smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-10-05 16:50:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
4,908 Commits 108 Branches 94 Tags
js_escape_security_fix
Commit Graph

47 Commits

Author SHA1 Message Date
Progi1984
c016895166 PHP8.2 compatibility (#775) 
* PHP8.2 compatibility

* PHP8.2 compatibility : Fixed unit tests

* PHP8.2 compatibility : Replace ENT_COMPAT by ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401

* PHP8.2 compatibility : Remove deprecated utf8_decode

* PHP8.2 compatibility : Remove HTML-ENTITIES parameter

* Removed some unused code for clarity, updated the changelog.

* More concise escape implementation and unit test to cover both modifierplugin and modifiercompiler.

* Fix htmlall unescape of quotes without mbstring too

Co-authored-by: Simon Wisselink <s.wisselink@iwink.nl>
 2022-11-22 21:22:57 +01:00
Simon Wisselink
254b5cabee Dropped remaining references to removed PHP-support in Smarty 4 from docs, lexer and security class. 2022-09-27 12:21:01 +02:00
Simon Wisselink
4550fc0339 Using PHP functions as modifiers now triggers a deprecation notice (#814) 
Fixes #813
 2022-09-23 00:09:00 +02:00
Simon Wisselink
39b69f0142 Feature/php8 support (#629) 
Adds support for PHP8.0, dropping support for PHP7.0 and below.

Backwards incompatible changes:
- Dropped support for php asp tags in templates (removed from php since php7.0)
- Dropped deprecated API calls that where only accessible through SmartyBC
- Dropped support for {php} and {include_php} tags and embedded PHP in templates. Embedded PHP will now be passed through as is.
- Removed all PHP_VERSION_ID and compare_version checks and conditional code blocks that are now no longer required
- Dropped deprecated SMARTY_RESOURCE_CHAR_SET and SMARTY_RESOURCE_DATE_FORMAT constants
- Dropped deprecated Smarty::muteExpectedErrors and Smarty::unmuteExpectedErrors API methods
- Dropped deprecated $smarty->getVariable() method. Use $smarty->getTemplateVars() instead.
- $smarty->registerResource() no longer accepts an array of callback functions

See the changelog for more details.

