[pLog-svn] r5111 - in plog/branches/lifetype-1.2/class/template/smarty: . internals plugins
oscar at devel.lifetype.net
oscar at devel.lifetype.net
Fri Mar 16 07:55:44 EDT 2007
Author: oscar
Date: 2007-03-16 07:55:44 -0400 (Fri, 16 Mar 2007)
New Revision: 5111
Modified:
plog/branches/lifetype-1.2/class/template/smarty/Config_File.class.php
plog/branches/lifetype-1.2/class/template/smarty/Smarty.class.php
plog/branches/lifetype-1.2/class/template/smarty/Smarty_Compiler.class.php
plog/branches/lifetype-1.2/class/template/smarty/internals/core.write_compiled_include.php
plog/branches/lifetype-1.2/class/template/smarty/internals/core.write_file.php
plog/branches/lifetype-1.2/class/template/smarty/plugins/function.html_select_date.php
plog/branches/lifetype-1.2/class/template/smarty/plugins/modifier.capitalize.php
plog/branches/lifetype-1.2/class/template/smarty/plugins/modifier.date_format.php
plog/branches/lifetype-1.2/class/template/smarty/plugins/modifier.truncate.php
Log:
Updated to Smarty 2.6.18, the latest stable version that fixes a security issue when forbidding {php} tags in templates.
Modified: plog/branches/lifetype-1.2/class/template/smarty/Config_File.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/template/smarty/Config_File.class.php 2007-03-16 10:53:56 UTC (rev 5110)
+++ plog/branches/lifetype-1.2/class/template/smarty/Config_File.class.php 2007-03-16 11:55:44 UTC (rev 5111)
@@ -18,14 +18,14 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* @link http://smarty.php.net/
- * @version 2.6.16
+ * @version 2.6.18
* @copyright Copyright: 2001-2005 New Digital Group, Inc.
* @author Andrei Zmievski <andrei at php.net>
* @access public
* @package Smarty
*/
-/* $Id: Config_File.class.php,v 1.86 2006/11/30 17:01:28 mohrt Exp $ */
+/* $Id: Config_File.class.php,v 1.88 2007/03/06 10:40:06 messju Exp $ */
/**
* Config file reading class
Modified: plog/branches/lifetype-1.2/class/template/smarty/Smarty.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/template/smarty/Smarty.class.php 2007-03-16 10:53:56 UTC (rev 5110)
+++ plog/branches/lifetype-1.2/class/template/smarty/Smarty.class.php 2007-03-16 11:55:44 UTC (rev 5111)
@@ -27,10 +27,10 @@
* @author Monte Ohrt <monte at ohrt dot com>
* @author Andrei Zmievski <andrei at php.net>
* @package Smarty
- * @version 2.6.16
+ * @version 2.6.18
*/
-/* $Id: Smarty.class.php,v 1.526 2006/11/30 17:01:28 mohrt Exp $ */
+/* $Id: Smarty.class.php,v 1.528 2007/03/06 10:40:06 messju Exp $ */
/**
* DIR_SEP isn't used anymore, but third party apps might
@@ -464,7 +464,7 @@
*
* @var string
*/
- var $_version = '2.6.16';
+ var $_version = '2.6.18';
/**
* current template inclusion depth
Modified: plog/branches/lifetype-1.2/class/template/smarty/Smarty_Compiler.class.php
===================================================================
--- plog/branches/lifetype-1.2/class/template/smarty/Smarty_Compiler.class.php 2007-03-16 10:53:56 UTC (rev 5110)
+++ plog/branches/lifetype-1.2/class/template/smarty/Smarty_Compiler.class.php 2007-03-16 11:55:44 UTC (rev 5111)
@@ -21,12 +21,12 @@
* @link http://smarty.php.net/
* @author Monte Ohrt <monte at ohrt dot com>
* @author Andrei Zmievski <andrei at php.net>
- * @version 2.6.16
+ * @version 2.6.18
* @copyright 2001-2005 New Digital Group, Inc.
