From: Christian Weiske Date: Fri, 11 Aug 2017 19:42:30 +0000 (+0200) Subject: Upgrade smarty from 2.6.18 to 2.6.30 X-Git-Url: https://git.sur5r.net/?p=contagged;a=commitdiff_plain;h=f204d4d8fe772001803c3509f8be0528840be4eb Upgrade smarty from 2.6.18 to 2.6.30 --- diff --git a/inc/smarty/Config_File.class.php b/inc/smarty/Config_File.class.php index 3d7c1b4..6d8c298 100644 --- a/inc/smarty/Config_File.class.php +++ b/inc/smarty/Config_File.class.php @@ -17,15 +17,19 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * - * @link http://smarty.php.net/ - * @version 2.6.18 + * For questions, help, comments, discussion, etc., please join the + * Smarty mailing list. Send a blank e-mail to + * smarty-discussion-subscribe@googlegroups.com + * + * @link http://www.smarty.net/ + * @version 2.6.25-dev * @copyright Copyright: 2001-2005 New Digital Group, Inc. * @author Andrei Zmievski * @access public * @package Smarty */ -/* $Id: Config_File.class.php,v 1.88 2007/03/06 10:40:06 messju Exp $ */ +/* $Id$ */ /** * Config file reading class @@ -69,7 +73,7 @@ class Config_File { * * @param string $config_path (optional) path to the config files */ - function Config_File($config_path = NULL) + public function __construct($config_path = NULL) { if (isset($config_path)) $this->set_path($config_path); diff --git a/inc/smarty/Smarty.class.php b/inc/smarty/Smarty.class.php index f05e0da..41d5370 100644 --- a/inc/smarty/Smarty.class.php +++ b/inc/smarty/Smarty.class.php @@ -20,17 +20,17 @@ * * For questions, help, comments, discussion, etc., please join the * Smarty mailing list. Send a blank e-mail to - * smarty-general-subscribe@lists.php.net + * smarty-discussion-subscribe@googlegroups.com * - * @link http://smarty.php.net/ + * @link http://www.smarty.net/ * @copyright 2001-2005 New Digital Group, Inc. * @author Monte Ohrt * @author Andrei Zmievski * @package Smarty - * @version 2.6.18 + * @version 2.6.30 */ -/* $Id: Smarty.class.php,v 1.528 2007/03/06 10:40:06 messju Exp $ */ +/* $Id$ */ /** * DIR_SEP isn't used anymore, but third party apps might @@ -107,7 +107,7 @@ class Smarty /** * When set, smarty does uses this value as error_reporting-level. * - * @var boolean + * @var integer */ var $error_reporting = null; @@ -236,7 +236,8 @@ class Smarty 'INCLUDE_ANY' => false, 'PHP_TAGS' => false, 'MODIFIER_FUNCS' => array('count'), - 'ALLOW_CONSTANTS' => false + 'ALLOW_CONSTANTS' => false, + 'ALLOW_SUPER_GLOBALS' => true ); /** @@ -464,7 +465,7 @@ class Smarty * * @var string */ - var $_version = '2.6.18'; + var $_version = '2.6.30'; /** * current template inclusion depth @@ -561,11 +562,17 @@ class Smarty */ var $_cache_including = false; + /** + * plugin filepath cache + * + * @var array + */ + var $_filepaths_cache = array(); /**#@-*/ /** * The class constructor. */ - function Smarty() + public function __construct() { $this->assign('SCRIPT_NAME', isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : @$GLOBALS['HTTP_SERVER_VARS']['SCRIPT_NAME']); @@ -838,69 +845,66 @@ class Smarty * Registers a prefilter function to apply * to a template before compiling * - * @param string $function name of PHP function to register + * @param callback $function */ function register_prefilter($function) { - $_name = (is_array($function)) ? $function[1] : $function; - $this->_plugins['prefilter'][$_name] + $this->_plugins['prefilter'][$this->_get_filter_name($function)] = array($function, null, null, false); } /** * Unregisters a prefilter function * - * @param string $function name of PHP function + * @param callback $function */ function unregister_prefilter($function) { - unset($this->_plugins['prefilter'][$function]); + unset($this->_plugins['prefilter'][$this->_get_filter_name($function)]); } /** * Registers a postfilter function to apply * to a compiled template after compilation * - * @param string $function name of PHP function to register + * @param callback $function */ function register_postfilter($function) { - $_name = (is_array($function)) ? $function[1] : $function; - $this->_plugins['postfilter'][$_name] + $this->_plugins['postfilter'][$this->_get_filter_name($function)] = array($function, null, null, false); } /** * Unregisters a postfilter function * - * @param string $function name of PHP function + * @param callback $function */ function unregister_postfilter($function) { - unset($this->_plugins['postfilter'][$function]); + unset($this->_plugins['postfilter'][$this->_get_filter_name($function)]); } /** * Registers an output filter function to apply * to a template output * - * @param string $function name of PHP function + * @param callback $function */ function register_outputfilter($function) { - $_name = (is_array($function)) ? $function[1] : $function; - $this->_plugins['outputfilter'][$_name] + $this->_plugins['outputfilter'][$this->_get_filter_name($function)] = array($function, null, null, false); } /** * Unregisters an outputfilter function * - * @param string $function name of PHP function + * @param callback $function */ function unregister_outputfilter($function) { - unset($this->_plugins['outputfilter'][$function]); + unset($this->_plugins['outputfilter'][$this->_get_filter_name($function)]); } /** @@ -1060,7 +1064,7 @@ class Smarty } else { // var non-existant, return valid reference $_tmp = null; - return $_tmp; + return $_tmp; } } @@ -1092,7 +1096,8 @@ class Smarty */ function trigger_error($error_msg, $error_type = E_USER_WARNING) { - trigger_error("Smarty error: $error_msg", $error_type); + $msg = htmlentities($error_msg); + trigger_error("Smarty error: $msg", $error_type); } @@ -1119,7 +1124,7 @@ class Smarty function fetch($resource_name, $cache_id = null, $compile_id = null, $display = false) { static $_cache_info = array(); - + $_smarty_old_error_level = $this->debugging ? error_reporting() : error_reporting(isset($this->error_reporting) ? $this->error_reporting : error_reporting() & ~E_NOTICE); @@ -1551,7 +1556,7 @@ class Smarty $params['source_content'] = $this->_read_file($_resource_name); } $params['resource_timestamp'] = filemtime($_resource_name); - $_return = is_file($_resource_name); + $_return = is_file($_resource_name) && is_readable($_resource_name); break; default: @@ -1714,7 +1719,7 @@ class Smarty */ function _read_file($filename) { - if ( file_exists($filename) && ($fd = @fopen($filename, 'rb')) ) { + if ( file_exists($filename) && is_readable($filename) && ($fd = @fopen($filename, 'rb')) ) { $contents = ''; while (!feof($fd)) { $contents .= fread($fd, 8192); @@ -1935,6 +1940,25 @@ class Smarty { return eval($code); } + + /** + * Extracts the filter name from the given callback + * + * @param callback $function + * @return string + */ + function _get_filter_name($function) + { + if (is_array($function)) { + $_class_name = (is_object($function[0]) ? + get_class($function[0]) : $function[0]); + return $_class_name . '_' . $function[1]; + } + else { + return $function; + } + } + /**#@-*/ } diff --git a/inc/smarty/Smarty_Compiler.class.php b/inc/smarty/Smarty_Compiler.class.php index f54cc21..0060215 100644 --- a/inc/smarty/Smarty_Compiler.class.php +++ b/inc/smarty/Smarty_Compiler.class.php @@ -21,12 +21,12 @@ * @link http://smarty.php.net/ * @author Monte Ohrt * @author Andrei Zmievski - * @version 2.6.18 + * @version 2.6.25-dev * @copyright 2001-2005 New Digital Group, Inc. * @package Smarty */ -/* $Id: Smarty_Compiler.class.php,v 1.395 2007/03/06 10:40:06 messju Exp $ */ +/* $Id$ */ /** * Template compiling class @@ -78,7 +78,7 @@ class Smarty_Compiler extends Smarty { /** * The class constructor. */ - function Smarty_Compiler() + public function __construct() { // matches double quoted strings: // "foobar" @@ -262,11 +262,11 @@ class Smarty_Compiler extends Smarty { reset($this->_folded_blocks); /* replace special blocks by "{php}" */ - $source_content = preg_replace($search.'e', "'" + $source_content = preg_replace_callback($search, create_function ('$matches', "return '" . $this->_quote_replace($this->left_delimiter) . 