diff options
19 files changed, 243 insertions, 108 deletions
diff --git a/composer.lock b/composer.lock index f45495013..176cd3afd 100644 --- a/composer.lock +++ b/composer.lock @@ -1499,16 +1499,16 @@ }, { "name": "smarty/smarty", - "version": "v4.1.1", + "version": "v4.2.1", "source": { "type": "git", "url": "https://github.com/smarty-php/smarty.git", - "reference": "71036be8be02bf93735c47b0b745f722efbc729f" + "reference": "ffa2b81a8e354a49fd8a2f24742dc9dc399e8007" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/smarty-php/smarty/zipball/71036be8be02bf93735c47b0b745f722efbc729f", - "reference": "71036be8be02bf93735c47b0b745f722efbc729f", + "url": "https://api.github.com/repos/smarty-php/smarty/zipball/ffa2b81a8e354a49fd8a2f24742dc9dc399e8007", + "reference": "ffa2b81a8e354a49fd8a2f24742dc9dc399e8007", "shasum": "" }, "require": { @@ -1559,9 +1559,9 @@ "support": { "forum": "https://github.com/smarty-php/smarty/discussions", "issues": "https://github.com/smarty-php/smarty/issues", - "source": "https://github.com/smarty-php/smarty/tree/v4.1.1" + "source": "https://github.com/smarty-php/smarty/tree/v4.2.1" }, - "time": "2022-05-17T12:56:28+00:00" + "time": "2022-09-14T10:59:01+00:00" }, { "name": "symfony/polyfill-php81", diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json index 5afb1aada..f4093ccdf 100644 --- a/vendor/composer/installed.json +++ b/vendor/composer/installed.json @@ -1551,17 +1551,17 @@ }, { "name": "smarty/smarty", - "version": "v4.1.1", - "version_normalized": "4.1.1.0", + "version": "v4.2.1", + "version_normalized": "4.2.1.0", "source": { "type": "git", "url": "https://github.com/smarty-php/smarty.git", - "reference": "71036be8be02bf93735c47b0b745f722efbc729f" + "reference": "ffa2b81a8e354a49fd8a2f24742dc9dc399e8007" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/smarty-php/smarty/zipball/71036be8be02bf93735c47b0b745f722efbc729f", - "reference": "71036be8be02bf93735c47b0b745f722efbc729f", + "url": "https://api.github.com/repos/smarty-php/smarty/zipball/ffa2b81a8e354a49fd8a2f24742dc9dc399e8007", + "reference": "ffa2b81a8e354a49fd8a2f24742dc9dc399e8007", "shasum": "" }, "require": { @@ -1571,7 +1571,7 @@ "phpunit/phpunit": "^8.5 || ^7.5", "smarty/smarty-lexer": "^3.1" }, - "time": "2022-05-17T12:56:28+00:00", + "time": "2022-09-14T10:59:01+00:00", "type": "library", "extra": { "branch-alias": { @@ -1614,7 +1614,7 @@ "support": { "forum": "https://github.com/smarty-php/smarty/discussions", "issues": "https://github.com/smarty-php/smarty/issues", - "source": "https://github.com/smarty-php/smarty/tree/v4.1.1" + "source": "https://github.com/smarty-php/smarty/tree/v4.2.1" }, "install-path": "../smarty/smarty" }, diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php index b287e2557..468419cfe 100644 --- a/vendor/composer/installed.php +++ b/vendor/composer/installed.php @@ -3,7 +3,7 @@ 'name' => 'zotlabs/hubzilla', 'pretty_version' => 'dev-master', 'version' => 'dev-master', - 'reference' => '10ba98c4f5ec4efe6272516de47f0ce128ef2902', + 'reference' => 'a749db8d0f216491cfefb3849891d93f89b775f7', 'type' => 'application', 'install_path' => __DIR__ . '/../../', 'aliases' => array(), @@ -215,9 +215,9 @@ 'dev_requirement' => false, ), 'smarty/smarty' => array( - 'pretty_version' => 'v4.1.1', - 'version' => '4.1.1.0', - 'reference' => '71036be8be02bf93735c47b0b745f722efbc729f', + 'pretty_version' => 'v4.2.1', + 'version' => '4.2.1.0', + 'reference' => 'ffa2b81a8e354a49fd8a2f24742dc9dc399e8007', 'type' => 'library', 'install_path' => __DIR__ . '/../smarty/smarty', 'aliases' => array(), @@ -268,7 +268,7 @@ 'zotlabs/hubzilla' => array( 'pretty_version' => 'dev-master', 'version' => 'dev-master', - 'reference' => '10ba98c4f5ec4efe6272516de47f0ce128ef2902', + 'reference' => 'a749db8d0f216491cfefb3849891d93f89b775f7', 'type' => 'application', 