Skip to content

Commit

Permalink
Update smarty to 3.1.48 (#16419)
Browse files Browse the repository at this point in the history
  • Loading branch information
@matdave
matdave authored Apr 26, 2023
1 parent 696c5e8 commit 8b533fb
Show file tree
Hide file tree
Showing 16 changed files with 151 additions and 68 deletions.
4 changes: 2 additions & 2 deletions core/model/modx/smarty/modsmarty.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ function __construct(modX &$modx, $params= array ()) {

$this->_blocks = array();
$this->_derived = null;

$this->muteExpectedErrors();
}

Expand All @@ -91,7 +91,7 @@ public function setCachePath($path = '') {
$this->modx->getCacheManager();
$this->modx->cacheManager->writeTree($path);
}
$this->compile_dir = $path;
$this->setCompileDir($path);
}

/**
Expand Down
2 changes: 1 addition & 1 deletion core/model/smarty/Smarty.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ class Smarty extends Smarty_Internal_TemplateBase
/**
* smarty version
*/
const SMARTY_VERSION = '3.1.44';
const SMARTY_VERSION = '3.1.48';
/**
* define variable scopes
*/
Expand Down
65 changes: 36 additions & 29 deletions core/model/smarty/plugins/function.html_select_date.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem
$field_separator = "\n";
$option_separator = "\n";
$time = null;

// $all_empty = null;
// $day_empty = null;
// $month_empty = null;
Expand All @@ -113,17 +114,7 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem
foreach ($params as $_key => $_value) {
switch ($_key) {
case 'time':
if (!is_array($_value) && $_value !== null) {
$template->_checkPlugins(
array(
array(
'function' => 'smarty_make_timestamp',
'file' => SMARTY_PLUGINS_DIR . 'shared.make_timestamp.php'
)
)
);
$time = smarty_make_timestamp($_value);
}
$$_key = $_value; // we'll handle conversion below
break;
case 'month_names':
if (is_array($_value) && count($_value) === 12) {
Expand Down Expand Up @@ -178,43 +169,59 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem
}
// Note: date() is faster than strftime()
// Note: explode(date()) is faster than date() date() date()
if (isset($params[ 'time' ]) && is_array($params[ 'time' ])) {
if (isset($params[ 'time' ][ $prefix . 'Year' ])) {

if (isset($time) && is_array($time)) {
if (isset($time[$prefix . 'Year'])) {
// $_REQUEST[$field_array] given
foreach (array(
'Y' => 'Year',
'm' => 'Month',
'd' => 'Day'
) as $_elementKey => $_elementName) {
'Y' => 'Year',
'm' => 'Month',
'd' => 'Day'
) as $_elementKey => $_elementName) {
$_variableName = '_' . strtolower($_elementName);
$$_variableName =
isset($params[ 'time' ][ $prefix . $_elementName ]) ? $params[ 'time' ][ $prefix . $_elementName ] :
isset($time[$prefix . $_elementName]) ? $time[$prefix . $_elementName] :
date($_elementKey);
}
} elseif (isset($params[ 'time' ][ $field_array ][ $prefix . 'Year' ])) {
} elseif (isset($time[$field_array][$prefix . 'Year'])) {
// $_REQUEST given
foreach (array(
'Y' => 'Year',
'm' => 'Month',
'd' => 'Day'
) as $_elementKey => $_elementName) {
'Y' => 'Year',
'm' => 'Month',
'd' => 'Day'
) as $_elementKey => $_elementName) {
$_variableName = '_' . strtolower($_elementName);
$$_variableName = isset($params[ 'time' ][ $field_array ][ $prefix . $_elementName ]) ?
$params[ 'time' ][ $field_array ][ $prefix . $_elementName ] : date($_elementKey);
$$_variableName = isset($time[$field_array][$prefix . $_elementName]) ?
$time[$field_array][$prefix . $_elementName] : date($_elementKey);
}
} else {
// no date found, use NOW
list($_year, $_month, $_day) = $time = explode('-', date('Y-m-d'));
list($_year, $_month, $_day) = explode('-', date('Y-m-d'));
}
} elseif (isset($time) && preg_match("/(\d*)-(\d*)-(\d*)/", $time, $matches)) {
$_year = $_month = $_day = null;
if ($matches[1] > '') $_year = (int) $matches[1];
if ($matches[2] > '') $_month = (int) $matches[2];
if ($matches[3] > '') $_day = (int) $matches[3];
} elseif ($time === null) {
if (array_key_exists('time', $params)) {
$_year = $_month = $_day = $time = null;
$_year = $_month = $_day = null;
} else {
list($_year, $_month, $_day) = $time = explode('-', date('Y-m-d'));
list($_year, $_month, $_day) = explode('-', date('Y-m-d'));
}
} else {
list($_year, $_month, $_day) = $time = explode('-', date('Y-m-d', $time));
$template->_checkPlugins(
array(
array(
'function' => 'smarty_make_timestamp',
'file' => SMARTY_PLUGINS_DIR . 'shared.make_timestamp.php'
)
)
);
$time = smarty_make_timestamp($time);
list($_year, $_month, $_day) = explode('-', date('Y-m-d', $time));
}

