diff options
| author | Mario <mario@mariovavti.com> | 2021-06-05 08:32:34 +0000 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2021-06-05 08:32:34 +0000 |
| commit | 4db384da34595adef68be6226e8b331b4d7b7f31 (patch) | |
| tree | 679833efddb27c4aee41aa8b1ddff3e1b9f505fc /vendor/smarty | |
| parent | 0784d2ea4e4f492d9f03d025b56d603d15b5ee89 (diff) | |
| download | volse-hubzilla-4db384da34595adef68be6226e8b331b4d7b7f31.tar.gz volse-hubzilla-4db384da34595adef68be6226e8b331b4d7b7f31.tar.bz2 volse-hubzilla-4db384da34595adef68be6226e8b331b4d7b7f31.zip | |
composer update smarty
Diffstat (limited to 'vendor/smarty')
5 files changed, 16 insertions, 1 deletions
diff --git a/vendor/smarty/smarty/CHANGELOG.md b/vendor/smarty/smarty/CHANGELOG.md index 06b898223..e3bb93a4f 100644 --- a/vendor/smarty/smarty/CHANGELOG.md +++ b/vendor/smarty/smarty/CHANGELOG.md @@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [3.1.39] - 2021-02-17 + +### Security +- Prevent access to `$smarty.template_object` in sandbox mode +- Fixed code injection vulnerability by using illegal function names in `{function name='blah'}{/function}` + ## [3.1.38] - 2021-01-08 ### Fixed diff --git a/vendor/smarty/smarty/expectException b/vendor/smarty/smarty/expectException new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/vendor/smarty/smarty/expectException diff --git a/vendor/smarty/smarty/libs/Smarty.class.php b/vendor/smarty/smarty/libs/Smarty.class.php index 6564be6d2..375bab133 100644 --- a/vendor/smarty/smarty/libs/Smarty.class.php +++ b/vendor/smarty/smarty/libs/Smarty.class.php @@ -111,7 +111,7 @@ class Smarty extends Smarty_Internal_TemplateBase /** * smarty version */ - const SMARTY_VERSION = '3.1.38'; + const SMARTY_VERSION = '3.1.39'; /** * define variable scopes */ diff --git a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_function.php b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_function.php index 6e408ca72..d0f2b0f4a 100644 --- a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_function.php +++ b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_function.php @@ -58,6 +58,11 @@ class Smarty_Internal_Compile_Function extends Smarty_Internal_CompileBase } unset($_attr[ 'nocache' ]); $_name = trim($_attr[ 'name' ], '\'"'); + + if (!preg_match('/^[a-zA-Z0-9_\x80-\xff]+$/', $_name)) { + $compiler->trigger_template_error("Function name contains invalid characters: {$_name}", null, true); + } + $compiler->parent_compiler->tpl_function[ $_name ] = array(); $save = array( $_attr, $compiler->parser->current_buffer, $compiler->template->compiled->has_nocache_code, diff --git a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_special_variable.php b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_special_variable.php index de7d4a224..d53ef51ff 100644 --- a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_special_variable.php +++ b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_special_variable.php @@ -81,6 +81,10 @@ class Smarty_Internal_Compile_Private_Special_Variable extends Smarty_Internal_C case 'template': return 'basename($_smarty_tpl->source->filepath)'; case 'template_object': + if (isset($compiler->smarty->security_policy)) { + $compiler->trigger_template_error("(secure mode) template_object not permitted"); + break; + } return '$_smarty_tpl'; case 'current_dir': return 'dirname($_smarty_tpl->source->filepath)'; |