'install_path' => __DIR__ . '/../../', 'aliases' => array(), diff --git a/vendor/smarty/smarty/CHANGELOG.md b/vendor/smarty/smarty/CHANGELOG.md index 784cc09f5..85fc91ec3 100644 --- a/vendor/smarty/smarty/CHANGELOG.md +++ b/vendor/smarty/smarty/CHANGELOG.md @@ -6,10 +6,30 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [4.2.1] - 2022-09-14 + +### Security +- Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks [#454](https://github.com/smarty-php/smarty/issues/454) + +### Fixed +- Fixed PHP8.1 deprecation errors in modifiers (upper, explode, number_format and replace) [#755](https://github.com/smarty-php/smarty/pull/755) and [#788](https://github.com/smarty-php/smarty/pull/788) +- Fixed PHP8.1 deprecation errors in capitalize modifier [#789](https://github.com/smarty-php/smarty/issues/789) +- Fixed use of `rand()` without a parameter in math function [#794](https://github.com/smarty-php/smarty/issues/794) +- Fixed unselected year/month/day not working in html_select_date [#395](https://github.com/smarty-php/smarty/issues/395) + +## [4.2.0] - 2022-08-01 + +### Fixed +- Fixed problems with smarty_mb_str_replace [#549](https://github.com/smarty-php/smarty/issues/549) +- Fixed second parameter of unescape modifier not working [#777](https://github.com/smarty-php/smarty/issues/777) + +### Changed +- Updated HTML of the debug template [#599](https://github.com/smarty-php/smarty/pull/599) + ## [4.1.1] - 2022-05-17 ### Security -- Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022- +- Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022-29221 ### Fixed - Exclude docs and demo from export and composer [#751](https://github.com/smarty-php/smarty/pull/751) diff --git a/vendor/smarty/smarty/SECURITY.md b/vendor/smarty/smarty/SECURITY.md index d98ea0189..ae9d5dc8a 100644 --- a/vendor/smarty/smarty/SECURITY.md +++ b/vendor/smarty/smarty/SECURITY.md @@ -2,7 +2,7 @@ ## Supported Versions -Smarty currently supports the latest minor version of Smarty 3 and Smarty 4. (Smarty 4 has not been released yet.) +Smarty currently supports the latest minor version of Smarty 3 and Smarty 4. | Version | Supported | | ------- | ------------------ | diff --git a/vendor/smarty/smarty/libs/Smarty.class.php b/vendor/smarty/smarty/libs/Smarty.class.php index 820a1ebde..21beafdf0 100644 --- a/vendor/smarty/smarty/libs/Smarty.class.php +++ b/vendor/smarty/smarty/libs/Smarty.class.php @@ -98,7 +98,7 @@ class Smarty extends Smarty_Internal_TemplateBase /** * smarty version */ - const SMARTY_VERSION = '4.1.1'; + const SMARTY_VERSION = '4.2.1'; /** * define variable scopes */ diff --git a/vendor/smarty/smarty/libs/debug.tpl b/vendor/smarty/smarty/libs/debug.tpl index edc7bef98..4f82a5820 100644 --- a/vendor/smarty/smarty/libs/debug.tpl +++ b/vendor/smarty/smarty/libs/debug.tpl @@ -1,9 +1,9 @@ {capture name='_smarty_debug' assign=debug_output} - <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> - <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + <!DOCTYPE html> + <html lang="en"> <head> <title>Smarty Debug Console</title> - <style type="text/css"> + <style> {literal} body, h1, h2, h3, td, th, p { font-family: sans-serif; @@ -31,6 +31,7 @@ padding: 2px; border-top: 1px solid black; } + h3 { text-align: left; font-weight: bold; @@ -67,11 +68,11 @@ color: green; } - .odd { + tr:nth-child(odd) { background-color: #eeeeee; } - .even { + tr:nth-child(even) { background-color: #fafafa; } @@ -84,13 +85,16 @@ color: black; font-weight: bold; } + #blue h3 { color: blue; } + #normal div { color: black; font-weight: normal; } + #table_assigned_vars th { color: blue; font-weight: bold; @@ -99,7 +103,6 @@ #table_config_vars th { color: maroon; } - {/literal} </style> </head> @@ -112,11 +115,11 @@ <h2>included templates & config files (load time in seconds)</h2> <div> {foreach $template_data as $template} - <font color=brown>{$template.name}</font> - <br /> <span class="exectime"> + <span style="color: brown;">{$template.name}</span> + <br> <span class="exectime"> (compile {$template['compile_time']|string_format:"%.5f"}) (render {$template['render_time']|string_format:"%.5f"}) (cache {$template['cache_time']|string_format:"%.5f"}) </span> - <br /> + <br> {/foreach} </div> {/if} @@ -125,13 +128,22 @@ <table id="table_assigned_vars"> {foreach $assigned_vars as $vars} - <tr class="{if $vars@iteration % 2 eq 0}odd{else}even{/if}"> - <td><h3><font color=blue>${$vars@key}</font></h3> - {if isset($vars['nocache'])}<b>Nocache</b><br />{/if} - {if isset($vars['scope'])}<b>Origin:</b> {$vars['scope']|debug_print_var nofilter}{/if} + <tr> + <td> + <h3 style="color: blue;">${$vars@key}</h3> + {if isset($vars['nocache'])}<strong>Nocache</strong><br>{/if} + {if isset($vars['scope'])}<strong>Origin:</strong> {$vars['scope']|debug_print_var nofilter}{/if} + </td> + <td> + <h3>Value</h3> + {$vars['value']|debug_print_var:10:80 nofilter} + </td> + <td> + {if isset($vars['attributes'])} + <h3>Attributes</h3> + {$vars['attributes']|debug_print_var nofilter} + {/if} </td> - <td><h3>Value</h3>{$vars['value']|debug_print_var:10:80 nofilter}</td> - <td>{if isset($vars['attributes'])}<h3>Attributes</h3>{$vars['attributes']|debug_print_var nofilter} {/if}</td> {/foreach} </table> @@ -139,11 +151,14 @@ <table id="table_config_vars"> {foreach $config_vars as $vars} - <tr class="{if $vars@iteration % 2 eq 0}odd{else}even{/if}"> - <td><h3><font color=blue>#{$vars@key}#</font></h3> - {if isset($vars['scope'])}<b>Origin:</b> {$vars['scope']|debug_print_var nofilter}{/if} + <tr> + <td> + <h3 style="color: blue;">#{$vars@key}#</h3> + {if isset($vars['scope'])}<strong>Origin:</strong> {$vars['scope']|debug_print_var nofilter}{/if} + </td> + <td> + {$vars['value']|debug_print_var:10:80 nofilter} </td> - <td>{$vars['value']|debug_print_var:10:80 nofilter}</td> </tr> {/foreach} diff --git a/vendor/smarty/smarty/libs/plugins/function.html_select_date.php b/vendor/smarty/smarty/libs/plugins/function.html_select_date.php index 763fc60f9..a396046b2 100644 --- a/vendor/smarty/smarty/libs/plugins/function.html_select_date.php +++ b/vendor/smarty/smarty/libs/plugins/function.html_select_date.php @@ -101,6 +101,7 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem $field_separator = "\n"; $option_separator = "\n"; $time = null; + // $all_empty = null; // $day_empty = null; // $month_empty = null; @@ -113,17 +114,7 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem foreach ($params as $_key => $_value) { switch ($_key) { case 'time': - if (!is_array($_value) && $_value !== null) { - $template->_checkPlugins( - array( - array( - 'function' => 'smarty_make_timestamp', - 'file' => SMARTY_PLUGINS_DIR . 'shared.make_timestamp.php' - ) - ) - ); - $time = smarty_make_timestamp($_value); - } + $$_key = $_value; // we'll handle conversion below break; case 'month_names': if (is_array($_value) && count($_value) === 12) { @@ -178,43 +169,59 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem } // Note: date() is faster than strftime() // Note: explode(date()) is faster than date() date() date() - if (isset($params[ 'time' ]) && is_array($params[ 'time' ])) { - if (isset($params[ 'time' ][ $prefix . 'Year' ])) { + + if (isset($time) && is_array($time)) { + if (isset($time[$prefix . 'Year'])) { // $_REQUEST[$field_array] given - foreach (array( - 'Y' => 'Year', - 'm' => 'Month', - 'd' => 'Day' - ) as $_elementKey => $_elementName) { + foreach ([ + 'Y' => 'Year', + 'm' => 'Month', + 'd' => 'Day' + ] as $_elementKey => $_elementName) { $_variableName = '_' . strtolower($_elementName); $$_variableName = - isset($params[ 'time' ][ $prefix . $_elementName ]) ? $params[ 'time' ][ $prefix . $_elementName ] : + isset($time[$prefix . $_elementName]) ? $time[$prefix . $_elementName] : date($_elementKey); } - } elseif (isset($params[ 'time' ][ $field_array ][ $prefix . 