From 10a56bc3d02166f890b1c484ef1ddbc028915897 Mon Sep 17 00:00:00 2001 From: real_nowhereman Date: Tue, 12 Apr 2011 08:18:10 +0000 Subject: [PATCH] updated smarty to last stable build --- fp-includes/smarty/Config_File.class.php | 10 ++- fp-includes/smarty/Smarty.class.php | 65 ++++++++------ fp-includes/smarty/Smarty_Compiler.class.php | 86 +++++++++++++------ .../core.process_compiled_include.php | 2 +- .../internals/core.write_cache_file.php | 2 +- .../smarty/plugins/compiler.assign.php | 2 +- fp-includes/smarty/plugins/function.math.php | 3 +- .../smarty/plugins/modifier.regex_replace.php | 17 +++- .../plugins/outputfilter.trimwhitespace.php | 14 +-- 9 files changed, 137 insertions(+), 64 deletions(-) diff --git a/fp-includes/smarty/Config_File.class.php b/fp-includes/smarty/Config_File.class.php index 3d7c1b4..5787ad1 100644 --- a/fp-includes/smarty/Config_File.class.php +++ b/fp-includes/smarty/Config_File.class.php @@ -17,15 +17,19 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * - * @link http://smarty.php.net/ - * @version 2.6.18 + * For questions, help, comments, discussion, etc., please join the + * Smarty mailing list. Send a blank e-mail to + * smarty-discussion-subscribe@googlegroups.com + * + * @link http://www.smarty.net/ + * @version 2.6.26 * @copyright Copyright: 2001-2005 New Digital Group, Inc. * @author Andrei Zmievski * @access public * @package Smarty */ -/* $Id: Config_File.class.php,v 1.88 2007/03/06 10:40:06 messju Exp $ */ +/* $Id: Config_File.class.php 3149 2009-05-23 20:59:25Z monte.ohrt $ */ /** * Config file reading class diff --git a/fp-includes/smarty/Smarty.class.php b/fp-includes/smarty/Smarty.class.php index f05e0da..e7298f2 100644 --- a/fp-includes/smarty/Smarty.class.php +++ b/fp-includes/smarty/Smarty.class.php @@ -20,17 +20,17 @@ * * For questions, help, comments, discussion, etc., please join the * Smarty mailing list. Send a blank e-mail to - * smarty-general-subscribe@lists.php.net + * smarty-discussion-subscribe@googlegroups.com * - * @link http://smarty.php.net/ + * @link http://www.smarty.net/ * @copyright 2001-2005 New Digital Group, Inc. * @author Monte Ohrt * @author Andrei Zmievski * @package Smarty - * @version 2.6.18 + * @version 2.6.26 */ -/* $Id: Smarty.class.php,v 1.528 2007/03/06 10:40:06 messju Exp $ */ +/* $Id: Smarty.class.php 3163 2009-06-17 14:39:24Z monte.ohrt $ */ /** * DIR_SEP isn't used anymore, but third party apps might @@ -107,7 +107,7 @@ class Smarty /** * When set, smarty does uses this value as error_reporting-level. * - * @var boolean + * @var integer */ var $error_reporting = null; @@ -236,7 +236,8 @@ class Smarty 'INCLUDE_ANY' => false, 'PHP_TAGS' => false, 'MODIFIER_FUNCS' => array('count'), - 'ALLOW_CONSTANTS' => false + 'ALLOW_CONSTANTS' => false, + 'ALLOW_SUPER_GLOBALS' => true ); /** @@ -464,7 +465,7 @@ class Smarty * * @var string */ - var $_version = '2.6.18'; + var $_version = '2.6.26'; /** * current template inclusion depth @@ -838,69 +839,66 @@ class Smarty * Registers a prefilter function to apply * to a template before compiling * - * @param string $function name of PHP function to register + * @param callback $function */ function register_prefilter($function) { - $_name = (is_array($function)) ? $function[1] : $function; - $this->_plugins['prefilter'][$_name] + $this->_plugins['prefilter'][$this->_get_filter_name($function)] = array($function, null, null, false); } /** * Unregisters a prefilter function * - * @param string $function name of PHP function + * @param callback $function */ function unregister_prefilter($function) { - unset($this->_plugins['prefilter'][$function]); + unset($this->_plugins['prefilter'][$this->_get_filter_name($function)]); } /** * Registers a postfilter function to apply * to a compiled template after compilation * - * @param string $function name of PHP function to register + * @param callback $function */ function register_postfilter($function) { - $_name = (is_array($function)) ? $function[1] : $function; - $this->_plugins['postfilter'][$_name] + $this->_plugins['postfilter'][$this->_get_filter_name($function)] = array($function, null, null, false); } /** * Unregisters a postfilter function * - * @param string $function name of PHP function + * @param callback $function */ function unregister_postfilter($function) { - unset($this->_plugins['postfilter'][$function]); + unset($this->_plugins['postfilter'][$this->_get_filter_name($function)]); } /** * Registers an output filter function to apply * to a template output * - * @param string $function name of PHP function + * @param callback $function */ function register_outputfilter($function) { - $_name = (is_array($function)) ? $function[1] : $function; - $this->_plugins['outputfilter'][$_name] + $this->_plugins['outputfilter'][$this->_get_filter_name($function)] = array($function, null, null, false); } /** * Unregisters an outputfilter function * - * @param string $function name of PHP function + * @param callback $function */ function unregister_outputfilter($function) { - unset($this->_plugins['outputfilter'][$function]); + unset($this->_plugins['outputfilter'][$this->_get_filter_name($function)]); } /** @@ -1551,7 +1549,7 @@ class Smarty $params['source_content'] = $this->_read_file($_resource_name); } $params['resource_timestamp'] = filemtime($_resource_name); - $_return = is_file($_resource_name); + $_return = is_file($_resource_name) && is_readable($_resource_name); break; default: @@ -1714,7 +1712,7 @@ class Smarty */ function _read_file($filename) { - if ( file_exists($filename) && ($fd = @fopen($filename, 'rb')) ) { + if ( file_exists($filename) && is_readable($filename) && ($fd = @fopen($filename, 'rb')) ) { $contents = ''; while (!feof($fd)) { $contents .= fread($fd, 8192); @@ -1935,6 +1933,25 @@ class Smarty { return eval($code); } + + /** + * Extracts the filter name from the given callback + * + * @param callback $function + * @return string + */ + function _get_filter_name($function) + { + if (is_array($function)) { + $_class_name = (is_object($function[0]) ? + get_class($function[0]) : $function[0]); + return $_class_name . '_' . $function[1]; + } + else { + return $function; + } + } + /**#@-*/ } diff --git a/fp-includes/smarty/Smarty_Compiler.class.php b/fp-includes/smarty/Smarty_Compiler.class.php index f54cc21..1178b84 100644 --- a/fp-includes/smarty/Smarty_Compiler.class.php +++ b/fp-includes/smarty/Smarty_Compiler.class.php @@ -21,12 +21,12 @@ * @link http://smarty.php.net/ * @author Monte Ohrt * @author Andrei Zmievski - * @version 2.6.18 + * @version 2.6.26 * @copyright 2001-2005 New Digital Group, Inc. * @package Smarty */ -/* $Id: Smarty_Compiler.class.php,v 1.395 2007/03/06 10:40:06 messju Exp $ */ +/* $Id: Smarty_Compiler.class.php 3163 2009-06-17 14:39:24Z monte.ohrt $ */ /** * Template compiling class @@ -869,7 +869,7 @@ class Smarty_Compiler extends Smarty { // traditional argument format $args = implode(',', array_values($attrs)); if (empty($args)) { - $args = 'null'; + $args = ''; } } @@ -1171,7 +1171,7 @@ class Smarty_Compiler extends Smarty { } $item = $this->_dequote($attrs['item']); if (!preg_match('~^\w+$~', $item)) { - return $this->_syntax_error("'foreach: 'item' must be a variable name (literal string)", E_USER_ERROR, __FILE__, __LINE__); + return $this->_syntax_error("foreach: 'item' must be a variable name (literal string)", E_USER_ERROR, __FILE__, __LINE__); } if (isset($attrs['key'])) { @@ -1222,23 +1222,21 @@ class Smarty_Compiler extends Smarty { $attrs = $this->_parse_attrs($tag_args); if ($start) { - if (isset($attrs['name'])) - $buffer = $attrs['name']; - else - $buffer = "'default'"; - - if (isset($attrs['assign'])) - $assign = $attrs['assign']; - else - $assign = null; + $buffer = isset($attrs['name']) ? $attrs['name'] : "'default'"; + $assign = isset($attrs['assign']) ? $attrs['assign'] : null; + $append = isset($attrs['append']) ? $attrs['append'] : null; + $output = ""; - $this->_capture_stack[] = array($buffer, $assign); + $this->_capture_stack[] = array($buffer, $assign, $append); } else { - list($buffer, $assign) = array_pop($this->_capture_stack); + list($buffer, $assign, $append) = array_pop($this->_capture_stack); $output = "_smarty_vars['capture'][$buffer] = ob_get_contents(); "; if (isset($assign)) { $output .