(?1))?)+$/'; if (!preg_match($regexp, $equation)) { diff --git a/tests/UnitTests/TemplateSource/ValueTests/Math/MathTest.php b/tests/UnitTests/TemplateSource/ValueTests/Math/MathTest.php index 645c0a40..82255644 100644 --- a/tests/UnitTests/TemplateSource/ValueTests/Math/MathTest.php +++ b/tests/UnitTests/TemplateSource/ValueTests/Math/MathTest.php @@ -52,6 +52,22 @@ class MathTest extends PHPUnit_Smarty $this->assertEquals($expected, $this->smarty->fetch($tpl)); } + public function testMathMaxFunctionParameters() + { + $this->smarty->disableSecurity(); + $expected = max(0, 2) . ' -- ' . max(0, 2, 3); + $tpl = $this->smarty->createTemplate('eval:{$x = 0}{$y = 2}{$z = 3}{math equation="max(x, y)" x=$x y=$y} -- {math equation="max(x, y, z)" x=$x y=$y z=$z}'); + $this->assertEquals($expected, $this->smarty->fetch($tpl)); + } + + public function testMathMinFunctionParameters() + { + $this->smarty->disableSecurity(); + $expected = min(1, 2) . ' -- ' . min(1, 2, 0); + $tpl = $this->smarty->createTemplate('eval:{$x = 1}{$y = 2}{$z = 0}{math equation="min(x, y)" x=$x y=$y} -- {math equation="min(x, y, z)" x=$x y=$y z=$z}'); + $this->assertEquals($expected, $this->smarty->fetch($tpl)); + } + public function testSyntaxSin() { $this->smarty->disableSecurity();