'php' - . "' . str_repeat(\"\n\", substr_count('\\0', \"\n\")) .'" + . "' . str_repeat(\"\n\", substr_count('\$matches[1]', \"\n\")) .'" . $this->_quote_replace($this->right_delimiter) - . "'" + . "';") , $source_content); /* Gather all template tags. */ @@ -869,7 +869,7 @@ class Smarty_Compiler extends Smarty { // traditional argument format $args = implode(',', array_values($attrs)); if (empty($args)) { - $args = 'null'; + $args = ''; } } @@ -1171,7 +1171,7 @@ class Smarty_Compiler extends Smarty { } $item = $this->_dequote($attrs['item']); if (!preg_match('~^\w+$~', $item)) { - return $this->_syntax_error("'foreach: 'item' must be a variable name (literal string)", E_USER_ERROR, __FILE__, __LINE__); + return $this->_syntax_error("foreach: 'item' must be a variable name (literal string)", E_USER_ERROR, __FILE__, __LINE__); } if (isset($attrs['key'])) { @@ -1222,23 +1222,21 @@ class Smarty_Compiler extends Smarty { $attrs = $this->_parse_attrs($tag_args); if ($start) { - if (isset($attrs['name'])) - $buffer = $attrs['name']; - else - $buffer = "'default'"; - - if (isset($attrs['assign'])) - $assign = $attrs['assign']; - else - $assign = null; + $buffer = isset($attrs['name']) ? $attrs['name'] : "'default'"; + $assign = isset($attrs['assign']) ? $attrs['assign'] : null; + $append = isset($attrs['append']) ? $attrs['append'] : null; + $output = ""; - $this->_capture_stack[] = array($buffer, $assign); + $this->_capture_stack[] = array($buffer, $assign, $append); } else { - list($buffer, $assign) = array_pop($this->_capture_stack); + list($buffer, $assign, $append) = array_pop($this->_capture_stack); $output = "_smarty_vars['capture'][$buffer] = ob_get_contents(); "; if (isset($assign)) { $output .= " \$this->assign($assign, ob_get_contents());"; } + if (isset($append)) { + $output .= " \$this->append($append, ob_get_contents());"; + } $output .= "ob_end_clean(); ?>"; } @@ -1365,9 +1363,14 @@ class Smarty_Compiler extends Smarty { /* If last token was a ')', we operate on the parenthesized expression. The start of the expression is on the stack. Otherwise, we operate on the last encountered token. */ - if ($tokens[$i-1] == ')') + if ($tokens[$i-1] == ')') { $is_arg_start = array_pop($is_arg_stack); - else + if ($is_arg_start != 0) { + if (preg_match('~^' . $this->_func_regexp . '$~', $tokens[$is_arg_start-1])) { + $is_arg_start--; + } + } + } else $is_arg_start = $i-1; /* Construct the argument for 'is' expression, so it knows what to operate on. */ @@ -2044,27 +2047,57 @@ class Smarty_Compiler extends Smarty { break; case 'get': - $compiled_ref = ($this->request_use_auto_globals) ? '$_GET' : "\$GLOBALS['HTTP_GET_VARS']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_GET"; break; case 'post': - $compiled_ref = ($this->request_use_auto_globals) ? '$_POST' : "\$GLOBALS['HTTP_POST_VARS']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_POST"; break; case 'cookies': - $compiled_ref = ($this->request_use_auto_globals) ? '$_COOKIE' : "\$GLOBALS['HTTP_COOKIE_VARS']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_COOKIE"; break; case 'env': - $compiled_ref = ($this->request_use_auto_globals) ? '$_ENV' : "\$GLOBALS['HTTP_ENV_VARS']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_ENV"; break; case 'server': - $compiled_ref = ($this->request_use_auto_globals) ? '$_SERVER' : "\$GLOBALS['HTTP_SERVER_VARS']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_SERVER"; break; case 'session': - $compiled_ref = ($this->request_use_auto_globals) ? '$_SESSION' : "\$GLOBALS['HTTP_SESSION_VARS']"; + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } + $compiled_ref = "\$_SESSION"; break; /* @@ -2072,8 +2105,13 @@ class Smarty_Compiler extends Smarty { * compiler. */ case 'request': + if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->_syntax_error("(secure mode) super global access not permitted", + E_USER_WARNING, __FILE__, __LINE__); + return; + } if ($this->request_use_auto_globals) { - $compiled_ref = '$_REQUEST'; + $compiled_ref = "\$_REQUEST"; break; } else { $this->_init_smarty_vars = true; @@ -2084,7 +2122,7 @@ class Smarty_Compiler extends Smarty { return null; case 'template': - $compiled_ref = "'$this->_current_file'"; + $compiled_ref = "'" . addslashes($this->_current_file) . "'"; $_max_index = 1; break; diff --git a/inc/smarty/internals/core.assemble_plugin_filepath.php b/inc/smarty/internals/core.assemble_plugin_filepath.php index 690d3dd..22c0248 100644 --- a/inc/smarty/internals/core.assemble_plugin_filepath.php +++ b/inc/smarty/internals/core.assemble_plugin_filepath.php @@ -14,11 +14,9 @@ */ function smarty_core_assemble_plugin_filepath($params, &$smarty) { - static $_filepaths_cache = array(); - $_plugin_filename = $params['type'] . '.' . $params['name'] . '.php'; - if (isset($_filepaths_cache[$_plugin_filename])) { - return $_filepaths_cache[$_plugin_filename]; + if (isset($smarty->_filepaths_cache[$_plugin_filename])) { + return $smarty->_filepaths_cache[$_plugin_filename]; } $_return = false; @@ -58,7 +56,7 @@ function smarty_core_assemble_plugin_filepath($params, &$smarty) } } } - $_filepaths_cache[$_plugin_filename] = $_return; + $smarty->_filepaths_cache[$_plugin_filename] = $_return; return $_return; } diff --git a/inc/smarty/internals/core.process_compiled_include.php b/inc/smarty/internals/core.process_compiled_include.php index d539423..904d597 100644 --- a/inc/smarty/internals/core.process_compiled_include.php +++ b/inc/smarty/internals/core.process_compiled_include.php @@ -25,7 +25,7 @@ function smarty_core_process_compiled_include($params, &$smarty) $smarty->_include($_include_file_path, true); } - foreach ($smarty->_cache_serials as $_include_file_path=>$_cache_serial) { + foreach ($smarty->_cache_info['cache_serials'] as $_include_file_path=>$_cache_serial) { $_return = preg_replace_callback('!(\{nocache\:('.$_cache_serial.')#(\d+)\})!s', array(&$smarty, '_process_compiled_include_callback'), $_return); diff --git a/inc/smarty/internals/core.write_cache_file.php b/inc/smarty/internals/core.write_cache_file.php index 72f785b..fa3cdd7 100644 --- a/inc/smarty/internals/core.write_cache_file.php +++ b/inc/smarty/internals/core.write_cache_file.php @@ -68,7 +68,7 @@ function smarty_core_write_cache_file($params, &$smarty) if (!empty($smarty->cache_handler_func)) { // use cache_handler function call_user_func_array($smarty->cache_handler_func, - array('write', &$smarty, &$params['results'], $params['tpl_file'], $params['cache_id'], $params['compile_id'], null)); + array('write', &$smarty, &$params['results'], $params['tpl_file'], $params['cache_id'], $params['compile_id'], $smarty->_cache_info['expires'])); } else { // use local cache file diff --git a/inc/smarty/plugins/compiler.assign.php b/inc/smarty/plugins/compiler.assign.php index be17298..abef377 100644 --- a/inc/smarty/plugins/compiler.assign.php +++ b/inc/smarty/plugins/compiler.assign.php @@ -14,7 +14,7 @@ * @link http://smarty.php.net/manual/en/language.custom.functions.php#LANGUAGE.FUNCTION.ASSIGN {assign} * (Smarty online manual) * @author Monte Ohrt (initial author) - * @auther messju mohr (conversion to compiler function) + * @author messju mohr (conversion to compiler function) * @param string containing var-attribute and value-attribute * @param Smarty_Compiler */ diff --git a/inc/smarty/plugins/function.cycle.php b/inc/smarty/plugins/function.cycle.php index fe78bb8..80378b7 100644 --- a/inc/smarty/plugins/function.cycle.php +++ b/inc/smarty/plugins/function.cycle.php @@ -63,7 +63,11 @@ function smarty_function_cycle($params, &$smarty) $cycle_vars[$name]['values'] = $params['values']; } - $cycle_vars[$name]['delimiter'] = (isset($params['delimiter'])) ? $params['delimiter'] : ','; + if (isset($params['delimiter'])) { + $cycle_vars[$name]['delimiter'] = $params['delimiter']; + } elseif (!isset($cycle_vars[$name]['delimiter'])) { + $cycle_vars[$name]['delimiter'] = ','; + } if(is_array($cycle_vars[$name]['values'])) { $cycle_array = $cycle_vars[$name]['values']; diff --git a/inc/smarty/plugins/function.fetch.php b/inc/smarty/plugins/function.fetch.php index 81b1bfc..d72c7b1 100644 --- a/inc/smarty/plugins/function.fetch.php +++ b/inc/smarty/plugins/function.fetch.php @@ -181,12 +181,12 @@ function smarty_function_fetch($params, &$smarty) $content .