aboutsummaryrefslogtreecommitdiffstats
path: root/vendor/smarty
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2022-10-11 19:20:46 +0000
committerMario <mario@mariovavti.com>2022-10-11 19:20:46 +0000
commit4070c46d157918a01e2a34820985a64fee4e99f0 (patch)
tree2ee04c8a086bb4e2a7c43a2fa2b947e73edffa38 /vendor/smarty
parenta749db8d0f216491cfefb3849891d93f89b775f7 (diff)
downloadvolse-hubzilla-4070c46d157918a01e2a34820985a64fee4e99f0.tar.gz
volse-hubzilla-4070c46d157918a01e2a34820985a64fee4e99f0.tar.bz2
volse-hubzilla-4070c46d157918a01e2a34820985a64fee4e99f0.zip
composer update smarty
Diffstat (limited to 'vendor/smarty')
-rw-r--r--vendor/smarty/smarty/CHANGELOG.md22
-rw-r--r--vendor/smarty/smarty/SECURITY.md2
-rw-r--r--vendor/smarty/smarty/libs/Smarty.class.php2
-rw-r--r--vendor/smarty/smarty/libs/debug.tpl53
-rw-r--r--vendor/smarty/smarty/libs/plugins/function.html_select_date.php69
-rw-r--r--vendor/smarty/smarty/libs/plugins/function.mailto.php28
-rw-r--r--vendor/smarty/smarty/libs/plugins/function.math.php2
-rw-r--r--vendor/smarty/smarty/libs/plugins/modifier.capitalize.php2
-rw-r--r--vendor/smarty/smarty/libs/plugins/modifier.explode.php25
-rw-r--r--vendor/smarty/smarty/libs/plugins/modifier.number_format.php26
-rw-r--r--vendor/smarty/smarty/libs/plugins/modifiercompiler.unescape.php22
-rw-r--r--vendor/smarty/smarty/libs/plugins/modifiercompiler.upper.php4
-rw-r--r--vendor/smarty/smarty/libs/plugins/shared.mb_str_replace.php36
-rw-r--r--vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_print_expression.php2
-rw-r--r--vendor/smarty/smarty/libs/sysplugins/smarty_internal_runtime_writefile.php17
-rw-r--r--vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php3
16 files changed, 225 insertions, 90 deletions
diff --git a/vendor/smarty/smarty/CHANGELOG.md b/vendor/smarty/smarty/CHANGELOG.md
index 784cc09f5..85fc91ec3 100644
--- a/vendor/smarty/smarty/CHANGELOG.md
+++ b/vendor/smarty/smarty/CHANGELOG.md
@@ -6,10 +6,30 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
+## [4.2.1] - 2022-09-14
+
+### Security
+- Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks [#454](https://github.com/smarty-php/smarty/issues/454)
+
+### Fixed
+- Fixed PHP8.1 deprecation errors in modifiers (upper, explode, number_format and replace) [#755](https://github.com/smarty-php/smarty/pull/755) and [#788](https://github.com/smarty-php/smarty/pull/788)
+- Fixed PHP8.1 deprecation errors in capitalize modifier [#789](https://github.com/smarty-php/smarty/issues/789)
+- Fixed use of `rand()` without a parameter in math function [#794](https://github.com/smarty-php/smarty/issues/794)
+- Fixed unselected year/month/day not working in html_select_date [#395](https://github.com/smarty-php/smarty/issues/395)
+
+## [4.2.0] - 2022-08-01
+
+### Fixed
+- Fixed problems with smarty_mb_str_replace [#549](https://github.com/smarty-php/smarty/issues/549)
+- Fixed second parameter of unescape modifier not working [#777](https://github.com/smarty-php/smarty/issues/777)
+
+### Changed
+- Updated HTML of the debug template [#599](https://github.com/smarty-php/smarty/pull/599)
+
## [4.1.1] - 2022-05-17
### Security
-- Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022-
+- Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022-29221
### Fixed
- Exclude docs and demo from export and composer [#751](https://github.com/smarty-php/smarty/pull/751)
diff --git a/vendor/smarty/smarty/SECURITY.md b/vendor/smarty/smarty/SECURITY.md
index d98ea0189..ae9d5dc8a 100644
--- a/vendor/smarty/smarty/SECURITY.md
+++ b/vendor/smarty/smarty/SECURITY.md
@@ -2,7 +2,7 @@
## Supported Versions
-Smarty currently supports the latest minor version of Smarty 3 and Smarty 4. (Smarty 4 has not been released yet.)