= " \$this->assign($assign, ob_get_contents());"; } + if (isset($append)) { + $output .= " \$this->append($append, ob_get_contents());"; + } $output .= "ob_end_clean(); ?>"; } @@ -1365,9 +1363,14 @@ class Smarty_Compiler extends Smarty { /* If last token was a ')', we operate on the parenthesized expression. The start of the expression is on the stack. Otherwise, we operate on the last encountered token. */ - if ($tokens[$i-1] == ')') + if ($tokens[$i-1] == ')') { $is_arg_start = array_pop($is_arg_stack); - else + if ($is_arg_start != 0) { + if (preg_match('~^' . $this->_func_regexp . '$~', $tokens[$is_arg_start-1])) { + $is_arg_start--; + } + } + } else $is_arg_start = $i-1; /* Construct the argument for 'is' expression, so it knows what to operate on. */ @@ -2044,27 +2047,57 @@ class Smarty_Compiler extends Smarty { break; case 'get': - $compiled_ref = ($this->request_use_auto_globals) ? '$_GET' : "\$GLOBALS['HTTP_GET_VARS']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_GET"; break; case 'post': - $compiled_ref = ($this->request_use_auto_globals) ? '$_POST' : "\$GLOBALS['HTTP_POST_VARS']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_POST"; break; case 'cookies': - $compiled_ref = ($this->request_use_auto_globals) ? '$_COOKIE' : "\$GLOBALS['HTTP_COOKIE_VARS']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_COOKIE"; break; case 'env': - $compiled_ref = ($this->request_use_auto_globals) ? '$_ENV' : "\$GLOBALS['HTTP_ENV_VARS']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_ENV"; break; case 'server': - $compiled_ref = ($this->request_use_auto_globals) ? '$_SERVER' : "\$GLOBALS['HTTP_SERVER_VARS']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_SERVER"; break; case 'session': - $compiled_ref = ($this->request_use_auto_globals) ? '$_SESSION' : "\$GLOBALS['HTTP_SESSION_VARS']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_SESSION"; break; /* @@ -2072,8 +2105,13 @@ class Smarty_Compiler extends Smarty { * compiler. */ case 'request': + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } if ($this->request_use_auto_globals) { - $compiled_ref = '$_REQUEST'; + $compiled_ref = "\$_REQUEST"; break; } else { $this->_init_smarty_vars = true; diff --git a/fp-includes/smarty/internals/core.process_compiled_include.php b/fp-includes/smarty/internals/core.process_compiled_include.php index d539423..904d597 100644 --- a/fp-includes/smarty/internals/core.process_compiled_include.php +++ b/fp-includes/smarty/internals/core.process_compiled_include.php @@ -25,7 +25,7 @@ function smarty_core_process_compiled_include($params, &$smarty) $smarty->_include($_include_file_path, true); } - foreach ($smarty->_cache_serials as $_include_file_path=>$_cache_serial) { + foreach ($smarty->_cache_info['cache_serials'] as $_include_file_path=>$_cache_serial) { $_return = preg_replace_callback('!(\{nocache\:('.$_cache_serial.')