X-Git-Url: https://git.sur5r.net/?p=contagged;a=blobdiff_plain;f=inc%2Fsmarty%2FSmarty_Compiler.class.php;fp=inc%2Fsmarty%2FSmarty_Compiler.class.php;h=00602150555fd6bbd77642be003f690952ce1577;hp=f54cc2112a8ebc8e2bbe9850a4e386962b3f3110;hb=bedb277369f315e1298b14adecd8909323cf165f;hpb=6898c7085d4412426d487d950d6a8647fd4b6eb8 diff --git a/inc/smarty/Smarty_Compiler.class.php b/inc/smarty/Smarty_Compiler.class.php index f54cc21..0060215 100644 --- a/inc/smarty/Smarty_Compiler.class.php +++ b/inc/smarty/Smarty_Compiler.class.php @@ -21,12 +21,12 @@ * @link http://smarty.php.net/ * @author Monte Ohrt * @author Andrei Zmievski - * @version 2.6.18 + * @version 2.6.25-dev * @copyright 2001-2005 New Digital Group, Inc. * @package Smarty */ -/* $Id: Smarty_Compiler.class.php,v 1.395 2007/03/06 10:40:06 messju Exp $ */ +/* $Id$ */ /** * Template compiling class @@ -78,7 +78,7 @@ class Smarty_Compiler extends Smarty { /** * The class constructor. */ - function Smarty_Compiler() + public function __construct() { // matches double quoted strings: // "foobar" @@ -262,11 +262,11 @@ class Smarty_Compiler extends Smarty { reset($this->_folded_blocks); /* replace special blocks by "{php}" */ - $source_content = preg_replace($search.'e', "'" + $source_content = preg_replace_callback($search, create_function ('$matches', "return '" . $this->_quote_replace($this->left_delimiter) . 'php' - . "' . str_repeat(\"\n\", substr_count('\\0', \"\n\")) .'" + . "' . str_repeat(\"\n\", substr_count('\$matches[1]', \"\n\")) .'" . $this->_quote_replace($this->right_delimiter) - . "'" + . "';") , $source_content); /* Gather all template tags. */ @@ -869,7 +869,7 @@ class Smarty_Compiler extends Smarty { // traditional argument format $args = implode(',', array_values($attrs)); if (empty($args)) { - $args = 'null'; + $args = ''; } } @@ -1171,7 +1171,7 @@ class Smarty_Compiler extends Smarty { } $item = $this->_dequote($attrs['item']); if (!preg_match('~^\w+$~', $item)) { - return $this->_syntax_error("'foreach: 'item' must be a variable name (literal string)", E_USER_ERROR, __FILE__, __LINE__); + return $this->_syntax_error("foreach: 'item' must be a variable name (literal string)", E_USER_ERROR, __FILE__, __LINE__); } if (isset($attrs['key'])) { @@ -1222,23 +1222,21 @@ class Smarty_Compiler extends Smarty { $attrs = $this->_parse_attrs($tag_args); if ($start) { - if (isset($attrs['name'])) - $buffer = $attrs['name']; - else - $buffer = "'default'"; - - if (isset($attrs['assign'])) - $assign = $attrs['assign']; - else - $assign = null; + $buffer = isset($attrs['name']) ? $attrs['name'] : "'default'"; + $assign = isset($attrs['assign']) ? $attrs['assign'] : null; + $append = isset($attrs['append']) ? $attrs['append'] : null; + $output = ""; - $this->_capture_stack[] = array($buffer, $assign); + $this->_capture_stack[] = array($buffer, $assign, $append); } else { - list($buffer, $assign) = array_pop($this->_capture_stack); + list($buffer, $assign, $append) = array_pop($this->_capture_stack); $output = "_smarty_vars['capture'][$buffer] = ob_get_contents(); "; if (isset($assign)) { $output .= " \$this->assign($assign, ob_get_contents());"; } + if (isset($append)) { + $output .= " \$this->append($append, ob_get_contents());"; + } $output .= "ob_end_clean(); ?>"; } @@ -1365,9 +1363,14 @@ class Smarty_Compiler extends Smarty { /* If last token was a ')', we operate on the parenthesized expression. The start of the expression is on the stack. Otherwise, we operate on the last encountered token. */ - if ($tokens[$i-1] == ')') + if ($tokens[$i-1] == ')') { $is_arg_start = array_pop($is_arg_stack); - else + if ($is_arg_start != 0) { + if (preg_match('~^' . $this->_func_regexp . '$~', $tokens[$is_arg_start-1])) { + $is_arg_start--; + } + } + } else $is_arg_start = $i-1; /* Construct the argument for 'is' expression, so it knows what to operate on. */ @@ -2044,27 +2047,57 @@ class Smarty_Compiler extends Smarty { break; case 'get': - $compiled_ref = ($this->request_use_auto_globals) ? '$_GET' : "\$GLOBALS['HTTP_GET_VARS']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_GET"; break; case 'post': - $compiled_ref = ($this->request_use_auto_globals) ? '$_POST' : "\$GLOBALS['HTTP_POST_VARS']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_POST"; break; case 'cookies': - $compiled_ref = ($this->request_use_auto_globals) ? '$_COOKIE' : "\$GLOBALS['HTTP_COOKIE_VARS']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_COOKIE"; break; case 'env': - $compiled_ref = ($this->request_use_auto_globals) ? '$_ENV' : "\$GLOBALS['HTTP_ENV_VARS']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_ENV"; break; case 'server': - $compiled_ref = ($this->request_use_auto_globals) ? '$_SERVER' : "\$GLOBALS['HTTP_SERVER_VARS']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_SERVER"; break; case 'session': - $compiled_ref = ($this->request_use_auto_globals) ? '$_SESSION' : "\$GLOBALS['HTTP_SESSION_VARS']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_SESSION"; break; /* @@ -2072,8 +2105,13 @@ class Smarty_Compiler extends Smarty { * compiler. */ case 'request': + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } if ($this->request_use_auto_globals) { - $compiled_ref = '$_REQUEST'; + $compiled_ref = "\$_REQUEST"; break; } else { $this->_init_smarty_vars = true; @@ -2084,7 +2122,7 @@ class Smarty_Compiler extends Smarty { return null; case 'template': - $compiled_ref = "'$this->_current_file'"; + $compiled_ref = "'" . addslashes($this->_current_file) . "'"; $_max_index = 1; break;