'Year' ])) { + } elseif (isset($time[$field_array][$prefix . 'Year'])) { // $_REQUEST given - foreach (array( - 'Y' => 'Year', - 'm' => 'Month', - 'd' => 'Day' - ) as $_elementKey => $_elementName) { + foreach ([ + 'Y' => 'Year', + 'm' => 'Month', + 'd' => 'Day' + ] as $_elementKey => $_elementName) { $_variableName = '_' . strtolower($_elementName); - $$_variableName = isset($params[ 'time' ][ $field_array ][ $prefix . $_elementName ]) ? - $params[ 'time' ][ $field_array ][ $prefix . $_elementName ] : date($_elementKey); + $$_variableName = isset($time[$field_array][$prefix . $_elementName]) ? + $time[$field_array][$prefix . $_elementName] : date($_elementKey); } } else { // no date found, use NOW - list($_year, $_month, $_day) = $time = explode('-', date('Y-m-d')); + [$_year, $_month, $_day] = explode('-', date('Y-m-d')); } + } elseif (isset($time) && preg_match("/(\d*)-(\d*)-(\d*)/", $time, $matches)) { + $_year = $_month = $_day = null; + if ($matches[1] > '') $_year = (int) $matches[1]; + if ($matches[2] > '') $_month = (int) $matches[2]; + if ($matches[3] > '') $_day = (int) $matches[3]; } elseif ($time === null) { if (array_key_exists('time', $params)) { - $_year = $_month = $_day = $time = null; + $_year = $_month = $_day = null; } else { - list($_year, $_month, $_day) = $time = explode('-', date('Y-m-d')); + [$_year, $_month, $_day] = explode('-', date('Y-m-d')); } } else { - list($_year, $_month, $_day) = $time = explode('-', date('Y-m-d', $time)); + $template->_checkPlugins( + array( + array( + 'function' => 'smarty_make_timestamp', + 'file' => SMARTY_PLUGINS_DIR . 'shared.make_timestamp.php' + ) + ) + ); + $time = smarty_make_timestamp($time); + [$_year, $_month, $_day] = explode('-', date('Y-m-d', $time)); } + // make syntax "+N" or "-N" work with $start_year and $end_year // Note preg_match('!^(\+|\-)\s*(\d+)$!', $end_year, $match) is slower than trim+substr foreach (array( diff --git a/vendor/smarty/smarty/libs/plugins/function.mailto.php b/vendor/smarty/smarty/libs/plugins/function.mailto.php index 834d0535a..671ac0694 100644 --- a/vendor/smarty/smarty/libs/plugins/function.mailto.php +++ b/vendor/smarty/smarty/libs/plugins/function.mailto.php @@ -48,8 +48,13 @@ */ function smarty_function_mailto($params) { - static $_allowed_encoding = - array('javascript' => true, 'javascript_charcode' => true, 'hex' => true, 'none' => true); + static $_allowed_encoding = [ + 'javascript' => true, + 'javascript_charcode' => true, + 'hex' => true, + 'none' => true + ]; + $extra = ''; if (empty($params[ 'address' ])) { trigger_error("mailto: missing 'address' parameter", E_USER_WARNING); @@ -57,19 +62,19 @@ function smarty_function_mailto($params) } else { $address = $params[ 'address' ]; } + $text = $address; + // netscape and mozilla do not decode %40 (@) in BCC field (bug?) // so, don't encode it. - $search = array('%40', '%2C'); - $replace = array('@', ','); - $mail_parms = array(); + $mail_parms = []; foreach ($params as $var => $value) { switch ($var) { case 'cc': case 'bcc': case 'followupto': if (!empty($value)) { - $mail_parms[] = $var . '=' . str_replace($search, $replace, rawurlencode($value)); + $mail_parms[] = $var . '=' . str_replace(['%40', '%2C'], ['@', ','], rawurlencode($value)); } break; case 'subject': @@ -83,6 +88,7 @@ function smarty_function_mailto($params) default: } } + if ($mail_parms) { $address .= '?' . join('&', $mail_parms); } @@ -94,19 +100,21 @@ function smarty_function_mailto($params) ); return; } + + $string = '<a href="mailto:' . htmlspecialchars($address, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, Smarty::$_CHARSET) . + '" ' . $extra . '>' . htmlspecialchars($text, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, Smarty::$_CHARSET) . '</a>'; + if ($encode === 'javascript') { - $string = '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>'; $js_encode = ''; for ($x = 0, $_length = strlen($string); $x < $_length; $x++) { $js_encode .