smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-06 03:14:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

update cache logic to use secure dynamic cache id

Browse Source
This commit is contained in:
monte.ohrt
2009-12-28 05:08:45 +00:00
parent 55d50efb1d
commit f908aa0a27
2 changed files with 17 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
libs/sysplugins/smarty_internal_template.php
View File

@@ -330,9 +330,18 @@ class Smarty_Internal_Template extends Smarty_Internal_Data {
}
// build file dependency string
$this->properties['cache_lifetime'] = $this->cache_lifetime;
$this->dynamicId = uniqid();
$output = preg_replace('/(<%|%>|<\?php|<\?|\?>)/', '<?php /*' . $this->dynamicId . '*/ echo \'$1\'; ?>', $this->rendered_content);
$output = preg_replace_callback('/\/\*%%SmartyNocache%%\*\/(.+?)\/\*\/%%SmartyNocache%%\*\//s', array($this, 'unescapePhp'), $output);
// get text between non-cached items
$cache_split = preg_split("!/\*%%SmartyNocache:{$this->properties['nocache_hash']}%%\*\/(.+?)/\*/%%SmartyNocache:{$this->properties['nocache_hash']}%%\*/!s",$this->rendered_content);
// get non-cached items
preg_match_all("!/\*%%SmartyNocache:{$this->properties['nocache_hash']}%%\*\/(.+?)/\*/%%SmartyNocache:{$this->properties['nocache_hash']}%%\*/!s",$this->rendered_content,$cache_parts);
$output = '';
// loop over items, stitch back together
foreach($cache_split as $curr_idx => $curr_split) {
// escape PHP tags in template content
$output .= preg_replace('/(<%|%>|<\?php|<\?|\?>)/', '<?php echo \'$1\'; ?>', $curr_split);
// remove nocache tags from cache output
$output .= preg_replace("!/\*/?%%SmartyNocache:{$this->properties['nocache_hash']}%%\*/!",'',$cache_parts[0][$curr_idx]);
}
return $this->cache_resource_object->writeCachedContent($this, $this->createPropertyHeader(true) . $output);
}
@@ -745,13 +754,6 @@ class Smarty_Internal_Template extends Smarty_Internal_Data {
}
}
}
/**
* callback to unescap PHP
*/
public function unescapePhp($match)
{
return preg_replace('{<\?php /\*' . $this->dynamicId . '\*/ echo \'(.+?)\'; \?>}s', '$1', $match[1]);
}
/**
* wrapper for display

6
libs/sysplugins/smarty_internal_templatecompilerbase.php
View File

@@ -20,12 +20,15 @@ class Smarty_Internal_TemplateCompilerBase {
public $template = null;
// required plugins
public $required_plugins_call = array();
// hash for nocache sections
private $nocache_hash = null;
/**
* Initialize compiler
*/
public function __construct()
{
$this->nocache_hash = md5(uniqid(rand(),true));
}
// abstract function doCompile($_content);
/**
@@ -36,6 +39,7 @@ class Smarty_Internal_TemplateCompilerBase {
*/
public function compileTemplate($template)
{
$template->properties['nocache_hash'] = $this->nocache_hash;
/* here is where the compiling takes place. Smarty
tags in the templates are replaces with PHP code,
then written to compiled files. */
@@ -329,7 +333,7 @@ class Smarty_Internal_TemplateCompilerBase {
($this->nocache || $this->tag_nocache)) {
$this->tag_nocache = false;
$_output = str_replace("'", "\'", $content);
$_output = "<?php echo '/*%%SmartyNocache%%*/" . $_output . "/*/%%SmartyNocache%%*/';?>\n";
$_output = "<?php echo '/*%%SmartyNocache:{$this->nocache_hash}%%*/" . $_output . "/*/%%SmartyNocache:{$this->nocache_hash}%%*/';?>\n";
// make sure we include modifer plugins for nocache code
if (isset($this->template->saved_modifer)) {
foreach ($this->template->saved_modifer as $plugin_name => $dummy) {