+Smarty currently supports the latest minor version of Smarty 3 and Smarty 4.
| Version | Supported |
| ------- | ------------------ |
diff --git a/vendor/smarty/smarty/libs/Smarty.class.php b/vendor/smarty/smarty/libs/Smarty.class.php
index 820a1ebde..21beafdf0 100644
--- a/vendor/smarty/smarty/libs/Smarty.class.php
+++ b/vendor/smarty/smarty/libs/Smarty.class.php
@@ -98,7 +98,7 @@ class Smarty extends Smarty_Internal_TemplateBase
/**
* smarty version
*/
- const SMARTY_VERSION = '4.1.1';
+ const SMARTY_VERSION = '4.2.1';
/**
* define variable scopes
*/
diff --git a/vendor/smarty/smarty/libs/debug.tpl b/vendor/smarty/smarty/libs/debug.tpl
index edc7bef98..4f82a5820 100644
--- a/vendor/smarty/smarty/libs/debug.tpl
+++ b/vendor/smarty/smarty/libs/debug.tpl
@@ -1,9 +1,9 @@
{capture name='_smarty_debug' assign=debug_output}
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+ <!DOCTYPE html>
+ <html lang="en">
<head>
<title>Smarty Debug Console</title>
- <style type="text/css">
+ <style>
{literal}
body, h1, h2, h3, td, th, p {
font-family: sans-serif;
@@ -31,6 +31,7 @@
padding: 2px;
border-top: 1px solid black;
}
+
h3 {
text-align: left;
font-weight: bold;
@@ -67,11 +68,11 @@
color: green;
}
- .odd {
+ tr:nth-child(odd) {
background-color: #eeeeee;
}
- .even {
+ tr:nth-child(even) {
background-color: #fafafa;
}
@@ -84,13 +85,16 @@
color: black;
font-weight: bold;
}
+
#blue h3 {
color: blue;
}
+
#normal div {
color: black;
font-weight: normal;
}
+
#table_assigned_vars th {
color: blue;
font-weight: bold;
@@ -99,7 +103,6 @@
#table_config_vars th {
color: maroon;
}
-
{/literal}
</style>
</head>
@@ -112,11 +115,11 @@
<h2>included templates &amp; config files (load time in seconds)</h2>
<div>
{foreach $template_data as $template}
- <font color=brown>{$template.name}</font>
- <br />&nbsp;&nbsp;<span class="exectime">
+ <span style="color: brown;">{$template.name}</span>
+ <br>&nbsp;&nbsp;<span class="exectime">
(compile {$template['compile_time']|string_format:"%.5f"}) (render {$template['render_time']|string_format:"%.5f"}) (cache {$template['cache_time']|string_format:"%.5f"})
</span>
- <br />
+ <br>
{/foreach}
</div>
{/if}
@@ -125,13 +128,22 @@
<table id="table_assigned_vars">
{foreach $assigned_vars as $vars}
- <tr class="{if $vars@iteration % 2 eq 0}odd{else}even{/if}">
- <td><h3><font color=blue>${$vars@key}</font></h3>
- {if isset($vars['nocache'])}<b>Nocache</b><br />{/if}
- {if isset($vars['scope'])}<b>Origin:</b> {$vars['scope']|debug_print_var nofilter}{/if}
+ <tr>
+ <td>
+ <h3 style="color: blue;">${$vars@key}</h3>
+ {if isset($vars['nocache'])}<strong>Nocache</strong><br>{/if}
+ {if isset($vars['scope'])}<strong>Origin:</strong> {$vars['scope']|debug_print_var nofilter}{/if}
+ </td>
+ <td>
+ <h3>Value</h3>
+ {$vars['value']|debug_print_var:10:80 nofilter}
+ </td>
+ <td>
+ {if isset($vars['attributes'])}
+ <h3>Attributes</h3>
+ {$vars['attributes']|debug_print_var nofilter}
+ {/if}
</td>
- <td><h3>Value</h3>{$vars['value']|debug_print_var:10:80 nofilter}</td>
- <td>{if isset($vars['attributes'])}<h3>Attributes</h3>{$vars['attributes']|debug_print_var nofilter} {/if}</td>
{/foreach}
</table>
@@ -139,11 +151,14 @@
