Updated smarty to 2.6.26

This commit is contained in:
Deon George 2009-11-14 03:18:37 +11:00
parent 0c92560222
commit ed846acac2
4 changed files with 65 additions and 49 deletions

View File

@ -22,14 +22,14 @@
* smarty-discussion-subscribe@googlegroups.com * smarty-discussion-subscribe@googlegroups.com
* *
* @link http://www.smarty.net/ * @link http://www.smarty.net/
* @version 2.6.22 * @version 2.6.26
* @copyright Copyright: 2001-2005 New Digital Group, Inc. * @copyright Copyright: 2001-2005 New Digital Group, Inc.
* @author Andrei Zmievski <andrei@php.net> * @author Andrei Zmievski <andrei@php.net>
* @access public * @access public
* @package Smarty * @package Smarty
*/ */
/* $Id: Config_File.class.php 2786 2008-09-18 21:04:38Z Uwe.Tews $ */ /* $Id: Config_File.class.php 3149 2009-05-23 20:59:25Z monte.ohrt $ */
/** /**
* Config file reading class * Config file reading class

View File

@ -27,10 +27,10 @@
* @author Monte Ohrt <monte at ohrt dot com> * @author Monte Ohrt <monte at ohrt dot com>
* @author Andrei Zmievski <andrei@php.net> * @author Andrei Zmievski <andrei@php.net>
* @package Smarty * @package Smarty
* @version 2.6.22 * @version 2.6.26
*/ */
/* $Id: Smarty.class.php 2785 2008-09-18 21:04:12Z Uwe.Tews $ */ /* $Id: Smarty.class.php 3163 2009-06-17 14:39:24Z monte.ohrt $ */
/** /**
* DIR_SEP isn't used anymore, but third party apps might * DIR_SEP isn't used anymore, but third party apps might
@ -107,7 +107,7 @@ class Smarty
/** /**
* When set, smarty does uses this value as error_reporting-level. * When set, smarty does uses this value as error_reporting-level.
* *
* @var boolean * @var integer
*/ */
var $error_reporting = null; var $error_reporting = null;
@ -236,7 +236,8 @@ class Smarty
'INCLUDE_ANY' => false, 'INCLUDE_ANY' => false,
'PHP_TAGS' => false, 'PHP_TAGS' => false,
'MODIFIER_FUNCS' => array('count'), 'MODIFIER_FUNCS' => array('count'),
'ALLOW_CONSTANTS' => false 'ALLOW_CONSTANTS' => false,
'ALLOW_SUPER_GLOBALS' => true
); );
/** /**
@ -464,7 +465,7 @@ class Smarty
* *
* @var string * @var string
*/ */
var $_version = '2.6.22'; var $_version = '2.6.26';
/** /**
* current template inclusion depth * current template inclusion depth
@ -1548,7 +1549,7 @@ class Smarty
$params['source_content'] = $this->_read_file($_resource_name); $params['source_content'] = $this->_read_file($_resource_name);
} }
$params['resource_timestamp'] = filemtime($_resource_name); $params['resource_timestamp'] = filemtime($_resource_name);
$_return = is_file($_resource_name); $_return = is_file($_resource_name) && is_readable($_resource_name);
break; break;
default: default:
@ -1711,7 +1712,7 @@ class Smarty
*/ */
function _read_file($filename) function _read_file($filename)
{ {
if ( file_exists($filename) && ($fd = @fopen($filename, 'rb')) ) { if ( file_exists($filename) && is_readable($filename) && ($fd = @fopen($filename, 'rb')) ) {
$contents = ''; $contents = '';
while (!feof($fd)) { while (!feof($fd)) {
$contents .= fread($fd, 8192); $contents .= fread($fd, 8192);