= fgets($fp,4096); } fclose($fp); - $csplit = split("\r\n\r\n",$content,2); + $csplit = preg_split("!\r\n\r\n!",$content,2); $content = $csplit[1]; if(!empty($params['assign_headers'])) { - $smarty->assign($params['assign_headers'],split("\r\n",$csplit[0])); + $smarty->assign($params['assign_headers'],preg_split("!\r\n!",$csplit[0])); } } } else { diff --git a/inc/smarty/plugins/function.math.php b/inc/smarty/plugins/function.math.php index 71672fe..655fe72 100644 --- a/inc/smarty/plugins/function.math.php +++ b/inc/smarty/plugins/function.math.php @@ -1,84 +1,104 @@ * Name: math
- * Purpose: handle math computations in template
- * @link http://smarty.php.net/manual/en/language.function.math.php {math} - * (Smarty online manual) + * Purpose: handle math computations in template + * + * @link http://www.smarty.net/manual/en/language.function.math.php {math} + * (Smarty online manual) * @author Monte Ohrt - * @param array - * @param Smarty - * @return string + * + * @param array $params parameters + * @param Smarty_Internal_Template $template template object + * + * @return string|null */ -function smarty_function_math($params, &$smarty) +function smarty_function_math($params, $template) { + static $_allowed_funcs = + array('int' => true, 'abs' => true, 'ceil' => true, 'cos' => true, 'exp' => true, 'floor' => true, + 'log' => true, 'log10' => true, 'max' => true, 'min' => true, 'pi' => true, 'pow' => true, 'rand' => true, + 'round' => true, 'sin' => true, 'sqrt' => true, 'srand' => true, 'tan' => true); // be sure equation parameter is present - if (empty($params['equation'])) { - $smarty->trigger_error("math: missing equation parameter"); + if (empty($params[ 'equation' ])) { + trigger_error("math: missing equation parameter", E_USER_WARNING); + return; } - $equation = $params['equation']; + $equation = $params[ 'equation' ]; // make sure parenthesis are balanced - if (substr_count($equation,"(") != substr_count($equation,")")) { - $smarty->trigger_error("math: unbalanced parenthesis"); + if (substr_count($equation, "(") != substr_count($equation, ")")) { + trigger_error("math: unbalanced parenthesis", E_USER_WARNING); + + return; + } + + // disallow backticks + if (strpos($equation, '`') !== false) { + trigger_error("math: backtick character not allowed in equation", E_USER_WARNING); + + return; + } + + // also disallow dollar signs + if (strpos($equation, '$') !== false) { + trigger_error("math: dollar signs not allowed in equation", E_USER_WARNING); + return; } // match all vars in equation, make sure all are passed - preg_match_all("!(?:0x[a-fA-F0-9]+)|([a-zA-Z][a-zA-Z0-9_]+)!",$equation, $match); - $allowed_funcs = array('int','abs','ceil','cos','exp','floor','log','log10', - 'max','min','pi','pow','rand','round','sin','sqrt','srand','tan'); - - foreach($match[1] as $curr_var) { - if ($curr_var && !in_array($curr_var, array_keys($params)) && !in_array($curr_var, $allowed_funcs)) { - $smarty->trigger_error("math: function call $curr_var not allowed"); + preg_match_all('!(?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)!', $equation, $match); + + foreach ($match[ 1 ] as $curr_var) { + if ($curr_var && !isset($params[ $curr_var ]) && !isset($_allowed_funcs[ $curr_var ])) { + trigger_error("math: function call $curr_var not allowed", E_USER_WARNING); + return; } } - foreach($params as $key => $val) { + foreach ($params as $key => $val) { if ($key != "equation" && $key != "format" && $key != "assign") { // make sure value is not empty - if (strlen($val)==0) { - $smarty->trigger_error("math: parameter $key is empty"); + if (strlen($val) == 0) { + trigger_error("math: parameter $key is empty", E_USER_WARNING); + return; } if (!is_numeric($val)) { - $smarty->trigger_error("math: parameter $key: is not numeric"); + trigger_error("math: parameter $key: is not numeric", E_USER_WARNING); + return; } $equation = preg_replace("/\b$key\b/", " \$params['$key'] ", $equation); } } + $smarty_math_result = null; + eval("\$smarty_math_result = " . $equation . ";"); - eval("\$smarty_math_result = ".