* @package Smarty
*/
-/* $Id: Smarty_Compiler.class.php,v 1.386 2006/11/30 17:01:28 mohrt Exp $ */
+/* $Id: Smarty_Compiler.class.php,v 1.395 2007/03/06 10:40:06 messju Exp $ */
/**
* Template compiling class
@@ -240,9 +240,6 @@
$ldq = preg_quote($this->left_delimiter, '~');
$rdq = preg_quote($this->right_delimiter, '~');
- /* un-hide hidden xml open tags */
- $source_content = preg_replace("~<({$ldq}(.*?){$rdq})[?]~s", '< \\1', $source_content);
-
// run template source through prefilter functions
if (count($this->_plugins['prefilter']) > 0) {
foreach ($this->_plugins['prefilter'] as $filter_name => $prefilter) {
@@ -281,7 +278,7 @@
/* loop through text blocks */
for ($curr_tb = 0, $for_max = count($text_blocks); $curr_tb < $for_max; $curr_tb++) {
/* match anything resembling php tags */
- if (preg_match_all('~(<\?(?:\w+|=)?|\?>|language\s*=\s*[\"\']?php[\"\']?)~is', $text_blocks[$curr_tb], $sp_match)) {
+ if (preg_match_all('~(<\?(?:\w+|=)?|\?>|language\s*=\s*[\"\']?\s*php\s*[\"\']?)~is', $text_blocks[$curr_tb], $sp_match)) {
/* replace tags with placeholders to prevent recursive replacements */
$sp_match[1] = array_unique($sp_match[1]);
usort($sp_match[1], '_smarty_sort_length');
@@ -307,7 +304,7 @@
}
}
}
-
+
/* Compile the template tags into PHP code. */
$compiled_tags = array();
for ($i = 0, $for_max = count($template_tags); $i < $for_max; $i++) {
@@ -352,17 +349,30 @@
}
}
$compiled_content = '';
-
+
+ $tag_guard = '%%%SMARTYOTG' . md5(uniqid(rand(), true)) . '%%%';
+
/* Interleave the compiled contents and text blocks to get the final result. */
for ($i = 0, $for_max = count($compiled_tags); $i < $for_max; $i++) {
if ($compiled_tags[$i] == '') {
// tag result empty, remove first newline from following text block
$text_blocks[$i+1] = preg_replace('~^(\r\n|\r|\n)~', '', $text_blocks[$i+1]);
}
- $compiled_content .= $text_blocks[$i].$compiled_tags[$i];
+ // replace legit PHP tags with placeholder
+ $text_blocks[$i] = str_replace('<?', $tag_guard, $text_blocks[$i]);
+ $compiled_tags[$i] = str_replace('<?', $tag_guard, $compiled_tags[$i]);
+
+ $compiled_content .= $text_blocks[$i] . $compiled_tags[$i];
}
- $compiled_content .= $text_blocks[$i];
+ $compiled_content .= str_replace('<?', $tag_guard, $text_blocks[$i]);
+ // escape php tags created by interleaving
+ $compiled_content = str_replace('<?', "<?php echo '<?' ?>\n", $compiled_content);
+ $compiled_content = preg_replace("~(?<!')language\s*=\s*[\"\']?\s*php\s*[\"\']?~", "<?php echo 'language=php' ?>\n", $compiled_content);
+
+ // recover legit tags
+ $compiled_content = str_replace($tag_guard, '<?', $compiled_content);
+
// remove \n from the end of the file, if any
if (strlen($compiled_content) && (substr($compiled_content, -1) == "\n") ) {
$compiled_content = substr($compiled_content, 0, -1);
@@ -372,9 +382,6 @@
$compiled_content = "<?php \$this->_cache_serials['".$this->_cache_include."'] = '".$this->_cache_serial."'; ?>" . $compiled_content;
}
- // remove unnecessary close/open tags
- $compiled_content = preg_replace('~\?>\n?<\?php~', '', $compiled_content);
-
// run compiled template through postfilter functions
if (count($this->_plugins['postfilter']) > 0) {
foreach ($this->_plugins['postfilter'] as $filter_name => $postfilter) {
@@ -2223,9 +2230,9 @@
if ($_cacheable
|| 0<$this->_cacheable_state++) return '';
if (!isset($this->_cache_serial)) $this->_cache_serial = md5(uniqid('Smarty'));
- $_ret = 'if ($this->caching && !$this->_cache_including) { echo \'{nocache:'
+ $_ret = 'if ($this->caching && !$this->_cache_including): echo \'{nocache:'
. $this->_cache_serial . '#' . $this->_nocache_count
- . '}\'; };';
+ . '}\'; endif;';
return $_ret;
}
@@ -2240,9 +2247,9 @@
$_cacheable = !isset($this->_plugins[$type][$name]) || $this->_plugins[$type][$name][4];
if ($_cacheable
|| --$this->_cacheable_state>0) return '';
