Merge pull request #15 from cweiske/master

[contagged] / inc / smarty / plugins / function.math.php

diff --git a/inc/smarty/plugins/function.math.php b/inc/smarty/plugins/function.math.php
index 71672fea41f6c9a81bd848d938952b256ba7f00d..655fe728d538a94c33222fc15a45212ed3e3c923 100644 (file)
--- a/inc/smarty/plugins/function.math.php
+++ b/inc/smarty/plugins/function.math.php
@@ -1,84 +1,104 @@
 <?php
 /**
  * Smarty plugin
- * @package Smarty
- * @subpackage plugins
+ * This plugin is only for Smarty2 BC
+ *
+ * @package    Smarty
+ * @subpackage PluginsFunction
  */
 
-
 /**
  * Smarty {math} function plugin
- *
  * Type:     function<br>
  * Name:     math<br>
- * Purpose:  handle math computations in template<br>
- * @link http://smarty.php.net/manual/en/language.function.math.php {math}
- *          (Smarty online manual)
+ * Purpose:  handle math computations in template
+ *
+ * @link     http://www.smarty.net/manual/en/language.function.math.php {math}
+ *           (Smarty online manual)
  * @author   Monte Ohrt <monte at ohrt dot com>
- * @param array
- * @param Smarty
- * @return string
+ *
+ * @param array                    $params   parameters
+ * @param Smarty_Internal_Template $template template object
+ *
+ * @return string|null
  */
-function smarty_function_math($params, &$smarty)
+function smarty_function_math($params, $template)
 {
+    static $_allowed_funcs =
+        array('int' => true, 'abs' => true, 'ceil' => true, 'cos' => true, 'exp' => true, 'floor' => true,
+              'log' => true, 'log10' => true, 'max' => true, 'min' => true, 'pi' => true, 'pow' => true, 'rand' => true,
+              'round' => true, 'sin' => true, 'sqrt' => true, 'srand' => true, 'tan' => true);
     // be sure equation parameter is present
-    if (empty($params['equation'])) {
-        $smarty->trigger_error("math: missing equation parameter");
+    if (empty($params[ 'equation' ])) {
+        trigger_error("math: missing equation parameter", E_USER_WARNING);
+
         return;
     }
 
-    $equation = $params['equation'];
+    $equation = $params[ 'equation' ];
 
     // make sure parenthesis are balanced
-    if (substr_count($equation,"(") != substr_count($equation,")")) {
-        $smarty->trigger_error("math: unbalanced parenthesis");
+    if (substr_count($equation, "(") != substr_count($equation, ")")) {
+        trigger_error("math: unbalanced parenthesis", E_USER_WARNING);
+
+        return;
+    }
+
+    // disallow backticks
+    if (strpos($equation, '`') !== false) {
+        trigger_error("math: backtick character not allowed in equation", E_USER_WARNING);
+
+        return;
+    }
+
+    // also disallow dollar signs
+    if (strpos($equation, '$') !== false) {
+        trigger_error("math: dollar signs not allowed in equation", E_USER_WARNING);
+
         return;
     }
 
     // match all vars in equation, make sure all are passed
-    preg_match_all("!(?:0x[a-fA-F0-9]+)|([a-zA-Z][a-zA-Z0-9_]+)!",$equation, $match);
-    $allowed_funcs = array('int','abs','ceil','cos','exp','floor','log','log10',
-                           'max','min','pi','pow','rand','round','sin','sqrt','srand','tan');
-    
-    foreach($match[1] as $curr_var) {
-        if ($curr_var && !in_array($curr_var, array_keys($params)) && !in_array($curr_var, $allowed_funcs)) {
-            $smarty->trigger_error("math: function call $curr_var not allowed");
+    preg_match_all('!(?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)!', $equation, $match);
+
+    foreach ($match[ 1 ] as $curr_var) {
+        if ($curr_var && !isset($params[ $curr_var ]) && !isset($_allowed_funcs[ $curr_var ])) {
+            trigger_error("math: function call $curr_var not allowed", E_USER_WARNING);
+
             return;
         }
     }
 
-    foreach($params as $key => $val) {
+    foreach ($params as $key => $val) {
         if ($key != "equation" && $key != "format" && $key != "assign") {
             // make sure value is not empty
-            if (strlen($val)==0) {
-                $smarty->trigger_error("math: parameter $key is empty");
+            if (strlen($val) == 0) {
+                trigger_error("math: parameter $key is empty", E_USER_WARNING);
+
                 return;
             }
             if (!is_numeric($val)) {
-                $smarty->trigger_error("math: parameter $key: is not numeric");
+                trigger_error("math: parameter $key: is not numeric", E_USER_WARNING);
+
                 return;
             }
             $equation = preg_replace("/\b$key\b/", " \$params['$key'] ", $equation);
         }
     }
+    $smarty_math_result = null;
+    eval("\$smarty_math_result = " . $equation . ";");
 
-    eval("\$smarty_math_result = ".$equation.";");
-
-    if (empty($params['format'])) {
-        if (empty($params['assign'])) {
+    if (empty($params[ 'format' ])) {
+        if (empty($params[ 'assign' ])) {
             return $smarty_math_result;
         } else {
-            $smarty->assign($params['assign'],$smarty_math_result);
+            $template->assign($params[ 'assign' ], $smarty_math_result);
         }
     } else {
-        if (empty($params['assign'])){
-            printf($params['format'],$smarty_math_result);
+        if (empty($params[ 'assign' ])) {
+            printf($params[ 'format' ], $smarty_math_result);
         } else {
-            $smarty->assign($params['assign'],sprintf($params['format'],$smarty_math_result));
+            $template->assign($params[ 'assign' ], sprintf($params[ 'format' ], $smarty_math_result));
         }
     }
 }
-
-/* vim: set expandtab: */
-
-?>