<table id="table_config_vars">
{foreach $config_vars as $vars}
- <tr class="{if $vars@iteration % 2 eq 0}odd{else}even{/if}">
- <td><h3><font color=blue>#{$vars@key}#</font></h3>
- {if isset($vars['scope'])}<b>Origin:</b> {$vars['scope']|debug_print_var nofilter}{/if}
+ <tr>
+ <td>
+ <h3 style="color: blue;">#{$vars@key}#</h3>
+ {if isset($vars['scope'])}<strong>Origin:</strong> {$vars['scope']|debug_print_var nofilter}{/if}
+ </td>
+ <td>
+ {$vars['value']|debug_print_var:10:80 nofilter}
</td>
- <td>{$vars['value']|debug_print_var:10:80 nofilter}</td>
</tr>
{/foreach}
diff --git a/vendor/smarty/smarty/libs/plugins/function.html_select_date.php b/vendor/smarty/smarty/libs/plugins/function.html_select_date.php
index 763fc60f9..a396046b2 100644
--- a/vendor/smarty/smarty/libs/plugins/function.html_select_date.php
+++ b/vendor/smarty/smarty/libs/plugins/function.html_select_date.php
@@ -101,6 +101,7 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem
$field_separator = "\n";
$option_separator = "\n";
$time = null;
+
// $all_empty = null;
// $day_empty = null;
// $month_empty = null;
@@ -113,17 +114,7 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem
foreach ($params as $_key => $_value) {
switch ($_key) {
case 'time':
- if (!is_array($_value) && $_value !== null) {
- $template->_checkPlugins(
- array(
- array(
- 'function' => 'smarty_make_timestamp',
- 'file' => SMARTY_PLUGINS_DIR . 'shared.make_timestamp.php'
- )
- )
- );
- $time = smarty_make_timestamp($_value);
- }
+ $$_key = $_value; // we'll handle conversion below
break;
case 'month_names':
if (is_array($_value) && count($_value) === 12) {
@@ -178,43 +169,59 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem
}
// Note: date() is faster than strftime()
// Note: explode(date()) is faster than date() date() date()
- if (isset($params[ 'time' ]) && is_array($params[ 'time' ])) {
- if (isset($params[ 'time' ][ $prefix . 'Year' ])) {
+
+ if (isset($time) && is_array($time)) {
+ if (isset($time[$prefix . 'Year'])) {
// $_REQUEST[$field_array] given
- foreach (array(
- 'Y' => 'Year',
- 'm' => 'Month',
- 'd' => 'Day'
- ) as $_elementKey => $_elementName) {
+ foreach ([
+ 'Y' => 'Year',
+ 'm' => 'Month',
+ 'd' => 'Day'
+ ] as $_elementKey => $_elementName) {
$_variableName = '_' . strtolower($_elementName);
$$_variableName =
- isset($params[ 'time' ][ $prefix . $_elementName ]) ? $params[ 'time' ][ $prefix . $_elementName ] :
+ isset($time[$prefix . $_elementName]) ? $time[$prefix . $_elementName] :
date($_elementKey);
}
- } elseif (isset($params[ 'time' ][ $field_array ][ $prefix . 'Year' ])) {
+ } elseif (isset($time[$field_array][$prefix . 'Year'])) {
// $_REQUEST given
- foreach (array(
- 'Y' => 'Year',
- 'm' => 'Month',
- 'd' => 'Day'
- ) as $_elementKey => $_elementName) {
+ foreach ([
+ 'Y' => 'Year',
+ 'm' => 'Month',
+ 'd' => 'Day'
+ ] as $_elementKey => $_elementName) {
$_variableName = '_' . strtolower($_elementName);
- $$_variableName = isset($params[ 'time' ][ $field_array ][ $prefix . $_elementName ]) ?
- $params[ 'time' ][ $field_array ][ $prefix . $_elementName ] : date($_elementKey);
+ $$_variableName = isset($time[$field_array][$prefix . $_elementName]) ?