- return 'if ($this->caching && !$this->_cache_including) { echo \'{/nocache:'
+ return 'if ($this->caching && !$this->_cache_including): echo \'{/nocache:'
. $this->_cache_serial . '#' . ($this->_nocache_count++)
- . '}\'; };';
+ . '}\'; endif;';
}
Modified: plog/branches/lifetype-1.2/class/template/smarty/internals/core.write_compiled_include.php
===================================================================
--- plog/branches/lifetype-1.2/class/template/smarty/internals/core.write_compiled_include.php 2007-03-16 10:53:56 UTC (rev 5110)
+++ plog/branches/lifetype-1.2/class/template/smarty/internals/core.write_compiled_include.php 2007-03-16 11:55:44 UTC (rev 5111)
@@ -15,12 +15,12 @@
function smarty_core_write_compiled_include($params, &$smarty)
{
- $_tag_start = 'if \(\$this->caching && \!\$this->_cache_including\) \{ echo \'\{nocache\:('.$params['cache_serial'].')#(\d+)\}\'; \};';
- $_tag_end = 'if \(\$this->caching && \!\$this->_cache_including\) \{ echo \'\{/nocache\:(\\2)#(\\3)\}\'; \};';
+ $_tag_start = 'if \(\$this->caching && \!\$this->_cache_including\)\: echo \'\{nocache\:('.$params['cache_serial'].')#(\d+)\}\'; endif;';
+ $_tag_end = 'if \(\$this->caching && \!\$this->_cache_including\)\: echo \'\{/nocache\:(\\2)#(\\3)\}\'; endif;';
preg_match_all('!('.$_tag_start.'(.*)'.$_tag_end.')!Us',
$params['compiled_content'], $_match_source, PREG_SET_ORDER);
-
+
// no nocache-parts found: done
if (count($_match_source)==0) return;
Modified: plog/branches/lifetype-1.2/class/template/smarty/internals/core.write_file.php
===================================================================
--- plog/branches/lifetype-1.2/class/template/smarty/internals/core.write_file.php 2007-03-16 10:53:56 UTC (rev 5110)
+++ plog/branches/lifetype-1.2/class/template/smarty/internals/core.write_file.php 2007-03-16 11:55:44 UTC (rev 5111)
@@ -37,7 +37,7 @@
fwrite($fd, $params['contents']);
fclose($fd);
- if (PHP_OS == 'Windows' || !@rename($_tmp_file, $params['filename'])) {
+ if (DIRECTORY_SEPARATOR == '\\' || !@rename($_tmp_file, $params['filename'])) {
// On platforms and filesystems that cannot overwrite with rename()
// delete the file before renaming it -- because windows always suffers
// this, it is short-circuited to avoid the initial rename() attempt
Modified: plog/branches/lifetype-1.2/class/template/smarty/plugins/function.html_select_date.php
===================================================================
--- plog/branches/lifetype-1.2/class/template/smarty/plugins/function.html_select_date.php 2007-03-16 10:53:56 UTC (rev 5110)
+++ plog/branches/lifetype-1.2/class/template/smarty/plugins/function.html_select_date.php 2007-03-16 11:55:44 UTC (rev 5111)
@@ -178,7 +178,9 @@
$html_result = $month_result = $day_result = $year_result = "";
+ $field_separator_count = -1;
if ($display_months) {
+ $field_separator_count++;
$month_names = array();
$month_values = array();
if(isset($month_empty)) {
@@ -216,6 +218,7 @@
}
if ($display_days) {
+ $field_separator_count++;
$days = array();
if (isset($day_empty)) {
$days[''] = $day_empty;
@@ -251,6 +254,7 @@
}
if ($display_years) {
+ $field_separator_count++;
if (null !== $field_array){
$year_name = $field_array . '[' . $prefix . 'Year]';
} else {
@@ -314,7 +318,7 @@
break;
}
// Add the field seperator
- if($i != 2) {
+ if($i < $field_separator_count) {
$html_result .= $field_separator;
}
}
Modified: plog/branches/lifetype-1.2/class/template/smarty/plugins/modifier.capitalize.php
===================================================================
--- plog/branches/lifetype-1.2/class/template/smarty/plugins/modifier.capitalize.php 2007-03-16 10:53:56 UTC (rev 5110)
+++ plog/branches/lifetype-1.2/class/template/smarty/plugins/modifier.capitalize.php 2007-03-16 11:55:44 UTC (rev 5111)
@@ -20,13 +20,8 @@
*/
