From f908aa0a271a04a4a2e05fd1243f19073f838cb2 Mon Sep 17 00:00:00 2001 From: "monte.ohrt" Date: Mon, 28 Dec 2009 05:08:45 +0000 Subject: [PATCH] update cache logic to use secure dynamic cache id --- libs/sysplugins/smarty_internal_template.php | 22 ++++++++++--------- .../smarty_internal_templatecompilerbase.php | 6 ++++- 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/libs/sysplugins/smarty_internal_template.php b/libs/sysplugins/smarty_internal_template.php index 33be8d83..b1c67350 100644 --- a/libs/sysplugins/smarty_internal_template.php +++ b/libs/sysplugins/smarty_internal_template.php @@ -330,9 +330,18 @@ class Smarty_Internal_Template extends Smarty_Internal_Data { } // build file dependency string $this->properties['cache_lifetime'] = $this->cache_lifetime; - $this->dynamicId = uniqid(); - $output = preg_replace('/(<%|%>|<\?php|<\?|\?>)/', 'dynamicId . '*/ echo \'$1\'; ?>', $this->rendered_content); - $output = preg_replace_callback('/\/\*%%SmartyNocache%%\*\/(.+?)\/\*\/%%SmartyNocache%%\*\//s', array($this, 'unescapePhp'), $output); + // get text between non-cached items + $cache_split = preg_split("!/\*%%SmartyNocache:{$this->properties['nocache_hash']}%%\*\/(.+?)/\*/%%SmartyNocache:{$this->properties['nocache_hash']}%%\*/!s",$this->rendered_content); + // get non-cached items + preg_match_all("!/\*%%SmartyNocache:{$this->properties['nocache_hash']}%%\*\/(.+?)/\*/%%SmartyNocache:{$this->properties['nocache_hash']}%%\*/!s",$this->rendered_content,$cache_parts); + $output = ''; + // loop over items, stitch back together + foreach($cache_split as $curr_idx => $curr_split) { + // escape PHP tags in template content + $output .= preg_replace('/(<%|%>|<\?php|<\?|\?>)/', '', $curr_split); + // remove nocache tags from cache output + $output .= preg_replace("!/\*/?%%SmartyNocache:{$this->properties['nocache_hash']}%%\*/!",'',$cache_parts[0][$curr_idx]); + } return $this->cache_resource_object->writeCachedContent($this, $this->createPropertyHeader(true) . $output); } @@ -745,13 +754,6 @@ class Smarty_Internal_Template extends Smarty_Internal_Data { } } } - /** - * callback to unescap PHP - */ - public function unescapePhp($match) - { - return preg_replace('{<\?php /\*' . $this->dynamicId . '\*/ echo \'(.+?)\'; \?>}s', '$1', $match[1]); - } /** * wrapper for display diff --git a/libs/sysplugins/smarty_internal_templatecompilerbase.php b/libs/sysplugins/smarty_internal_templatecompilerbase.php index 84a75800..8bb3ac05 100644 --- a/libs/sysplugins/smarty_internal_templatecompilerbase.php +++ b/libs/sysplugins/smarty_internal_templatecompilerbase.php @@ -20,12 +20,15 @@ class Smarty_Internal_TemplateCompilerBase { public $template = null; // required plugins public $required_plugins_call = array(); + // hash for nocache sections + private $nocache_hash = null; /** * Initialize compiler */ public function __construct() { + $this->nocache_hash = md5(uniqid(rand(),true)); } // abstract function doCompile($_content); /** @@ -36,6 +39,7 @@ class Smarty_Internal_TemplateCompilerBase { */ public function compileTemplate($template) { + $template->properties['nocache_hash'] = $this->nocache_hash; /* here is where the compiling takes place. Smarty tags in the templates are replaces with PHP code, then written to compiled files. */ @@ -329,7 +333,7 @@ class Smarty_Internal_TemplateCompilerBase { ($this->nocache || $this->tag_nocache)) { $this->tag_nocache = false; $_output = str_replace("'", "\'", $content); - $_output = "\n"; + $_output = "nocache_hash}%%*/" . $_output . "/*/%%SmartyNocache:{$this->nocache_hash}%%*/';?>\n"; // make sure we include modifer plugins for nocache code if (isset($this->template->saved_modifer)) { foreach ($this->template->saved_modifer as $plugin_name => $dummy) {