diff options
Diffstat (limited to 'vendor/smarty')
16 files changed, 90 insertions, 225 deletions
diff --git a/vendor/smarty/smarty/CHANGELOG.md b/vendor/smarty/smarty/CHANGELOG.md index 85fc91ec3..784cc09f5 100644 --- a/vendor/smarty/smarty/CHANGELOG.md +++ b/vendor/smarty/smarty/CHANGELOG.md @@ -6,30 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -## [4.2.1] - 2022-09-14 - -### Security -- Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks [#454](https://github.com/smarty-php/smarty/issues/454) - -### Fixed -- Fixed PHP8.1 deprecation errors in modifiers (upper, explode, number_format and replace) [#755](https://github.com/smarty-php/smarty/pull/755) and [#788](https://github.com/smarty-php/smarty/pull/788) -- Fixed PHP8.1 deprecation errors in capitalize modifier [#789](https://github.com/smarty-php/smarty/issues/789) -- Fixed use of `rand()` without a parameter in math function [#794](https://github.com/smarty-php/smarty/issues/794) -- Fixed unselected year/month/day not working in html_select_date [#395](https://github.com/smarty-php/smarty/issues/395) - -## [4.2.0] - 2022-08-01 - -### Fixed -- Fixed problems with smarty_mb_str_replace [#549](https://github.com/smarty-php/smarty/issues/549) -- Fixed second parameter of unescape modifier not working [#777](https://github.com/smarty-php/smarty/issues/777) - -### Changed -- Updated HTML of the debug template [#599](https://github.com/smarty-php/smarty/pull/599) - ## [4.1.1] - 2022-05-17 ### Security -- Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022-29221 +- Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022- ### Fixed - Exclude docs and demo from export and composer [#751](https://github.com/smarty-php/smarty/pull/751) diff --git a/vendor/smarty/smarty/SECURITY.md b/vendor/smarty/smarty/SECURITY.md index ae9d5dc8a..d98ea0189 100644 --- a/vendor/smarty/smarty/SECURITY.md +++ b/vendor/smarty/smarty/SECURITY.md @@ -2,7 +2,7 @@ ## Supported Versions -Smarty currently supports the latest minor version of Smarty 3 and Smarty 4. +Smarty currently supports the latest minor version of Smarty 3 and Smarty 4. (Smarty 4 has not been released yet.) | Version | Supported | | ------- | ------------------ | diff --git a/vendor/smarty/smarty/libs/Smarty.class.php b/vendor/smarty/smarty/libs/Smarty.class.php index 21beafdf0..820a1ebde 100644 --- a/vendor/smarty/smarty/libs/Smarty.class.php +++ b/vendor/smarty/smarty/libs/Smarty.class.php @@ -98,7 +98,7 @@ class Smarty extends Smarty_Internal_TemplateBase /** * smarty version */ - const SMARTY_VERSION = '4.2.1'; + const SMARTY_VERSION = '4.1.1'; /** * define variable scopes */ diff --git a/vendor/smarty/smarty/libs/debug.tpl b/vendor/smarty/smarty/libs/debug.tpl index 4f82a5820..edc7bef98 100644 --- a/vendor/smarty/smarty/libs/debug.tpl +++ b/vendor/smarty/smarty/libs/debug.tpl @@ -1,9 +1,9 @@ {capture name='_smarty_debug' assign=debug_output} - <!DOCTYPE html> - <html lang="en"> + <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> + <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>Smarty Debug Console</title> - <style> + <style type="text/css"> {literal} body, h1, h2, h3, td, th, p { font-family: sans-serif; @@ -31,7 +31,6 @@ padding: 2px; border-top: 1px solid black; } - h3 { text-align: left; font-weight: bold; @@ -68,11 +67,11 @@ color: green; } - tr:nth-child(odd) { + .odd { background-color: #eeeeee; } - tr:nth-child(even) { + .even { background-color: #fafafa; } @@ -85,16 +84,13 @@ color: black; font-weight: bold; } - #blue h3 { color: blue; } - #normal div { color: black; font-weight: normal; } - #table_assigned_vars th { color: blue; font-weight: bold; @@ -103,6 +99,7 @@ #table_config_vars th { color: maroon; } + {/literal} </style> </head> @@ -115,11 +112,11 @@ <h2>included templates & config files (load time in seconds)</h2> <div> {foreach $template_data as $template} - <span style="color: brown;">{$template.name}</span> - <br> <span class="exectime"> + <font color=brown>{$template.name}</font> + <br /> <span class="exectime"> (compile {$template['compile_time']|string_format:"%.5f"}) (render {$template['render_time']|string_format:"%.5f"}) (cache {$template['cache_time']|string_format:"%.5f"}) </span> - <br> + <br /> {/foreach} </div> {/if} @@ -128,22 +125,13 @@ <table id="table_assigned_vars"> {foreach $assigned_vars as $vars} - <tr> - <td> - <h3 style="color: blue;">${$vars@key}</h3> - {if isset($vars['nocache'])}<strong>Nocache</strong><br>{/if} - {if isset($vars['scope'])}<strong>Origin:</strong> {$vars['scope']|debug_print_var nofilter}{/if} - </td> - <td> - <h3>Value</h3> - {$vars['value']|debug_print_var:10:80 nofilter} - </td> - <td> - {if isset($vars['attributes'])} - <h3>Attributes</h3> - {$vars['attributes']|debug_print_var nofilter} - {/if} + <tr class="{if $vars@iteration % 2 eq 0}odd{else}even{/if}"> + <td><h3><font color=blue>${$vars@key}</font></h3> + {if isset($vars['nocache'])}<b>Nocache</b><br />{/if} + {if isset($vars['scope'])}<b>Origin:</b> {$vars['scope']|debug_print_var nofilter}{/if} </td> + <td><h3>Value</h3>{$vars['value']|debug_print_var:10:80 nofilter}</td> + <td>{if isset($vars['attributes'])}<h3>Attributes</h3>{$vars['attributes']|debug_print_var nofilter} {/if}</td> {/foreach} </table> @@ -151,14 +139,11 @@ <table id="table_config_vars"> {foreach $config_vars as $vars} - <tr> - <td> - <h3 style="color: blue;">#{$vars@key}#</h3> - {if isset($vars['scope'])}<strong>Origin:</strong> {$vars['scope']|debug_print_var nofilter}{/if} - </td> - <td> - {$vars['value']|debug_print_var:10:80 nofilter} + <tr class="{if $vars@iteration % 2 eq 0}odd{else}even{/if}"> + <td><h3><font color=blue>#{$vars@key}#</font></h3> + {if isset($vars['scope'])}<b>Origin:</b> {$vars['scope']|debug_print_var nofilter}{/if} </td> + <td>{$vars['value']|debug_print_var:10:80 nofilter}</td> </tr> {/foreach} diff --git a/vendor/smarty/smarty/libs/plugins/function.html_select_date.php b/vendor/smarty/smarty/libs/plugins/function.html_select_date.php index a396046b2..763fc60f9 100644 --- a/vendor/smarty/smarty/libs/plugins/function.html_select_date.php +++ b/vendor/smarty/smarty/libs/plugins/function.html_select_date.php @@ -101,7 +101,6 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem $field_separator = "\n"; $option_separator = "\n"; $time = null; - // $all_empty = null; // $day_empty = null; // $month_empty = null; @@ -114,7 +113,17 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem foreach ($params as $_key => $_value) { switch ($_key) { case 'time': - $$_key = $_value; // we'll handle conversion below + if (!is_array($_value) && $_value !== null) { + $template->_checkPlugins( + array( + array( + 'function' => 'smarty_make_timestamp', + 'file' => SMARTY_PLUGINS_DIR . 