= '%' . bin2hex($string[ $x ]); } return '<script type="text/javascript">document.write(unescape(\'' . $js_encode . '\'))</script>'; } elseif ($encode === 'javascript_charcode') { - $string = '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>'; for ($x = 0, $_length = strlen($string); $x < $_length; $x++) { $ord[] = ord($string[ $x ]); } - return '<script type="text/javascript">document.write(String.fromCharCode(' . implode(',', $ord) . '))</script>'; + return '<script type="text/javascript">document.write(String.fromCharCode(' . implode(',', $ord) . '))</script>'; } elseif ($encode === 'hex') { preg_match('!^(.*)(\?.*)$!', $address, $match); if (!empty($match[ 2 ])) { @@ -129,6 +137,6 @@ function smarty_function_mailto($params) return '<a href="' . $mailto . $address_encode . '" ' . $extra . '>' . $text_encode . '</a>'; } else { // no encoding - return '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>'; + return $string; } } diff --git a/vendor/smarty/smarty/libs/plugins/function.math.php b/vendor/smarty/smarty/libs/plugins/function.math.php index 8560e9441..f9cf67fe7 100644 --- a/vendor/smarty/smarty/libs/plugins/function.math.php +++ b/vendor/smarty/smarty/libs/plugins/function.math.php @@ -70,7 +70,7 @@ function smarty_function_math($params, $template) $number = '(?:\d+(?:[,.]\d+)?|pi|π)'; // What is a number $functionsOrVars = '((?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*))'; $operators = '[,+\/*\^%-]'; // Allowed math operators - $regexp = '/^(('.$number.'|'.$functionsOrVars.'|('.$functionsOrVars.'\s*\((?1)+\)|\((?1)+\)))(?:'.$operators.'(?1))?)+$/'; + $regexp = '/^(('.$number.'|'.$functionsOrVars.'|('.$functionsOrVars.'\s*\((?1)*\)|\((?1)*\)))(?:'.$operators.'(?1))?)+$/'; if (!preg_match($regexp, $equation)) { trigger_error("math: illegal characters", E_USER_WARNING); diff --git a/vendor/smarty/smarty/libs/plugins/modifier.capitalize.php b/vendor/smarty/smarty/libs/plugins/modifier.capitalize.php index c5fc400a6..b7da08980 100644 --- a/vendor/smarty/smarty/libs/plugins/modifier.capitalize.php +++ b/vendor/smarty/smarty/libs/plugins/modifier.capitalize.php @@ -22,6 +22,8 @@ */ function smarty_modifier_capitalize($string, $uc_digits = false, $lc_rest = false) { + $string = (string) $string; + if (Smarty::$_MBSTRING) { if ($lc_rest) { // uppercase (including hyphenated words) diff --git a/vendor/smarty/smarty/libs/plugins/modifier.explode.php b/vendor/smarty/smarty/libs/plugins/modifier.explode.php new file mode 100644 index 000000000..5186fde3d --- /dev/null +++ b/vendor/smarty/smarty/libs/plugins/modifier.explode.php @@ -0,0 +1,25 @@ +<?php +/** + * Smarty plugin + * + * @package Smarty + * @subpackage PluginsModifier + */ + +/** + * Smarty explode modifier plugin + * Type: modifier + * Name: explode + * Purpose: split a string by a string + * + * @param string $separator + * @param string $string + * @param int|null $limit + * + * @return array + */ +function smarty_modifier_explode($separator, $string, ?int $limit = null) +{ + // provide $string default to prevent deprecation errors in PHP >=8.1 + return explode($separator, $string ?? '', $limit ?? PHP_INT_MAX); +} diff --git a/vendor/smarty/smarty/libs/plugins/modifier.number_format.php b/vendor/smarty/smarty/libs/plugins/modifier.number_format.php new file mode 100644 index 000000000..8c612601f --- /dev/null +++ b/vendor/smarty/smarty/libs/plugins/modifier.number_format.php @@ -0,0 +1,26 @@ +<?php +/** + * Smarty plugin + * + * @package Smarty + * @subpackage PluginsModifier + */ + +/** + * Smarty number_format modifier plugin + * Type: modifier + * Name: number_format + * Purpose: Format a number with grouped thousands + * + * @param float|null $num + * @param int $decimals + * @param string|null $decimal_separator + * @param string|null $thousands_separator + * + * @return string + */ +function smarty_modifier_number_format(?float $num, int $decimals = 0, ?string $decimal_separator = ".", ?string $thousands_separator = ",") +{ + // provide $num default to prevent deprecation errors in PHP >=8.1 + return number_format($num ?? 