update cache logic to use secure dynamic cache id

libs/sysplugins/smarty_internal_template.php

@@ -330,9 +330,18 @@ class Smarty_Internal_Template extends Smarty_Internal_Data {
         } 
         // build file dependency string
         $this->properties['cache_lifetime'] = $this->cache_lifetime;
-        $this->dynamicId = uniqid();
+        // get text between non-cached items
-        $output = preg_replace('/(<%|%>|<\?php|<\?|\?>)/', '<?php /*' . $this->dynamicId . '*/ echo \'$1\'; ?>', $this->rendered_content);
+        $cache_split = preg_split("!/\*%%SmartyNocache:{$this->properties['nocache_hash']}%%\*\/(.+?)/\*/%%SmartyNocache:{$this->properties['nocache_hash']}%%\*/!s",$this->rendered_content);
-        $output = preg_replace_callback('/\/\*%%SmartyNocache%%\*\/(.+?)\/\*\/%%SmartyNocache%%\*\//s', array($this, 'unescapePhp'), $output);
+        // get non-cached items
+        preg_match_all("!/\*%%SmartyNocache:{$this->properties['nocache_hash']}%%\*\/(.+?)/\*/%%SmartyNocache:{$this->properties['nocache_hash']}%%\*/!s",$this->rendered_content,$cache_parts);
+        $output = '';
+        // loop over items, stitch back together
+        foreach($cache_split as $curr_idx => $curr_split) {
+          // escape PHP tags in template content
+          $output .= preg_replace('/(<%|%>|<\?php|<\?|\?>)/', '<?php echo \'$1\'; ?>', $curr_split);
+          // remove nocache tags from cache output
+          $output .= preg_replace("!/\*/?%%SmartyNocache:{$this->properties['nocache_hash']}%%\*/!",'',$cache_parts[0][$curr_idx]); 
+        }
         return $this->cache_resource_object->writeCachedContent($this, $this->createPropertyHeader(true) . $output);
     } 
 
@@ -745,13 +754,6 @@ class Smarty_Internal_Template extends Smarty_Internal_Data {
             } 
         } 
     } 
-    /**
-    * callback to unescap PHP
-    */
-    public function unescapePhp($match)
-    {
-        return preg_replace('{<\?php /\*' . $this->dynamicId . '\*/ echo \'(.+?)\'; \?>}s', '$1', $match[1]);
-    } 
 
     /**
     * wrapper for display

libs/sysplugins/smarty_internal_templatecompilerbase.php

@@ -20,12 +20,15 @@ class Smarty_Internal_TemplateCompilerBase {
     public $template = null; 
     // required plugins
     public $required_plugins_call = array();
+    // hash for nocache sections
+    private $nocache_hash = null;
 
     /**
     * Initialize compiler
     */
     public function __construct()
     {
+      $this->nocache_hash = md5(uniqid(rand(),true));
     } 
     // abstract function doCompile($_content);
     /**
@@ -36,6 +39,7 @@ class Smarty_Internal_TemplateCompilerBase {
     */
     public function compileTemplate($template)
     {
+        $template->properties['nocache_hash'] = $this->nocache_hash;
         /* here is where the compiling takes place. Smarty
        tags in the templates are replaces with PHP code,
        then written to compiled files. */ 
@@ -329,7 +333,7 @@ class Smarty_Internal_TemplateCompilerBase {
                     ($this->nocache || $this->tag_nocache)) {
                 $this->tag_nocache = false;
                 $_output = str_replace("'", "\'", $content);
-                $_output = "<?php echo '/*%%SmartyNocache%%*/" . $_output . "/*/%%SmartyNocache%%*/';?>\n";
+                $_output = "<?php echo '/*%%SmartyNocache:{$this->nocache_hash}%%*/" . $_output . "/*/%%SmartyNocache:{$this->nocache_hash}%%*/';?>\n";
                 // make sure we include modifer plugins for nocache code
                 if (isset($this->template->saved_modifer)) {
                     foreach ($this->template->saved_modifer as $plugin_name => $dummy) {