function smarty_modifier_capitalize($string, $uc_digits = false)
{
- //smarty_modifier_capitalize_ucfirst(null, $uc_digits);
- //return preg_replace_callback('!\'?\b\w(\w|\')*\b!', 'smarty_modifier_capitalize_ucfirst', $string);
-
- // Fix for Mantis issue http://bugs.lifetype.net/view.php?id=1183
- // Characters such as 'ç' are used as words separators instead of being considered as characters
- // so a word such as 'retroenllaços' becomes 'RetroenllaçOs'
- return( ucwords( $string ));
+ smarty_modifier_capitalize_ucfirst(null, $uc_digits);
+ return preg_replace_callback('!\'?\b\w(\w|\')*\b!', 'smarty_modifier_capitalize_ucfirst', $string);
}
function smarty_modifier_capitalize_ucfirst($string, $uc_digits = null)
@@ -44,4 +39,5 @@
return $string[0];
}
+
?>
Modified: plog/branches/lifetype-1.2/class/template/smarty/plugins/modifier.date_format.php
===================================================================
--- plog/branches/lifetype-1.2/class/template/smarty/plugins/modifier.date_format.php 2007-03-16 10:53:56 UTC (rev 5110)
+++ plog/branches/lifetype-1.2/class/template/smarty/plugins/modifier.date_format.php 2007-03-16 11:55:44 UTC (rev 5111)
@@ -8,7 +8,7 @@
/**
* Include the {@link shared.make_timestamp.php} plugin
*/
-require_once $smarty->_get_plugin_filepath('shared','make_timestamp');
+require_once $smarty->_get_plugin_filepath('shared', 'make_timestamp');
/**
* Smarty date_format modifier plugin
*
@@ -28,22 +28,29 @@
* @return string|void
* @uses smarty_make_timestamp()
*/
-function smarty_modifier_date_format($string, $format="%b %e, %Y", $default_date=null)
+function smarty_modifier_date_format($string, $format = '%b %e, %Y', $default_date = '')
{
- if (substr(PHP_OS,0,3) == 'WIN') {
- $hours = strftime('%I', $string);
- $short_hours = ( $hours < 10 ) ? substr( $hours, -1) : $hours;
- $_win_from = array ('%e', '%T', '%D', '%l');
- $_win_to = array ('%#d', '%H:%M:%S', '%m/%d/%y', $short_hours);
- $format = str_replace($_win_from, $_win_to, $format);
- }
- if($string != '') {
- return strftime($format, smarty_make_timestamp($string));
- } elseif (isset($default_date) && $default_date != '') {
- return strftime($format, smarty_make_timestamp($default_date));
+ if ($string != '') {
+ $timestamp = smarty_make_timestamp($string);
+ } elseif ($default_date != '') {
+ $timestamp = smarty_make_timestamp($default_date);
} else {
return;
}
+ if (DIRECTORY_SEPARATOR == '\\') {
+ $_win_from = array('%D', '%h', '%n', '%r', '%R', '%t', '%T');
+ $_win_to = array('%m/%d/%y', '%b', "\n", '%I:%M:%S %p', '%H:%M', "\t", '%H:%M:%S');
+ if (strpos($format, '%e') !== false) {
+ $_win_from[] = '%e';
+ $_win_to[] = sprintf('%\' 2d', date('j', $timestamp));
+ }
+ if (strpos($format, '%l') !== false) {
+ $_win_from[] = '%l';
+ $_win_to[] = sprintf('%\' 2d', date('h', $timestamp));
+ }
+ $format = str_replace($_win_from, $_win_to, $format);
+ }
+ return strftime($format, $timestamp);
}
/* vim: set expandtab: */
Modified: plog/branches/lifetype-1.2/class/template/smarty/plugins/modifier.truncate.php
===================================================================
--- plog/branches/lifetype-1.2/class/template/smarty/plugins/modifier.truncate.php 2007-03-16 10:53:56 UTC (rev 5110)
+++ plog/branches/lifetype-1.2/class/template/smarty/plugins/modifier.truncate.php 2007-03-16 11:55:44 UTC (rev 5111)
@@ -31,12 +31,12 @@
return '';
if (strlen($string) > $length) {
- $length -= strlen($etc);
+ $length -= min($length, strlen($etc));
if (!$break_words && !$middle) {
$string = preg_replace('/\s+?(\S+)?$/', '', substr($string, 0, $length+1));
}
if(!$middle) {
- return substr($string, 0, $length).$etc;
+ return substr($string, 0, $length) . $etc;
} else {
return substr($string, 0, $length/2) . $etc . substr($string, -$length/2);
}
More information about the pLog-svn
mailing list