View File

@ -18,15 +18,15 @@
* License along with this library; if not, write to the Free Software * License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* *
* @link http://www.smarty.net/ * @link http://smarty.php.net/
* @author Monte Ohrt <monte at ohrt dot com> * @author Monte Ohrt <monte at ohrt dot com>
* @author Andrei Zmievski <andrei@php.net> * @author Andrei Zmievski <andrei@php.net>
* @version 2.6.22 * @version 2.6.26
* @copyright 2001-2005 New Digital Group, Inc. * @copyright 2001-2005 New Digital Group, Inc.
* @package Smarty * @package Smarty
*/ */
/* $Id: Smarty_Compiler.class.php 2966 2008-12-08 15:10:03Z monte.ohrt $ */ /* $Id: Smarty_Compiler.class.php 3163 2009-06-17 14:39:24Z monte.ohrt $ */
/** /**
* Template compiling class * Template compiling class
@ -74,17 +74,12 @@ class Smarty_Compiler extends Smarty {
var $_strip_depth = 0; var $_strip_depth = 0;
var $_additional_newline = "\n"; var $_additional_newline = "\n";
var $_phpversion = 0;
/**#@-*/ /**#@-*/
/** /**
* The class constructor. * The class constructor.
*/ */
function Smarty_Compiler() function Smarty_Compiler()
{ {
$this->_phpversion = substr(phpversion(),0,1);
// matches double quoted strings: // matches double quoted strings:
// "foobar" // "foobar"
// "foo\"bar" // "foo\"bar"
@ -157,16 +152,12 @@ class Smarty_Compiler extends Smarty {
// $foo->bar($foo->bar) // $foo->bar($foo->bar)
// $foo->bar($foo->bar()) // $foo->bar($foo->bar())
// $foo->bar($foo->bar($blah,$foo,44,"foo",$foo[0].bar)) // $foo->bar($foo->bar($blah,$foo,44,"foo",$foo[0].bar))
// $foo->getBar()->getFoo()
// $foo->getBar()->foo
$this->_obj_ext_regexp = '\->(?:\$?' . $this->_dvar_guts_regexp . ')'; $this->_obj_ext_regexp = '\->(?:\$?' . $this->_dvar_guts_regexp . ')';
$this->_obj_restricted_param_regexp = '(?:' $this->_obj_restricted_param_regexp = '(?:'
. '(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')(?:' . $this->_obj_ext_regexp . '(?:\((?:(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')' . '(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')(?:' . $this->_obj_ext_regexp . '(?:\((?:(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')'
. '(?:\s*,\s*(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . '))*)?\))?)*)'; . '(?:\s*,\s*(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . '))*)?\))?)*)';
$this->_obj_single_param_regexp = '(?:\w+|' . $this->_obj_restricted_param_regexp . '(?:\s*,\s*(?:(?:\w+|' $this->_obj_single_param_regexp = '(?:\w+|' . $this->_obj_restricted_param_regexp . '(?:\s*,\s*(?:(?:\w+|'
. $this->_var_regexp . $this->_obj_restricted_param_regexp . ')))*)'; . $this->_var_regexp . $this->_obj_restricted_param_regexp . ')))*)';
$this->_obj_params_regexp = '\((?:' . $this->_obj_single_param_regexp $this->_obj_params_regexp = '\((?:' . $this->_obj_single_param_regexp
. '(?:\s*,\s*' . $this->_obj_single_param_regexp . ')*)?\)'; . '(?:\s*,\s*' . $this->_obj_single_param_regexp . ')*)?\)';
$this->_obj_start_regexp = '(?:' . $this->_dvar_regexp . '(?:' . $this->_obj_ext_regexp . ')+)'; $this->_obj_start_regexp = '(?:' . $this->_dvar_regexp . '(?:' . $this->_obj_ext_regexp . ')+)';
@ -1705,8 +1696,6 @@ class Smarty_Compiler extends Smarty {
} }
// replace double quoted literal string with single quotes // replace double quoted literal string with single quotes
$_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return); $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
// escape dollar sign if not printing a var
$_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return);
return $_return; return $_return;
} }
@ -1720,7 +1709,6 @@ class Smarty_Compiler extends Smarty {
function _parse_var($var_expr) function _parse_var($var_expr)
{ {
$_has_math = false; $_has_math = false;
$_has_php4_method_chaining = false;
$_math_vars = preg_split('~('.$this->_dvar_math_regexp.'|'.$this->_qstr_regexp.')~', $var_expr, -1, PREG_SPLIT_DELIM_CAPTURE); $_math_vars = preg_split('~('.$this->_dvar_math_regexp.'|'.$this->_qstr_regexp.')~', $var_expr, -1, PREG_SPLIT_DELIM_CAPTURE);
if(count($_math_vars) > 1) { if(count($_math_vars) > 1) {