0.0, $decimals, $decimal_separator, $thousands_separator); +} diff --git a/vendor/smarty/smarty/libs/plugins/modifiercompiler.unescape.php b/vendor/smarty/smarty/libs/plugins/modifiercompiler.unescape.php index 05beb81f5..3438fe3e0 100644 --- a/vendor/smarty/smarty/libs/plugins/modifiercompiler.unescape.php +++ b/vendor/smarty/smarty/libs/plugins/modifiercompiler.unescape.php @@ -14,20 +14,28 @@ * @author Rodney Rehm * * @param array $params parameters + * @param Smarty_Internal_TemplateCompilerBase $compiler * * @return string with compiled code */ -function smarty_modifiercompiler_unescape($params) +function smarty_modifiercompiler_unescape($params, Smarty_Internal_TemplateCompilerBase $compiler) { - if (!isset($params[ 1 ])) { - $params[ 1 ] = 'html'; - } + $compiler->template->_checkPlugins( + array( + array( + 'function' => 'smarty_literal_compiler_param', + 'file' => SMARTY_PLUGINS_DIR . 'shared.literal_compiler_param.php' + ) + ) + ); + + $esc_type = smarty_literal_compiler_param($params, 1, 'html'); + if (!isset($params[ 2 ])) { $params[ 2 ] = '\'' . addslashes(Smarty::$_CHARSET) . '\''; - } else { - $params[ 2 ] = "'{$params[ 2 ]}'"; } - switch (trim($params[ 1 ], '"\'')) { + + switch ($esc_type) { case 'entity': case 'htmlall': if (Smarty::$_MBSTRING) { diff --git a/vendor/smarty/smarty/libs/plugins/modifiercompiler.upper.php b/vendor/smarty/smarty/libs/plugins/modifiercompiler.upper.php index e12ae6769..31a90a055 100644 --- a/vendor/smarty/smarty/libs/plugins/modifiercompiler.upper.php +++ b/vendor/smarty/smarty/libs/plugins/modifiercompiler.upper.php @@ -21,8 +21,8 @@ function smarty_modifiercompiler_upper($params) { if (Smarty::$_MBSTRING) { - return 'mb_strtoupper(' . $params[ 0 ] . ', \'' . addslashes(Smarty::$_CHARSET) . '\')'; + return 'mb_strtoupper(' . $params[ 0 ] . ' ?? \'\', \'' . addslashes(Smarty::$_CHARSET) . '\')'; } // no MBString fallback - return 'strtoupper(' . $params[ 0 ] . ')'; + return 'strtoupper(' . $params[ 0 ] . ' ?? \'\')'; } diff --git a/vendor/smarty/smarty/libs/plugins/shared.mb_str_replace.php b/vendor/smarty/smarty/libs/plugins/shared.mb_str_replace.php index 226d9035d..7e85f7aae 100644 --- a/vendor/smarty/smarty/libs/plugins/shared.mb_str_replace.php +++ b/vendor/smarty/smarty/libs/plugins/shared.mb_str_replace.php @@ -44,9 +44,43 @@ if (!function_exists('smarty_mb_str_replace')) { } } } else { - $parts = mb_split(preg_quote($search), $subject) ?: array(); + $mb_reg_charset = mb_regex_encoding(); + // Check if mbstring regex is using UTF-8 + $reg_is_unicode = !strcasecmp($mb_reg_charset, "UTF-8"); + if(!$reg_is_unicode) { + // ...and set to UTF-8 if not + mb_regex_encoding("UTF-8"); + } + + // See if charset used by Smarty is matching one used by regex... + $current_charset = mb_regex_encoding(); + $convert_result = (bool)strcasecmp(Smarty::$_CHARSET, $current_charset); + if($convert_result) { + // ...convert to it if not. + $subject = mb_convert_encoding($subject, $current_charset, Smarty::$_CHARSET); + $search = mb_convert_encoding($search, $current_charset, Smarty::$_CHARSET); + $replace = mb_convert_encoding($replace, $current_charset, Smarty::$_CHARSET); + } + + $parts = mb_split(preg_quote($search), $subject ?? "") ?: array(); + // If original regex encoding was not unicode... + if(!