#(\d+)\})!s', array(&$smarty, '_process_compiled_include_callback'), $_return); diff --git a/fp-includes/smarty/internals/core.write_cache_file.php b/fp-includes/smarty/internals/core.write_cache_file.php index 72f785b..fa3cdd7 100644 --- a/fp-includes/smarty/internals/core.write_cache_file.php +++ b/fp-includes/smarty/internals/core.write_cache_file.php @@ -68,7 +68,7 @@ function smarty_core_write_cache_file($params, &$smarty) if (!empty($smarty->cache_handler_func)) { // use cache_handler function call_user_func_array($smarty->cache_handler_func, - array('write', &$smarty, &$params['results'], $params['tpl_file'], $params['cache_id'], $params['compile_id'], null)); + array('write', &$smarty, &$params['results'], $params['tpl_file'], $params['cache_id'], $params['compile_id'], $smarty->_cache_info['expires'])); } else { // use local cache file diff --git a/fp-includes/smarty/plugins/compiler.assign.php b/fp-includes/smarty/plugins/compiler.assign.php index be17298..abef377 100644 --- a/fp-includes/smarty/plugins/compiler.assign.php +++ b/fp-includes/smarty/plugins/compiler.assign.php @@ -14,7 +14,7 @@ * @link http://smarty.php.net/manual/en/language.custom.functions.php#LANGUAGE.FUNCTION.ASSIGN {assign} * (Smarty online manual) * @author Monte Ohrt (initial author) - * @auther messju mohr (conversion to compiler function) + * @author messju mohr (conversion to compiler function) * @param string containing var-attribute and value-attribute * @param Smarty_Compiler */ diff --git a/fp-includes/smarty/plugins/function.math.php b/fp-includes/smarty/plugins/function.math.php index 71672fe..bb78dac 100644 --- a/fp-includes/smarty/plugins/function.math.php +++ b/fp-includes/smarty/plugins/function.math.php @@ -27,7 +27,8 @@ function smarty_function_math($params, &$smarty) return; } - $equation = $params['equation']; + // strip out backticks, not necessary for math + $equation = str_replace('`','',$params['equation']); // make sure parenthesis are balanced if (substr_count($equation,"(") != substr_count($equation,")")) { diff --git a/fp-includes/smarty/plugins/modifier.regex_replace.php b/fp-includes/smarty/plugins/modifier.regex_replace.php index d4d2030..100b58c 100644 --- a/fp-includes/smarty/plugins/modifier.regex_replace.php +++ b/fp-includes/smarty/plugins/modifier.regex_replace.php @@ -22,12 +22,25 @@ */ function smarty_modifier_regex_replace($string, $search, $replace) { + if(is_array($search)) { + foreach($search as $idx => $s) + $search[$idx] = _smarty_regex_replace_check($s); + } else { + $search = _smarty_regex_replace_check($search); + } + + return preg_replace($search, $replace, $string); +} + +function _smarty_regex_replace_check($search) +{ + if (($pos = strpos($search,"\0")) !== false) + $search = substr($search,0,$pos); if (preg_match('!([a-zA-Z\s]+)$!s', $search, $match) && (strpos($match[1], 'e') !== false)) { /* remove eval-modifier from $search */ $search = substr($search, 0, -strlen($match[1])) . preg_replace('![e\s]+!', '', $match[1]); } - - return preg_replace($search, $replace, $string); + return $search; } /* vim: set expandtab: */ diff --git a/fp-includes/smarty/plugins/outputfilter.trimwhitespace.php b/fp-includes/smarty/plugins/outputfilter.trimwhitespace.php index 97b0d21..739fa39 100644 --- a/fp-includes/smarty/plugins/outputfilter.trimwhitespace.php +++ b/fp-includes/smarty/plugins/outputfilter.trimwhitespace.php @@ -28,21 +28,21 @@ function smarty_outputfilter_trimwhitespace($source, &$smarty) { // Pull out the script blocks - preg_match_all("!]+>.*?!is", $source, $match); + preg_match_all("!]*?>.*?!is", $source, $match); $_script_blocks = $match[0]; - $source = preg_replace("!]+>.*?!is", + $source = preg_replace("!]*?>.*?!is", '@@@SMARTY:TRIM:SCRIPT@@@', $source); // Pull out the pre blocks - preg_match_all("!
.*?
!is", $source, $match); + preg_match_all("!]*?>.*?!is", $source, $match); $_pre_blocks = $match[0]; - $source = preg_replace("!
.*?
!is", + $source = preg_replace("!]*?>.*?!is", '@@@SMARTY:TRIM:PRE@@@', $source); - + // Pull out the textarea blocks - preg_match_all("!]+>.*?!is", $source, $match); + preg_match_all("!]*?>.*?!is", $source, $match); $_textarea_blocks = $match[0]; - $source = preg_replace("!]+>.*?!is", + $source = preg_replace("!]*?>.*?!is", '@@@SMARTY:TRIM:TEXTAREA@@@', $source); // remove all leading spaces, tabs and carriage returns NOT