webapp/postfixadmin
1
0
Fork 0
mirror of https://github.com/postfixadmin/postfixadmin.git synced 2025-11-23 11:22:22 +03:00
Code Activity

update Smarty to v3.1.33 - "This release does cover security issue CVE-2018-16831, other bug fixes (see changelog.txt) and adds a new feature of the {capture} tag (see NEW_FEATURES.txt)."

Browse Source
This commit is contained in:
David Goodwin
2019-09-25 13:55:07 +01:00
parent 7360407b73
commit 907bd7ee46
199 changed files with 5335 additions and 4857 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
lib/smarty/libs/plugins/function.fetch.php
View File

@@ -5,7 +5,6 @@
* @package Smarty
* @subpackage PluginsFunction
*/
/**
* Smarty {fetch} plugin
* Type: function
@@ -26,20 +25,16 @@ function smarty_function_fetch($params, $template)
{
if (empty($params[ 'file' ])) {
trigger_error('[plugin] fetch parameter \'file\' cannot be empty', E_USER_NOTICE);
return;
}
// strip file protocol
if (stripos($params[ 'file' ], 'file://') === 0) {
$params[ 'file' ] = substr($params[ 'file' ], 7);
}
$protocol = strpos($params[ 'file' ], '://');
if ($protocol !== false) {
$protocol = strtolower(substr($params[ 'file' ], 0, $protocol));
}
if (isset($template->smarty->security_policy)) {
if ($protocol) {
// remote resource (or php stream, …)
@@ -53,7 +48,6 @@ function smarty_function_fetch($params, $template)
}
}
}
$content = '';
if ($protocol === 'http') {
// http fetch
@@ -104,7 +98,6 @@ function smarty_function_fetch($params, $template)
if (!empty($param_value)) {
if (!preg_match('![\w\d-]+: .+!', $param_value)) {
trigger_error("[plugin] invalid header format '{$param_value}'", E_USER_NOTICE);
return;
} else {
$extra_headers[] = $param_value;
@@ -118,10 +111,9 @@ function smarty_function_fetch($params, $template)
break;
case 'proxy_port':
if (!preg_match('!\D!', $param_value)) {
$proxy_port = (int) $param_value;
$proxy_port = (int)$param_value;
} else {
trigger_error("[plugin] invalid value for attribute '{$param_key }'", E_USER_NOTICE);
return;
}
break;
@@ -137,16 +129,14 @@ function smarty_function_fetch($params, $template)
break;
case 'timeout':
if (!preg_match('!\D!', $param_value)) {
$timeout = (int) $param_value;
$timeout = (int)$param_value;
} else {
trigger_error("[plugin] invalid value for attribute '{$param_key}'", E_USER_NOTICE);
return;
}
break;
default:
trigger_error("[plugin] unrecognized attribute '{$param_key}'", E_USER_NOTICE);
return;
}
}
@@ -156,10 +146,8 @@ function smarty_function_fetch($params, $template)
} else {
$fp = fsockopen($server_name, $port, $errno, $errstr, $timeout);
}
if (!$fp) {
trigger_error("[plugin] unable to fetch: $errstr ($errno)", E_USER_NOTICE);
return;
} else {
if ($_is_proxy) {
@@ -187,23 +175,19 @@ function smarty_function_fetch($params, $template)
if (!empty($user) && !empty($pass)) {
fputs($fp, 'Authorization: BASIC ' . base64_encode("$user:$pass") . "\r\n");
}
fputs($fp, "\r\n");
while (!feof($fp)) {
$content .= fgets($fp, 4096);
}
fclose($fp);
$csplit = preg_split("!\r\n\r\n!", $content, 2);
$content = $csplit[ 1 ];
if (!empty($params[ 'assign_headers' ])) {
$template->assign($params[ 'assign_headers' ], preg_split("!\r\n!", $csplit[ 0 ]));
}
}
} else {
trigger_error("[plugin fetch] unable to parse URL, check syntax", E_USER_NOTICE);
return;
}
} else {
@@ -212,7 +196,6 @@ function smarty_function_fetch($params, $template)
throw new SmartyException("{fetch} cannot read resource '" . $params[ 'file' ] . "'");
}
}
if (!empty($params[ 'assign' ])) {
$template->assign($params[ 'assign' ], $content);
} else {