+ $time[$field_array][$prefix . $_elementName] : date($_elementKey);
}
} else {
// no date found, use NOW
- list($_year, $_month, $_day) = $time = explode('-', date('Y-m-d'));
+ [$_year, $_month, $_day] = explode('-', date('Y-m-d'));
}
+ } elseif (isset($time) && preg_match("/(\d*)-(\d*)-(\d*)/", $time, $matches)) {
+ $_year = $_month = $_day = null;
+ if ($matches[1] > '') $_year = (int) $matches[1];
+ if ($matches[2] > '') $_month = (int) $matches[2];
+ if ($matches[3] > '') $_day = (int) $matches[3];
} elseif ($time === null) {
if (array_key_exists('time', $params)) {
- $_year = $_month = $_day = $time = null;
+ $_year = $_month = $_day = null;
} else {
- list($_year, $_month, $_day) = $time = explode('-', date('Y-m-d'));
+ [$_year, $_month, $_day] = explode('-', date('Y-m-d'));
}
} else {
- list($_year, $_month, $_day) = $time = explode('-', date('Y-m-d', $time));
+ $template->_checkPlugins(
+ array(
+ array(
+ 'function' => 'smarty_make_timestamp',
+ 'file' => SMARTY_PLUGINS_DIR . 'shared.make_timestamp.php'
+ )
+ )
+ );
+ $time = smarty_make_timestamp($time);
+ [$_year, $_month, $_day] = explode('-', date('Y-m-d', $time));
}
+
// make syntax "+N" or "-N" work with $start_year and $end_year
// Note preg_match('!^(\+|\-)\s*(\d+)$!', $end_year, $match) is slower than trim+substr
foreach (array(
diff --git a/vendor/smarty/smarty/libs/plugins/function.mailto.php b/vendor/smarty/smarty/libs/plugins/function.mailto.php
index 834d0535a..671ac0694 100644
--- a/vendor/smarty/smarty/libs/plugins/function.mailto.php
+++ b/vendor/smarty/smarty/libs/plugins/function.mailto.php
@@ -48,8 +48,13 @@
*/
function smarty_function_mailto($params)
{
- static $_allowed_encoding =
- array('javascript' => true, 'javascript_charcode' => true, 'hex' => true, 'none' => true);
+ static $_allowed_encoding = [
+ 'javascript' => true,
+ 'javascript_charcode' => true,
+ 'hex' => true,
+ 'none' => true
+ ];
+
$extra = '';
if (empty($params[ 'address' ])) {
trigger_error("mailto: missing 'address' parameter", E_USER_WARNING);
@@ -57,19 +62,19 @@ function smarty_function_mailto($params)
} else {
$address = $params[ 'address' ];
}
+
$text = $address;
+
// netscape and mozilla do not decode %40 (@) in BCC field (bug?)
// so, don't encode it.
- $search = array('%40', '%2C');
- $replace = array('@', ',');
- $mail_parms = array();
+ $mail_parms = [];
foreach ($params as $var => $value) {
switch ($var) {
case 'cc':
case 'bcc':
case 'followupto':
if (!empty($value)) {
- $mail_parms[] = $var . '=' . str_replace($search, $replace, rawurlencode($value));
+ $mail_parms[] = $var . '=' . str_replace(['%40', '%2C'], ['@', ','], rawurlencode($value));
}
break;
case 'subject':
@@ -83,6 +88,7 @@ function smarty_function_mailto($params)
default:
}
}
+
if ($mail_parms) {
$address .= '?' . join('&', $mail_parms);
}
@@ -94,19 +100,21 @@ function smarty_function_mailto($params)
);
return;
}
+
+ $string = '<a href="mailto:' . htmlspecialchars($address, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, Smarty::$_CHARSET) .