// make syntax "+N" or "-N" work with $start_year and $end_year
// Note preg_match('!^(\+|\-)\s*(\d+)$!', $end_year, $match) is slower than trim+substr
foreach (array(
Expand Down
31 changes: 22 additions & 9 deletions core/model/smarty/plugins/function.mailto.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,28 +48,33 @@
*/
function smarty_function_mailto($params)
{
static $_allowed_encoding =
array('javascript' => true, 'javascript_charcode' => true, 'hex' => true, 'none' => true);
static $_allowed_encoding = array(
'javascript' => true,
'javascript_charcode' => true,
'hex' => true,
'none' => true
);

$extra = '';
if (empty($params[ 'address' ])) {
trigger_error("mailto: missing 'address' parameter", E_USER_WARNING);
return;
} else {
$address = $params[ 'address' ];
}

$text = $address;

// netscape and mozilla do not decode %40 (@) in BCC field (bug?)
// so, don't encode it.
$search = array('%40', '%2C');
$replace = array('@', ',');
$mail_parms = array();
foreach ($params as $var => $value) {
switch ($var) {
case 'cc':
case 'bcc':
case 'followupto':
if (!empty($value)) {
$mail_parms[] = $var . '=' . str_replace($search, $replace, rawurlencode($value));
$mail_parms[] = $var . '=' . str_replace(array('%40', '%2C'), array('@', ','), rawurlencode($value));
}
break;
case 'subject':
Expand All @@ -83,6 +88,7 @@ function smarty_function_mailto($params)
default:
}
}

if ($mail_parms) {
$address .= '?' . join('&', $mail_parms);
}
Expand All @@ -94,19 +100,26 @@ function smarty_function_mailto($params)
);
return;
}

$flags = ENT_QUOTES;
if (defined('ENT_SUBSTITUTE') && defined('ENT_HTML401')) {
$flags |= ENT_SUBSTITUTE | ENT_HTML401;
}

$string = '<a href="mailto:' . htmlspecialchars($address, $flags, Smarty::$_CHARSET) .
'" ' . $extra . '>' . htmlspecialchars($text, $flags, Smarty::$_CHARSET) . '</a>';

if ($encode === 'javascript') {
$string = '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>';
$js_encode = '';
for ($x = 0, $_length = strlen($string); $x < $_length; $x++) {
$js_encode .= '%' . bin2hex($string[ $x ]);
}
return '<script type="text/javascript">document.write(unescape(\'' . $js_encode . '\'))</script>';
} elseif ($encode === 'javascript_charcode') {
$string = '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>';
for ($x = 0, $_length = strlen($string); $x < $_length; $x++) {
$ord[] = ord($string[ $x ]);
}
return '<script type="text/javascript">document.write(String.fromCharCode(' . implode(',', $ord) . '))</script>';
return '<script type="text/javascript">document.write(String.fromCharCode(' . implode(',', $ord) . '))</script>';
} elseif ($encode === 'hex') {
preg_match('!^(.*)(\?.*)$!', $address, $match);
if (!empty($match[ 2 ])) {
Expand All @@ -129,6 +142,6 @@ function smarty_function_mailto($params)
return '<a href="' . $mailto . $address_encode . '" ' . $extra . '>' . $text_encode . '</a>';
} else {
// no encoding
return '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>';
return $string;
}
}
4 changes: 2 additions & 2 deletions core/model/smarty/plugins/function.math.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,8 +69,8 @@ function smarty_function_math($params, $template)
// Adapted from https://www.php.net/manual/en/function.eval.php#107377
$number = '(?:\d+(?:[,.]\d+)?|pi|π)'; // What is a number
$functionsOrVars = '((?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*))';
$operators = '[+\/*\^%-]'; // Allowed math operators
$regexp = '/^(('.$number.'|'.$functionsOrVars.'|('.$functionsOrVars.'\s*\((?1)+\)|\((?1)+\)))(?:'.$operators.'(?1))?)+$/';
$operators = '[,+\/*\^%-]'; // Allowed math operators
$regexp = '/^(('.$number.'|'.$functionsOrVars.'|('.$functionsOrVars.'\s*\((?1)*\)|\((?1)*\)))(?:'.$operators.'(?1))?)+$/';