Switched CI from Travis to Github CI.
 2021-10-13 12:15:17 +02:00
uwetews
4f7cd8f1b3 - reformating for PSR-2 coding standards https://github.com/smarty-php/smarty/pull/483 2018-08-31 16:45:09 +02:00
uwetews
799b5cb342 - fix PSR-2 coding standards and PHPDoc blocks https://github.com/smarty-php/smarty/pull/452 
https://github.com/smarty-php/smarty/pull/475
    https://github.com/smarty-php/smarty/pull/473
  - bugfix PHP5.2 compatibility https://github.com/smarty-php/smarty/pull/472
 2018-08-19 02:35:46 +02:00
Sławomir Kaleta
2404095783 Update PSR-2 2018-06-12 09:58:15 +02:00
Uwe Tews
c9dbe1d08c - bugfix regarding Security Vulnerability did not solve the problem under Linux 2018-04-26 21:38:08 +02:00
Uwe Tews
2e081a51b1 - bugfix regarding Security Vulnerability did not solve the problem under Linux 2018-04-26 18:06:45 +02:00
Uwe Tews
f9ca3c63d1 - bugfix regarding Security Vulnerability did not solve the problem under Linux 2018-04-26 13:02:51 +02:00
Uwe Tews
8d21f38dc3 - bugfix possible Security Vulnerability in Smarty_Security class. 2018-04-24 10:38:18 +02:00
Uwe Tews
3fc8abeb98 code cleanup and optimizations 3.1.32-dev-34 2017-11-06 01:02:56 +01:00
Uwe Tews
dd9c076dfa - correction of PHPDoc blocks 
- minor code cleanup
 2017-10-26 10:25:41 +02:00
uwetews
e5bbc052b1 - bugfix uppercase TRUE, FALSE and NULL did not work when security was enabled https://github.com/smarty-php/smarty/issues/282 2016-09-07 00:15:44 +02:00
uwetews
2003020df9 - bugfix remove constant DS as shortcut for DIRECTORY_SEPARATOR as the user may have defined it to something else https://github.com/smarty-php/smarty/issues/277 2016-08-23 08:03:39 +02:00
uwetews
02f95184ab - bugfix enableSecurity() must init cache flags https://github.com/smarty-php/smarty/issues/247 2016-07-12 02:30:14 +02:00
uwetews
af71fda639 - optimization of capture and security handling 2016-03-11 02:55:55 +01:00
uwetews
b04486a091 - reformat all code for unique style 2016-02-09 01:27:15 +01:00
uwetews
888014b908 - new extension handler to load functions when called 2015-10-24 05:02:24 +02:00
Uwe Tews
e1cc514a68 - avoid possible circular object referances caused by parser/lexer objects 2015-08-06 01:19:11 +02:00
Uwe Tews
61253c1999 optimization 2015-07-12 07:03:55 +02:00
Uwe Tews
7fa6c4fd47 update include_path handling 2015-07-07 17:55:45 +02:00
Uwe Tews
3052406cfc - fix $smarty->use_include_path option and optimize file path code 2015-06-29 02:41:42 +02:00
Uwe Tews
aee07f7bba - optimize security isTrustedResourceDir() 2015-06-28 02:37:41 +02:00
Uwe Tews
5377fd5926 - move $smarty->enableSecurity() into Smarty_Security class 2015-06-28 01:38:52 +02:00
Uwe Tews
f567d5d778 - update Smarty security with new realpath handling 2015-06-27 20:18:01 +02:00
Uwe Tews
8ee805632d - bugfix in Smarty_Security 'nl2br' should be a trusted modifier, not PHP function (code.google issue 223) 2015-05-13 20:17:02 +02:00
Uwe Tews
ea2a566b1f - bugfix Smarty_Security->allow_constants=false; did also disable true, false and null (change of 16.03.2015) 
- improvement added a whitelist for trusted constants to security Smarty_Security::$trusted_constants (forum topic 25471)
 2015-03-28 03:58:08 +01:00
Uwe Tews
1a781b39b1 new feature: security can now control access to static methods and properties 
see also NEW_FEATURES.txt
 2015-01-22 03:53:01 +01:00
Uwe Tews
6be6bf7b70 limit the template nesting level by security 2014-12-30 12:57:43 +01:00
Uwe Tews
1da50aa61d security can now disable special $smarty variables 
see also NEW_FEATURES.txt
 2014-12-29 21:59:23 +01:00
Uwe.Tews@googlemail.com
bbf0e42847 Fix typo's in Smarty_Security class comment and documentation 2014-10-01 17:15:24 +00:00
Uwe.Tews@googlemail.com
425091a19f - fixed spelling, PHPDoc , minor errors, code cleanup 2014-06-06 02:40:04 +00:00
Uwe.Tews@googlemail.com
00ccae8857 - update for PHP 5.4 compatibility 
- reformat source to PSR-2 standard
 2013-07-14 22:15:45 +00:00
Uwe.Tews@googlemail.com
b0b2c0e86d 17.06.2013 
- fixed spelling in sources and documentation (from smarty-developers forum Veres Lajos)
 2013-06-17 12:34:10 +00:00
rodneyrehm
26eac9888d bugfix Smarty_Security internal $_resource_dir cache wasn't properly propagated 2012-01-30 11:31:34 +00:00
rodneyrehm
2c25a64dd3 - added Smarty_Security::isTrustedUri() and Smarty_Security::$trusted_uri to validate remote resource calls through {fetch} and {html_image} (Forum Topic 20627) 2011-12-18 22:21:49 +00:00
rodneyrehm
aeec0783ec - bugfix of problem introduced with r4342 by replacing strlen() with isset() 2011-10-05 17:11:01 +00:00
rodneyrehm
655cbc94bc - improvement replaced some strlen($foo) > 3 calls by isset($foo[3]) 2011-10-01 18:47:56 +00:00
rodneyrehm
aff7c6a0ab - improvement replaced most in_array() calls by more efficient isset() on array_flip()ed haystacks 
- added notes on possible performance optimization/problem with Smarty_Security
 2011-10-01 18:10:48 +00:00
monte.ohrt
8842e79107 commit 3.1 into the trunk 2011-09-16 14:19:56 +00:00
uwe.tews@googlemail.com
f044178bad - major update including some API changes 2010-11-11 21:34:36 +00:00
monte.ohrt
21d507a5cb fix formatting 2010-08-17 15:39:51 +00:00
Uwe.Tews
0426dd0459 - bugfix on expressions in doublequoted string enclosed in backticks 
- added security property $static_classes for static class security
 2010-02-24 18:01:03 +00:00
Uwe.Tews
7e6da87134 - added max attribute to for loop 
- added security mode allow_super_globals
 2009-12-04 15:44:47 +00:00
monte.ohrt
3386b94e15 change linefeed style to native on all files 2009-11-06 14:35:00 +00:00
Uwe.Tews
94b80e892b - renamed function names of autoloaded Smarty methods to Smarty_Method_.... 
- new security_class property (default is Smarty_Security)
 2009-11-03 20:38:38 +00:00