+ '" ' . $extra . '>' . htmlspecialchars($text, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, Smarty::$_CHARSET) . '</a>';
+
if ($encode === 'javascript') {
- $string = '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>';
$js_encode = '';
for ($x = 0, $_length = strlen($string); $x < $_length; $x++) {
$js_encode .= '%' . bin2hex($string[ $x ]);
}
return '<script type="text/javascript">document.write(unescape(\'' . $js_encode . '\'))</script>';
} elseif ($encode === 'javascript_charcode') {
- $string = '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>';
for ($x = 0, $_length = strlen($string); $x < $_length; $x++) {
$ord[] = ord($string[ $x ]);
}
- return '<script type="text/javascript">document.write(String.fromCharCode(' . implode(',', $ord) . '))</script>';
+ return '<script type="text/javascript">document.write(String.fromCharCode(' . implode(',', $ord) . '))</script>';
} elseif ($encode === 'hex') {
preg_match('!^(.*)(\?.*)$!', $address, $match);
if (!empty($match[ 2 ])) {
@@ -129,6 +137,6 @@ function smarty_function_mailto($params)
return '<a href="' . $mailto . $address_encode . '" ' . $extra . '>' . $text_encode . '</a>';
} else {
// no encoding
- return '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>';
+ return $string;
}
}
diff --git a/vendor/smarty/smarty/libs/plugins/function.math.php b/vendor/smarty/smarty/libs/plugins/function.math.php
index 8560e9441..f9cf67fe7 100644
--- a/vendor/smarty/smarty/libs/plugins/function.math.php
+++ b/vendor/smarty/smarty/libs/plugins/function.math.php
@@ -70,7 +70,7 @@ function smarty_function_math($params, $template)
$number = '(?:\d+(?:[,.]\d+)?|pi|π)'; // What is a number
$functionsOrVars = '((?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*))';
$operators = '[,+\/*\^%-]'; // Allowed math operators
- $regexp = '/^(('.$number.'|'.$functionsOrVars.'|('.$functionsOrVars.'\s*\((?1)+\)|\((?1)+\)))(?:'.$operators.'(?1))?)+$/';
+ $regexp = '/^(('.$number.'|'.$functionsOrVars.'|('.$functionsOrVars.'\s*\((?1)*\)|\((?1)*\)))(?:'.$operators.'(?1))?)+$/';
if (!preg_match($regexp, $equation)) {
trigger_error("math: illegal characters", E_USER_WARNING);
diff --git a/vendor/smarty/smarty/libs/plugins/modifier.capitalize.php b/vendor/smarty/smarty/libs/plugins/modifier.capitalize.php
index c5fc400a6..b7da08980 100644
--- a/vendor/smarty/smarty/libs/plugins/modifier.capitalize.php
+++ b/vendor/smarty/smarty/libs/plugins/modifier.capitalize.php
@@ -22,6 +22,8 @@
*/
function smarty_modifier_capitalize($string, $uc_digits = false, $lc_rest = false)
{
+ $string = (string) $string;
+
if (Smarty::$_MBSTRING) {
if ($lc_rest) {
// uppercase (including hyphenated words)
diff --git a/vendor/smarty/smarty/libs/plugins/modifier.explode.php b/vendor/smarty/smarty/libs/plugins/modifier.explode.php
new file mode 100644
index 000000000..5186fde3d
--- /dev/null
+++ b/vendor/smarty/smarty/libs/plugins/modifier.explode.php
@@ -0,0 +1,25 @@
+<?php
+/**
+ * Smarty plugin
+ *
+ * @package Smarty
+ * @subpackage PluginsModifier
+ */
+
+/**
+ * Smarty explode modifier plugin
+ * Type: modifier
+ * Name: explode
+ * Purpose: split a string by a string
+ *
+ * @param string $separator
+ * @param string $string
+ * @param int|null $limit
+ *
+ * @return array
+ */
+function smarty_modifier_explode($separator, $string, ?int $limit = null)
+{
+ // provide $string default to prevent deprecation errors in PHP >=8.1
+ return explode($separator, $string ?? '', $limit ?? PHP_INT_MAX);
+}
diff --git a/vendor/smarty/smarty/libs/plugins/modifier.number_format.php b/vendor/smarty/smarty/libs/plugins/modifier.number_format.php
new file mode 100644
index 000000000..8c612601f