if (!preg_match($regexp, $equation)) {
trigger_error("math: illegal characters", E_USER_WARNING);
Expand Down
4 changes: 3 additions & 1 deletion core/model/smarty/plugins/modifier.escape.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,9 @@ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $
// see https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements
'<!--' => '<\!--',
'<s' => '<\s',
'<S' => '<\S'
'<S' => '<\S',
"`" => "\\\\`",
"\${" => "\\\\\\$\\{"
)
);
case 'mail':
Expand Down
4 changes: 3 additions & 1 deletion core/model/smarty/plugins/modifiercompiler.escape.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,9 @@ function smarty_modifiercompiler_escape($params, Smarty_Internal_TemplateCompile
// see https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements
return 'strtr(' .
$params[ 0 ] .
', array("\\\\" => "\\\\\\\\", "\'" => "\\\\\'", "\"" => "\\\\\"", "\\r" => "\\\\r", "\\n" => "\\\n", "</" => "<\/", "<!--" => "<\!--", "<s" => "<\s", "<S" => "<\S" ))';
', array("\\\\" => "\\\\\\\\", "\'" => "\\\\\'", "\"" => "\\\\\"", "\\r" => "\\\\r",
"\\n" => "\\\n", "</" => "<\/", "<!--" => "<\!--", "<s" => "<\s", "<S" => "<\S",
"`" => "\\\\`", "\${" => "\\\\\\$\\{"))';
}
} catch (SmartyException $e) {
// pass through to regular plugin fallback
Expand Down
22 changes: 15 additions & 7 deletions core/model/smarty/plugins/modifiercompiler.unescape.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,20 +14,28 @@
* @author Rodney Rehm
*
* @param array $params parameters
* @param Smarty_Internal_TemplateCompilerBase $compiler
*
* @return string with compiled code
*/
function smarty_modifiercompiler_unescape($params)
function smarty_modifiercompiler_unescape($params, Smarty_Internal_TemplateCompilerBase $compiler)
{
if (!isset($params[ 1 ])) {
$params[ 1 ] = 'html';
}
$compiler->template->_checkPlugins(
array(
array(
'function' => 'smarty_literal_compiler_param',
'file' => SMARTY_PLUGINS_DIR . 'shared.literal_compiler_param.php'
)
)
);

$esc_type = smarty_literal_compiler_param($params, 1, 'html');

if (!isset($params[ 2 ])) {
$params[ 2 ] = '\'' . addslashes(Smarty::$_CHARSET) . '\'';
} else {
$params[ 2 ] = "'{$params[ 2 ]}'";
}
switch (trim($params[ 1 ], '"\'')) {

switch ($esc_type) {
case 'entity':
case 'htmlall':
if (Smarty::$_MBSTRING) {
Expand Down
34 changes: 34 additions & 0 deletions core/model/smarty/plugins/shared.mb_str_replace.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,43 @@ function smarty_mb_str_replace($search, $replace, $subject, &$count = 0)
}
}
} else {
$mb_reg_charset = mb_regex_encoding();
// Check if mbstring regex is using UTF-8
$reg_is_unicode = !strcasecmp($mb_reg_charset, "UTF-8");
if(!$reg_is_unicode) {
// ...and set to UTF-8 if not
mb_regex_encoding("UTF-8");
}

// See if charset used by Smarty is matching one used by regex...
$current_charset = mb_regex_encoding();
$convert_result = (bool)strcasecmp(Smarty::$_CHARSET, $current_charset);
if($convert_result) {
// ...convert to it if not.
$subject = mb_convert_encoding($subject, $current_charset, Smarty::$_CHARSET);
$search = mb_convert_encoding($search, $current_charset, Smarty::$_CHARSET);
$replace = mb_convert_encoding($replace, $current_charset, Smarty::$_CHARSET);
}