@ -1833,10 +1821,6 @@ class Smarty_Compiler extends Smarty {
$_output .= '->{(($_var=$this->_tpl_vars[\''.substr($_index,3).'\']) && substr($_var,0,2)!=\'__\') ? $_var : $this->trigger_error("cannot access property \\"$_var\\"")}'; $_output .= '->{(($_var=$this->_tpl_vars[\''.substr($_index,3).'\']) && substr($_var,0,2)!=\'__\') ? $_var : $this->trigger_error("cannot access property \\"$_var\\"")}';
} }
} else { } else {
if ($this->_phpversion < 5) {
$_has_php4_method_chaining = true;
$_output .= "; \$_foo = \$_foo";
}
$_output .= $_index; $_output .= $_index;
} }
} elseif (substr($_index, 0, 1) == '(') { } elseif (substr($_index, 0, 1) == '(') {
@ -1848,13 +1832,8 @@ class Smarty_Compiler extends Smarty {
} }
} }
if ($_has_php4_method_chaining) {
$_tmp = str_replace("'","\'",'$_foo = '.$_output.'; return $_foo;');
return "eval('".$_tmp."')";
} else {
return $_output; return $_output;
} }
}
/** /**
* parse arguments in function call parenthesis * parse arguments in function call parenthesis
@ -2068,27 +2047,57 @@ class Smarty_Compiler extends Smarty {
break; break;
case 'get': case 'get':
$compiled_ref = ($this->request_use_auto_globals) ? '$_GET' : "\$GLOBALS['HTTP_GET_VARS']"; if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
$this->_syntax_error("(secure mode) super global access not permitted",
E_USER_WARNING, __FILE__, __LINE__);
return;
}
$compiled_ref = "\$_GET";
break; break;
case 'post': case 'post':
$compiled_ref = ($this->request_use_auto_globals) ? '$_POST' : "\$GLOBALS['HTTP_POST_VARS']"; if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
$this->_syntax_error("(secure mode) super global access not permitted",
E_USER_WARNING, __FILE__, __LINE__);
return;
}
$compiled_ref = "\$_POST";
break; break;
case 'cookies': case 'cookies':
$compiled_ref = ($this->request_use_auto_globals) ? '$_COOKIE' : "\$GLOBALS['HTTP_COOKIE_VARS']"; if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
$this->_syntax_error("(secure mode) super global access not permitted",
E_USER_WARNING, __FILE__, __LINE__);
return;
}
$compiled_ref = "\$_COOKIE";
break; break;
case 'env': case 'env':
$compiled_ref = ($this->request_use_auto_globals) ? '$_ENV' : "\$GLOBALS['HTTP_ENV_VARS']"; if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
$this->_syntax_error("(secure mode) super global access not permitted",
E_USER_WARNING, __FILE__, __LINE__);
return;
}
$compiled_ref = "\$_ENV";
break; break;
case 'server': case 'server':
$compiled_ref = ($this->request_use_auto_globals) ? '$_SERVER' : "\$GLOBALS['HTTP_SERVER_VARS']"; if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
$this->_syntax_error("(secure mode) super global access not permitted",
E_USER_WARNING, __FILE__, __LINE__);
return;
}
$compiled_ref = "\$_SERVER";
break; break;
case 'session': case 'session':
$compiled_ref = ($this->request_use_auto_globals) ? '$_SESSION' : "\$GLOBALS['HTTP_SESSION_VARS']"; if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
$this->_syntax_error("(secure mode) super global access not permitted",
E_USER_WARNING, __FILE__, __LINE__);
return;
}
$compiled_ref = "\$_SESSION";
break; break;
/* /*
@ -2096,8 +2105,13 @@ class Smarty_Compiler extends Smarty {
* compiler. * compiler.
*/ */
case 'request': case 'request':
if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
$this->_syntax_error("(secure mode) super global access not permitted",
E_USER_WARNING, __FILE__, __LINE__);
return;
}
if ($this->request_use_auto_globals) { if ($this->request_use_auto_globals) {
$compiled_ref = '$_REQUEST'; $compiled_ref = "\$_REQUEST";
break; break;
} else { } else {
$this->_init_smarty_vars = true; $this->_init_smarty_vars = true;

View File

@ -27,7 +27,8 @@ function smarty_function_math($params, &$smarty)
return; return;
} }
$equation = $params['equation']; // strip out backticks, not necessary for math
$equation = str_replace('`','',$params['equation']);
// make sure parenthesis are balanced // make sure parenthesis are balanced
if (substr_count($equation,"(") != substr_count($equation,")")) { if (substr_count($equation,"(") != substr_count($equation,")")) {