--- /dev/null
+++ b/vendor/smarty/smarty/libs/plugins/modifier.number_format.php
@@ -0,0 +1,26 @@
+<?php
+/**
+ * Smarty plugin
+ *
+ * @package Smarty
+ * @subpackage PluginsModifier
+ */
+
+/**
+ * Smarty number_format modifier plugin
+ * Type: modifier
+ * Name: number_format
+ * Purpose: Format a number with grouped thousands
+ *
+ * @param float|null $num
+ * @param int $decimals
+ * @param string|null $decimal_separator
+ * @param string|null $thousands_separator
+ *
+ * @return string
+ */
+function smarty_modifier_number_format(?float $num, int $decimals = 0, ?string $decimal_separator = ".", ?string $thousands_separator = ",")
+{
+ // provide $num default to prevent deprecation errors in PHP >=8.1
+ return number_format($num ?? 0.0, $decimals, $decimal_separator, $thousands_separator);
+}
diff --git a/vendor/smarty/smarty/libs/plugins/modifiercompiler.unescape.php b/vendor/smarty/smarty/libs/plugins/modifiercompiler.unescape.php
index 05beb81f5..3438fe3e0 100644
--- a/vendor/smarty/smarty/libs/plugins/modifiercompiler.unescape.php
+++ b/vendor/smarty/smarty/libs/plugins/modifiercompiler.unescape.php
@@ -14,20 +14,28 @@
* @author Rodney Rehm
*
* @param array $params parameters
+ * @param Smarty_Internal_TemplateCompilerBase $compiler
*
* @return string with compiled code
*/
-function smarty_modifiercompiler_unescape($params)
+function smarty_modifiercompiler_unescape($params, Smarty_Internal_TemplateCompilerBase $compiler)
{
- if (!isset($params[ 1 ])) {
- $params[ 1 ] = 'html';
- }
+ $compiler->template->_checkPlugins(
+ array(
+ array(
+ 'function' => 'smarty_literal_compiler_param',
+ 'file' => SMARTY_PLUGINS_DIR . 'shared.literal_compiler_param.php'
+ )
+ )
+ );
+
+ $esc_type = smarty_literal_compiler_param($params, 1, 'html');
+
if (!isset($params[ 2 ])) {
$params[ 2 ] = '\'' . addslashes(Smarty::$_CHARSET) . '\'';
- } else {
- $params[ 2 ] = "'{$params[ 2 ]}'";
}
- switch (trim($params[ 1 ], '"\'')) {
+
+ switch ($esc_type) {
case 'entity':
case 'htmlall':
if (Smarty::$_MBSTRING) {
diff --git a/vendor/smarty/smarty/libs/plugins/modifiercompiler.upper.php b/vendor/smarty/smarty/libs/plugins/modifiercompiler.upper.php
index e12ae6769..31a90a055 100644
--- a/vendor/smarty/smarty/libs/plugins/modifiercompiler.upper.php
+++ b/vendor/smarty/smarty/libs/plugins/modifiercompiler.upper.php
@@ -21,8 +21,8 @@
function smarty_modifiercompiler_upper($params)
{
if (Smarty::$_MBSTRING) {
- return 'mb_strtoupper(' . $params[ 0 ] . ', \'' . addslashes(Smarty::$_CHARSET) . '\')';
+ return 'mb_strtoupper(' . $params[ 0 ] . ' ?? \'\', \'' . addslashes(Smarty::$_CHARSET) . '\')';
}
// no MBString fallback
- return 'strtoupper(' . $params[ 0 ] . ')';
+ return 'strtoupper(' . $params[ 0 ] . ' ?? \'\')';
}
diff --git a/vendor/smarty/smarty/libs/plugins/shared.mb_str_replace.php b/vendor/smarty/smarty/libs/plugins/shared.mb_str_replace.php
index 226d9035d..7e85f7aae 100644
--- a/vendor/smarty/smarty/libs/plugins/shared.mb_str_replace.php
+++ b/vendor/smarty/smarty/libs/plugins/shared.mb_str_replace.php
@@ -44,9 +44,43 @@ if (!function_exists('smarty_mb_str_replace')) {
}
}
} else {
- $parts = mb_split(preg_quote($search), $subject) ?: array();
+ $mb_reg_charset = mb_regex_encoding();
+ // Check if mbstring regex is using UTF-8
+ $reg_is_unicode = !strcasecmp($mb_reg_charset, "UTF-8");
+ if(!$reg_is_unicode) {
+ // ...and set to UTF-8 if not
+ mb_regex_encoding("UTF-8");
+ }
+
+ // See if charset used by Smarty is matching one used by regex...
+ $current_charset = mb_regex_encoding();
+ $convert_result = (bool)strcasecmp(Smarty::$_CHARSET, $current_charset);
+ if($convert_result) {
+ // ...convert to it if not.