$equation.";"); - - if (empty($params['format'])) { - if (empty($params['assign'])) { + if (empty($params[ 'format' ])) { + if (empty($params[ 'assign' ])) { return $smarty_math_result; } else { - $smarty->assign($params['assign'],$smarty_math_result); + $template->assign($params[ 'assign' ], $smarty_math_result); } } else { - if (empty($params['assign'])){ - printf($params['format'],$smarty_math_result); + if (empty($params[ 'assign' ])) { + printf($params[ 'format' ], $smarty_math_result); } else { - $smarty->assign($params['assign'],sprintf($params['format'],$smarty_math_result)); + $template->assign($params[ 'assign' ], sprintf($params[ 'format' ], $smarty_math_result)); } } } - -/* vim: set expandtab: */ - -?> diff --git a/inc/smarty/plugins/modifier.escape.php b/inc/smarty/plugins/modifier.escape.php index 7d3230b..a2f52b2 100644 --- a/inc/smarty/plugins/modifier.escape.php +++ b/inc/smarty/plugins/modifier.escape.php @@ -33,7 +33,7 @@ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = 'ISO-88 case 'urlpathinfo': return str_replace('%2F','/',rawurlencode($string)); - + case 'quotes': // escape unescaped single quotes return preg_replace("%(?'\\\\',"'"=>"\\'",'"'=>'\\"',"\r"=>'\\r',"\n"=>'\\n',''<\/')); - + case 'mail': // safe way to display e-mail address on a web page return str_replace(array('@', '.'),array(' [AT] ', ' [DOT] '), $string); - + case 'nonstd': // escape non-standard chars, such as ms document quotes $_res = ''; diff --git a/inc/smarty/plugins/modifier.regex_replace.php b/inc/smarty/plugins/modifier.regex_replace.php index d4d2030..100b58c 100644 --- a/inc/smarty/plugins/modifier.regex_replace.php +++ b/inc/smarty/plugins/modifier.regex_replace.php @@ -22,12 +22,25 @@ */ function smarty_modifier_regex_replace($string, $search, $replace) { + if(is_array($search)) { + foreach($search as $idx => $s) + $search[$idx] = _smarty_regex_replace_check($s); + } else { + $search = _smarty_regex_replace_check($search); + } + + return preg_replace($search, $replace, $string); +} + +function _smarty_regex_replace_check($search) +{ + if (($pos = strpos($search,"\0")) !== false) + $search = substr($search,0,$pos); if (preg_match('!([a-zA-Z\s]+)$!s', $search, $match) && (strpos($match[1], 'e') !== false)) { /* remove eval-modifier from $search */ $search = substr($search, 0, -strlen($match[1])) . preg_replace('![e\s]+!', '', $match[1]); } - - return preg_replace($search, $replace, $string); + return $search; } /* vim: set expandtab: */ diff --git a/inc/smarty/plugins/outputfilter.trimwhitespace.php b/inc/smarty/plugins/outputfilter.trimwhitespace.php index 97b0d21..739fa39 100644 --- a/inc/smarty/plugins/outputfilter.trimwhitespace.php +++ b/inc/smarty/plugins/outputfilter.trimwhitespace.php @@ -28,21 +28,21 @@ function smarty_outputfilter_trimwhitespace($source, &$smarty) { // Pull out the script blocks - preg_match_all("!]+>.*?!is", $source, $match); + preg_match_all("!]*?>.*?!is", $source, $match); $_script_blocks = $match[0]; - $source = preg_replace("!]+>.*?!is", + $source = preg_replace("!]*?>.*?!is", '@@@SMARTY:TRIM:SCRIPT@@@', $source); // Pull out the pre blocks - preg_match_all("!
.*?
!is", $source, $match); + preg_match_all("!]*?>.*?!is", $source, $match); $_pre_blocks = $match[0]; - $source = preg_replace("!
.*?
!is", + $source = preg_replace("!]*?>.*?!is", '@@@SMARTY:TRIM:PRE@@@', $source); - + // Pull out the textarea blocks - preg_match_all("!]+>.*?!is", $source, $match); + preg_match_all("!]*?>.*?!is", $source, $match); $_textarea_blocks = $match[0]; - $source = preg_replace("!]+>.*?!is", + $source = preg_replace("!]*?>.*?!is", '@@@SMARTY:TRIM:TEXTAREA@@@', $source); // remove all leading spaces, tabs and carriage returns NOT