webapp/postfixadmin
1
0
Fork 0
mirror of https://github.com/postfixadmin/postfixadmin.git synced 2025-11-23 11:22:22 +03:00
Code Activity

update Smarty to v3.1.33 - "This release does cover security issue CVE-2018-16831, other bug fixes (see changelog.txt) and adds a new feature of the {capture} tag (see NEW_FEATURES.txt)."

Browse Source
This commit is contained in:
David Goodwin
2019-09-25 13:55:07 +01:00
parent 7360407b73
commit 907bd7ee46
199 changed files with 5335 additions and 4857 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
lib/smarty/libs/sysplugins/smarty_internal_compile_private_php.php
View File

@@ -16,7 +16,6 @@
*/
class Smarty_Internal_Compile_Private_Php extends Smarty_Internal_CompileBase
{
/**
* Attribute definition: Overwrites base class.
*
@@ -43,10 +42,16 @@ class Smarty_Internal_Compile_Private_Php extends Smarty_Internal_CompileBase
if ($_attr[ 'type' ] === 'xml') {
$compiler->tag_nocache = true;
$output = addcslashes($_attr[ 'code' ], "'\\");
$compiler->parser->current_buffer->append_subtree($compiler->parser,
new Smarty_Internal_ParseTree_Tag($compiler->parser,
$compiler->processNocacheCode("<?php echo '{$output}';?>",
true)));
$compiler->parser->current_buffer->append_subtree(
$compiler->parser,
new Smarty_Internal_ParseTree_Tag(
$compiler->parser,
$compiler->processNocacheCode(
"<?php echo '{$output}';?>",
true
)
)
);
return '';
}
if ($_attr[ 'type' ] !== 'tag') {
@@ -54,23 +59,37 @@ class Smarty_Internal_Compile_Private_Php extends Smarty_Internal_CompileBase
return '';
} elseif ($compiler->php_handling === Smarty::PHP_QUOTE) {
$output =
preg_replace_callback('#(<\?(?:php|=)?)|(<%)|(<script\s+language\s*=\s*["\']?\s*php\s*["\']?\s*>)|(\?>)|(%>)|(<\/script>)#i',
array($this, 'quote'), $_attr[ 'code' ]);
$compiler->parser->current_buffer->append_subtree($compiler->parser,
new Smarty_Internal_ParseTree_Text($output));
preg_replace_callback(
'#(<\?(?:php|=)?)|(<%)|(<script\s+language\s*=\s*["\']?\s*php\s*["\']?\s*>)|(\?>)|(%>)|(<\/script>)#i',
array($this, 'quote'),
$_attr[ 'code' ]
);
$compiler->parser->current_buffer->append_subtree(
$compiler->parser,
new Smarty_Internal_ParseTree_Text($output)
);
return '';
} elseif ($compiler->php_handling === Smarty::PHP_PASSTHRU || $_attr[ 'type' ] === 'unmatched') {
$compiler->tag_nocache = true;
$output = addcslashes($_attr[ 'code' ], "'\\");
$compiler->parser->current_buffer->append_subtree($compiler->parser,
new Smarty_Internal_ParseTree_Tag($compiler->parser,
$compiler->processNocacheCode("<?php echo '{$output}';?>",
true)));
$compiler->parser->current_buffer->append_subtree(
$compiler->parser,
new Smarty_Internal_ParseTree_Tag(
$compiler->parser,
$compiler->processNocacheCode(
"<?php echo '{$output}';?>",
true
)
)
);
return '';
} elseif ($compiler->php_handling === Smarty::PHP_ALLOW) {
if (!($compiler->smarty instanceof SmartyBC)) {
$compiler->trigger_template_error('$smarty->php_handling PHP_ALLOW not allowed. Use SmartyBC to enable it',
null, true);
$compiler->trigger_template_error(
'$smarty->php_handling PHP_ALLOW not allowed. Use SmartyBC to enable it',
null,
true
);
}
$compiler->has_code = true;
return $_attr[ 'code' ];
@@ -80,8 +99,11 @@ class Smarty_Internal_Compile_Private_Php extends Smarty_Internal_CompileBase
} else {
$compiler->has_code = true;
if (!($compiler->smarty instanceof SmartyBC)) {
$compiler->trigger_template_error('{php}{/php} tags not allowed. Use SmartyBC to enable them', null,
true);
$compiler->trigger_template_error(
'{php}{/php} tags not allowed. Use SmartyBC to enable them',
null,
true
);
}
$ldel = preg_quote($compiler->smarty->left_delimiter, '#');
$rdel = preg_quote($compiler->smarty->right_delimiter, '#');
@@ -93,8 +115,11 @@ class Smarty_Internal_Compile_Private_Php extends Smarty_Internal_CompileBase
$compiler->trigger_template_error("illegal value of option flag '{$match[2]}'", null, true);
}
}
return preg_replace(array("#^{$ldel}\\s*php\\s*(.)*?{$rdel}#", "#{$ldel}\\s*/\\s*php\\s*{$rdel}$#"),
array('<?php ', '?>'), $_attr[ 'code' ]);
return preg_replace(
array("#^{$ldel}\\s*php\\s*(.)*?{$rdel}#", "#{$ldel}\\s*/\\s*php\\s*{$rdel}$#"),
array('<?php ', '?>'),
$_attr[ 'code' ]
);
}
}
@@ -148,8 +173,10 @@ class Smarty_Internal_Compile_Private_Php extends Smarty_Internal_CompileBase
if ($lex->phpType === 'unmatched') {
return;
}
if (($lex->phpType === 'php' || $lex->phpType === 'asp') &&
($lex->compiler->php_handling === Smarty::PHP_PASSTHRU || $lex->compiler->php_handling === Smarty::PHP_QUOTE)
if (($lex->phpType === 'php' || $lex->phpType === 'asp')
&&
($lex->compiler->php_handling === Smarty::PHP_PASSTHRU ||
$lex->compiler->php_handling === Smarty::PHP_QUOTE)
) {
return;
}
@@ -161,8 +188,14 @@ class Smarty_Internal_Compile_Private_Php extends Smarty_Internal_CompileBase
$lex->compiler->trigger_template_error("missing closing tag '{$closeTag}'");
}
while ($body) {
if (preg_match('~([/][*])|([/][/][^\n]*)|(\'[^\'\\\\]*(?:\\.[^\'\\\\]*)*\')|("[^"\\\\]*(?:\\.[^"\\\\]*)*")~',
$lex->data, $match, PREG_OFFSET_CAPTURE, $start)) {
if (preg_match(
'~([/][*])|([/][/][^\n]*)|(\'[^\'\\\\]*(?:\\.[^\'\\\\]*)*\')|("[^"\\\\]*(?:\\.[^"\\\\]*)*")~',
$lex->data,
$match,
PREG_OFFSET_CAPTURE,
$start
)
) {
$value = $match[ 0 ][ 0 ];
$from = $pos = $match[ 0 ][ 1 ];
if ($pos > $close) {
@@ -178,8 +211,14 @@ class Smarty_Internal_Compile_Private_Php extends Smarty_Internal_CompileBase
}
}
while ($close > $pos && $close < $start) {
if (preg_match('~' . preg_quote($closeTag, '~') . '~i', $lex->data, $match, PREG_OFFSET_CAPTURE,
$from)) {
if (preg_match(
'~' . preg_quote($closeTag, '~') . '~i',
$lex->data,
$match,
PREG_OFFSET_CAPTURE,
$from
)
) {
$close = $match[ 0 ][ 1 ];
$from = $close + strlen($match[ 0 ][ 0 ]);
} else {