+ $subject = mb_convert_encoding($subject, $current_charset, Smarty::$_CHARSET);
+ $search = mb_convert_encoding($search, $current_charset, Smarty::$_CHARSET);
+ $replace = mb_convert_encoding($replace, $current_charset, Smarty::$_CHARSET);
+ }
+
+ $parts = mb_split(preg_quote($search), $subject ?? "") ?: array();
+ // If original regex encoding was not unicode...
+ if(!$reg_is_unicode) {
+ // ...restore original regex encoding to avoid breaking the system.
+ mb_regex_encoding($mb_reg_charset);
+ }
+ if($parts === false) {
+ // This exception is thrown if call to mb_split failed.
+ // Usually it happens, when $search or $replace are not valid for given mb_regex_encoding().
+ // There may be other cases for it to fail, please file an issue if you find a reproducible one.
+ throw new SmartyException("Source string is not a valid $current_charset sequence (probably)");
+ }
+
$count = count($parts) - 1;
$subject = implode($replace, $parts);
+ // Convert results back to charset used by Smarty, if needed.
+ if($convert_result) {
+ $subject = mb_convert_encoding($subject, Smarty::$_CHARSET, $current_charset);
+ }
}
return $subject;
}
diff --git a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_print_expression.php b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_print_expression.php
index 23cae8aef..96bd37244 100644
--- a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_print_expression.php
+++ b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_print_expression.php
@@ -93,7 +93,7 @@ class Smarty_Internal_Compile_Private_Print_Expression extends Smarty_Internal_C
}
// autoescape html
if ($compiler->template->smarty->escape_html) {
- $output = "htmlspecialchars({$output}, ENT_QUOTES, '" . addslashes(Smarty::$_CHARSET) . "')";
+ $output = "htmlspecialchars((string) {$output}, ENT_QUOTES, '" . addslashes(Smarty::$_CHARSET) . "')";
}
// loop over registered filters
if (!empty($compiler->template->smarty->registered_filters[ Smarty::FILTER_VARIABLE ])) {
diff --git a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_runtime_writefile.php b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_runtime_writefile.php
index 4383e6f38..18c149459 100644
--- a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_runtime_writefile.php
+++ b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_runtime_writefile.php
@@ -29,12 +29,7 @@ class Smarty_Internal_Runtime_WriteFile
{
$_error_reporting = error_reporting();
error_reporting($_error_reporting & ~E_NOTICE & ~E_WARNING);
- $_file_perms = property_exists($smarty, '_file_perms') ? $smarty->_file_perms : 0644;
- $_dir_perms =
- property_exists($smarty, '_dir_perms') ? (isset($smarty->_dir_perms) ? $smarty->_dir_perms : 0777) : 0771;
- if ($_file_perms !== null) {
- $old_umask = umask(0);
- }
+ $old_umask = umask(0);
$_dirpath = dirname($_filepath);
// if subdirs, create dir structure
if ($_dirpath !== '.') {
@@ -42,7 +37,7 @@ class Smarty_Internal_Runtime_WriteFile
// loop if concurrency problem occurs
// see https://bugs.php.net/bug.php?id=35326
while (!is_dir($_dirpath)) {
- if (@mkdir($_dirpath, $_dir_perms, true)) {
+ if (@mkdir($_dirpath, 0771, true)) {
break;
}
clearstatcache();
@@ -89,11 +84,9 @@ class Smarty_Internal_Runtime_WriteFile
error_reporting($_error_reporting);
throw new SmartyException("unable to write file {$_filepath}");
}
- if ($_file_perms !== null) {
- // set file permissions
- chmod($_filepath, $_file_perms);
- umask($old_umask);
- }
+ // set file permissions
+ chmod($_filepath, 0644);
+ umask($old_umask);
error_reporting($_error_reporting);
return true;
}
diff --git a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php
index bd500abe4..d6f86ac0a 100644
--- a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php
+++ b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php
@@ -422,9 +422,6 @@ abstract class Smarty_Internal_TemplateCompilerBase
try {
// save template object in compiler class
$this->template = $template;
- if (property_exists($this->template->smarty, 'plugin_search_order')) {
- $this->plugin_search_order = $this->template->smarty->plugin_search_order;
- }
if ($this->smarty->debugging) {
if (!isset($this->smarty->_debug)) {
$this->smarty->_debug = new Smarty_Internal_Debug();