bump smarty to 4.5.3 (the smarty release is regarded as a security fix ( CVE-2024-35226 ). PostfixAdmin should not be vulnerable as it does not use the extends tag.

2025-08-07 17:42:53 +03:00 · 2024-06-09 10:20:44 +01:00
parent 37fe4d993a
commit 2694adbc27
27 changed files with 145 additions and 105 deletions
--- a/lib/smarty/libs/plugins/modifier.truncate.php
+++ b/lib/smarty/libs/plugins/modifier.truncate.php
@@ -26,7 +26,7 @@
 */
 function smarty_modifier_truncate($string, $length = 80, $etc = '...', $break_words = false, $middle = false)
 {
-    if ($length === 0) {
+    if ($length === 0 || $string === null) {
        return '';
    }
    if (Smarty::$_MBSTRING) {