$reg_is_unicode) { + // ...restore original regex encoding to avoid breaking the system. + mb_regex_encoding($mb_reg_charset); + } + if($parts === false) { + // This exception is thrown if call to mb_split failed. + // Usually it happens, when $search or $replace are not valid for given mb_regex_encoding(). + // There may be other cases for it to fail, please file an issue if you find a reproducible one. + throw new SmartyException("Source string is not a valid $current_charset sequence (probably)"); + } + $count = count($parts) - 1; $subject = implode($replace, $parts); + // Convert results back to charset used by Smarty, if needed. + if($convert_result) { + $subject = mb_convert_encoding($subject, Smarty::$_CHARSET, $current_charset); + } } return $subject; } diff --git a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_print_expression.php b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_print_expression.php index 23cae8aef..96bd37244 100644 --- a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_print_expression.php +++ b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_print_expression.php @@ -93,7 +93,7 @@ class Smarty_Internal_Compile_Private_Print_Expression extends Smarty_Internal_C } // autoescape html if ($compiler->template->smarty->escape_html) { - $output = "htmlspecialchars({$output}, ENT_QUOTES, '" . addslashes(Smarty::$_CHARSET) . "')"; + $output = "htmlspecialchars((string) {$output}, ENT_QUOTES, '" . addslashes(Smarty::$_CHARSET) . "')"; } // loop over registered filters if (!empty($compiler->template->smarty->registered_filters[ Smarty::FILTER_VARIABLE ])) { diff --git a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_runtime_writefile.php b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_runtime_writefile.php index 4383e6f38..18c149459 100644 --- a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_runtime_writefile.php +++ b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_runtime_writefile.php @@ -29,12 +29,7 @@ class Smarty_Internal_Runtime_WriteFile { $_error_reporting = error_reporting(); error_reporting($_error_reporting & ~E_NOTICE & ~E_WARNING); - $_file_perms = property_exists($smarty, '_file_perms') ? $smarty->_file_perms : 0644; - $_dir_perms = - property_exists($smarty, '_dir_perms') ? (isset($smarty->_dir_perms) ? $smarty->_dir_perms : 0777) : 0771; - if ($_file_perms !== null) { - $old_umask = umask(0); - } + $old_umask = umask(0); $_dirpath = dirname($_filepath); // if subdirs, create dir structure if ($_dirpath !== '.') { @@ -42,7 +37,7 @@ class Smarty_Internal_Runtime_WriteFile // loop if concurrency problem occurs // see https://bugs.php.net/bug.php?id=35326 while (!is_dir($_dirpath)) { - if (@mkdir($_dirpath, $_dir_perms, true)) { + if (@mkdir($_dirpath, 0771, true)) { break; } clearstatcache(); @@ -89,11 +84,9 @@ class Smarty_Internal_Runtime_WriteFile error_reporting($_error_reporting); throw new SmartyException("unable to write file {$_filepath}"); } - if ($_file_perms !== null) { - // set file permissions - chmod($_filepath, $_file_perms); - umask($old_umask); - } + // set file permissions + chmod($_filepath, 0644); + umask($old_umask); error_reporting($_error_reporting); return true; } diff --git a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php index bd500abe4..d6f86ac0a 100644 --- a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php +++ b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php @@ -422,9 +422,6 @@ abstract class Smarty_Internal_TemplateCompilerBase try { // save template object in compiler class $this->template = $template; - if (property_exists($this->template->smarty, 'plugin_search_order')) { - $this->plugin_search_order = $this->template->smarty->plugin_search_order; - } if ($this->smarty->debugging) { if (!isset($this->smarty->_debug)) { $this->smarty->_debug = new Smarty_Internal_Debug(); |