$parts = mb_split(preg_quote($search), $subject);
// If original regex encoding was not unicode...
if(!$reg_is_unicode) {
// ...restore original regex encoding to avoid breaking the system.
mb_regex_encoding($mb_reg_charset);
}
if($parts === false) {
// This exception is thrown if call to mb_split failed.
// Usually it happens, when $search or $replace are not valid for given mb_regex_encoding().
// There may be other cases for it to fail, please file an issue if you find a reproducible one.
throw new SmartyException("Source string is not a valid $current_charset sequence (probably)");
}

$count = count($parts) - 1;
$subject = implode($replace, $parts);
// Convert results back to charset used by Smarty, if needed.
if($convert_result) {
$subject = mb_convert_encoding($subject, Smarty::$_CHARSET, $current_charset);
}
}
return $subject;
}
Expand Down
4 changes: 2 additions & 2 deletions core/model/smarty/sysplugins/smarty_internal_compile_block.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler, $
// setup buffer for template function code
$compiler->parser->current_buffer = new Smarty_Internal_ParseTree_Template();
$output = "<?php\n";
$output .= "/* {block {$_name}} */\n";
$output .= $compiler->cStyleComment(" {block {$_name}} ") . "\n";
$output .= "class {$_className} extends Smarty_Internal_Block\n";
$output .= "{\n";
foreach ($_block as $property => $value) {
Expand Down Expand Up @@ -155,7 +155,7 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler, $
}
$output .= "}\n";
$output .= "}\n";
$output .= "/* {/block {$_name}} */\n\n";
$output .= $compiler->cStyleComment(" {/block {$_name}} ") . "\n\n";
$output .= "?>\n";
$compiler->parser->current_buffer->append_subtree(
$compiler->parser,
Expand Down
8 changes: 4 additions & 4 deletions core/model/smarty/sysplugins/smarty_internal_compile_function.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler)
if ($compiler->template->compiled->has_nocache_code) {
$compiler->parent_compiler->tpl_function[ $_name ][ 'call_name_caching' ] = $_funcNameCaching;
$output = "<?php\n";
$output .= "/* {$_funcNameCaching} */\n";
$output .= $compiler->cStyleComment(" {$_funcNameCaching} ") . "\n";
$output .= "if (!function_exists('{$_funcNameCaching}')) {\n";
$output .= "function {$_funcNameCaching} (Smarty_Internal_Template \$_smarty_tpl,\$params) {\n";
$output .= "ob_start();\n";
Expand All @@ -159,7 +159,7 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler)
$output .= "/*/%%SmartyNocache:{$compiler->template->compiled->nocache_hash}%%*/\";\n?>";
$output .= "<?php echo str_replace('{$compiler->template->compiled->nocache_hash}', \$_smarty_tpl->compiled->nocache_hash, ob_get_clean());\n";
$output .= "}\n}\n";
$output .= "/*/ {$_funcName}_nocache */\n\n";
$output .= $compiler->cStyleComment("/ {$_funcName}_nocache ") . "\n\n";
$output .= "?>\n";
$compiler->parser->current_buffer->append_subtree(
$compiler->parser,
Expand All @@ -179,7 +179,7 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler)
}
$compiler->parent_compiler->tpl_function[ $_name ][ 'call_name' ] = $_funcName;
$output = "<?php\n";
$output .= "/* {$_funcName} */\n";
$output .= $compiler->cStyleComment(" {$_funcName} ") . "\n";
$output .= "if (!function_exists('{$_funcName}')) {\n";
$output .= "function {$_funcName}(Smarty_Internal_Template \$_smarty_tpl,\$params) {\n";
$output .= $_paramsCode;
Expand All @@ -196,7 +196,7 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler)
);
$compiler->parser->current_buffer->append_subtree($compiler->parser, $_functionCode);
$output = "<?php\n}}\n";
$output .= "/*/ {$_funcName} */\n\n";
$output .= $compiler->cStyleComment("/ {$_funcName} ") . "\n\n";
$output .= "?>\n";
$compiler->parser->current_buffer->append_subtree(
$compiler->parser,
Expand Down
Loading

0 comments on commit 8b533fb

Please sign in to comment.