bump smarty to 4.5.3 (the smarty release is regarded as a security fix ( CVE-2024-35226 ). PostfixAdmin should not be vulnerable as it does not use the extends tag.

2025-08-07 17:42:53 +03:00 · 2024-06-09 10:20:44 +01:00
parent 37fe4d993a
commit 2694adbc27
27 changed files with 145 additions and 105 deletions
--- a/lib/smarty/libs/plugins/modifiercompiler.substr.php
+++ b/lib/smarty/libs/plugins/modifiercompiler.substr.php
@@ -0,0 +1,12 @@
+<?php
+
+/**
+ * Smarty plugin
+ *
+ * @package    Smarty
+ * @subpackage PluginsModifierCompiler
+ */
+function smarty_modifiercompiler_substr($params) {
+	return 'substr((string) ' . $params[0] . ', (int) ' . $params[1] .
+		(isset($params[2]) ? ', (int) ' . $params[2] : '') . ')';
+}