'shared.make_timestamp.php' + ) + ) + ); + $time = smarty_make_timestamp($_value); + } break; case 'month_names': if (is_array($_value) && count($_value) === 12) { @@ -169,59 +178,43 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem } // Note: date() is faster than strftime() // Note: explode(date()) is faster than date() date() date() - - if (isset($time) && is_array($time)) { - if (isset($time[$prefix . 'Year'])) { + if (isset($params[ 'time' ]) && is_array($params[ 'time' ])) { + if (isset($params[ 'time' ][ $prefix . 'Year' ])) { // $_REQUEST[$field_array] given - foreach ([ - 'Y' => 'Year', - 'm' => 'Month', - 'd' => 'Day' - ] as $_elementKey => $_elementName) { + foreach (array( + 'Y' => 'Year', + 'm' => 'Month', + 'd' => 'Day' + ) as $_elementKey => $_elementName) { $_variableName = '_' . strtolower($_elementName); $$_variableName = - isset($time[$prefix . $_elementName]) ? $time[$prefix . $_elementName] : + isset($params[ 'time' ][ $prefix . $_elementName ]) ? $params[ 'time' ][ $prefix . $_elementName ] : date($_elementKey); } - } elseif (isset($time[$field_array][$prefix . 'Year'])) { + } elseif (isset($params[ 'time' ][ $field_array ][ $prefix . 'Year' ])) { // $_REQUEST given - foreach ([ - 'Y' => 'Year', - 'm' => 'Month', - 'd' => 'Day' - ] as $_elementKey => $_elementName) { + foreach (array( + 'Y' => 'Year', + 'm' => 'Month', + 'd' => 'Day' + ) as $_elementKey => $_elementName) { $_variableName = '_' . strtolower($_elementName); - $$_variableName = isset($time[$field_array][$prefix . $_elementName]) ? - $time[$field_array][$prefix . $_elementName] : date($_elementKey); + $$_variableName = isset($params[ 'time' ][ $field_array ][ $prefix . $_elementName ]) ? + $params[ 'time' ][ $field_array ][ $prefix . $_elementName ] : date($_elementKey); } } else { // no date found, use NOW - [$_year, $_month, $_day] = explode('-', date('Y-m-d')); + list($_year, $_month, $_day) = $time = explode('-', date('Y-m-d')); } - } elseif (isset($time) && preg_match("/(\d*)-(\d*)-(\d*)/", $time, $matches)) { - $_year = $_month = $_day = null; - if ($matches[1] > '') $_year = (int) $matches[1]; - if ($matches[2] > '') $_month = (int) $matches[2]; - if ($matches[3] > '') $_day = (int) $matches[3]; } elseif ($time === null) { if (array_key_exists('time', $params)) { - $_year = $_month = $_day = null; + $_year = $_month = $_day = $time = null; } else { - [$_year, $_month, $_day] = explode('-', date('Y-m-d')); + list($_year, $_month, $_day) = $time = explode('-', date('Y-m-d')); } } else { - $template->_checkPlugins( - array( - array( - 'function' => 'smarty_make_timestamp', - 'file' => SMARTY_PLUGINS_DIR . 'shared.make_timestamp.php' - ) - ) - ); - $time = smarty_make_timestamp($time); - [$_year, $_month, $_day] = explode('-', date('Y-m-d', $time)); + list($_year, $_month, $_day) = $time = explode('-', date('Y-m-d', $time)); } - // make syntax "+N" or "-N" work with $start_year and $end_year // Note preg_match('!^(\+|\-)\s*(\d+)$!', $end_year, $match) is slower than trim+substr foreach (array( diff --git a/vendor/smarty/smarty/libs/plugins/function.mailto.php b/vendor/smarty/smarty/libs/plugins/function.mailto.php index 671ac0694..834d0535a 100644 --- a/vendor/smarty/smarty/libs/plugins/function.mailto.php +++ b/vendor/smarty/smarty/libs/plugins/function.mailto.php @@ -48,13 +48,8 @@ */ function smarty_function_mailto($params) { - static $_allowed_encoding = [ - 'javascript' => true, - 'javascript_charcode' => true, - 'hex' => true, - 'none' => true - ]; - + static $_allowed_encoding = + array('javascript' => true, 'javascript_charcode' => true, 'hex' => true, 'none' => true); $extra = ''; if (empty($params[ 'address' ])) { trigger_error("mailto: missing 'address' parameter", E_USER_WARNING); @@ -62,19 +57,19 @@ function smarty_function_mailto($params) } else { $address = $params[ 'address' ]; } - $text = $address; - // netscape and mozilla do not decode %40 (@) in BCC field (bug?) // so, don't encode it. - $mail_parms = []; + $search = array('%40', '%2C'); + $replace = array('@', ','); + $mail_parms = array(); foreach ($params as $var => $value) { switch ($var) { case 'cc': case 'bcc': case 'followupto': if (!empty($value)) { - $mail_parms[] = $var . '=' . str_replace(['%40', '%2C'], ['@', ','], rawurlencode($value)); + $mail_parms[] = $var . '=' . str_replace($search, $replace, rawurlencode($value)); } break; case 'subject': @@ -88,7 +83,6 @@ function smarty_function_mailto($params) default: } } - if ($mail_parms) { $address .= '?' . join('&', $mail_parms); } @@ -100,21 +94,19 @@ function smarty_function_mailto($params) ); return; } - - $string = '<a href="mailto:' . htmlspecialchars($address, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, Smarty::$_CHARSET) . - '" ' . $extra . '>' . htmlspecialchars($text, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, Smarty::$_CHARSET) . '</a>'; - if ($encode === 'javascript') { + $string = '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>'; $js_encode = ''; for ($x = 0, $_length = strlen($string); $x < $_length; $x++) { $js_encode .= '%' . bin2hex($string[ $x ]); } return '<script type="text/javascript">document.write(unescape(\'' . $js_encode . '\'))</script>'; } elseif ($encode === 'javascript_charcode') { + $string = '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>'; for ($x = 0, $_length = strlen($string); $x < $_length; $x++) { $ord[] = ord($string[ $x ]); } - return '<script type="text/javascript">document.write(String.fromCharCode(' . implode(',', $ord) . '))</script>'; + return '<script type="text/javascript">document.write(String.fromCharCode(' . implode(',', $ord) . '))</script>'; } elseif ($encode === 'hex') { preg_match('!^(.*)(\?.*)$!', $address, $match); if (!empty($match[ 2 ])) { @@ -137,6 +129,6 @@ function smarty_function_mailto($params) return '<a href="' . $mailto . $address_encode . '" ' . $extra . '>' . $text_encode . '</a>'; } else { // no encoding - return $string; + return '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>'; } } diff --git a/vendor/smarty/smarty/libs/plugins/function.math.php b/vendor/smarty/smarty/libs/plugins/function.math.php index f9cf67fe7..8560e9441 100644 --- a/vendor/smarty/smarty/libs/plugins/function.math.php +++ b/vendor/smarty/smarty/libs/plugins/function.math.php @@ -70,7 +70,7 @@ function smarty_function_math($params, $template) $number = '(?:\d+(?:[,.]\d+)?|pi|π)'; // What is a number $functionsOrVars = '((?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*))'; $operators = '[,+\/*\^%-]'; // Allowed math operators - $regexp = '/^(('.$number.'|'.$functionsOrVars.'|('.$functionsOrVars.'\s*\((?1)*\)|\((?1)*\)))(?:'.$operators.'(?1))?)+$/'; + $regexp = '/^(('.$number.'|'.$functionsOrVars.'|('.$functionsOrVars.'\s*\((?1)+\)|\((?1)+\)))(?:'.$operators.'(?1))?)+$/'; if (!preg_match($regexp, $equation)) { trigger_error("math: illegal characters", E_USER_WARNING); diff --git a/vendor/smarty/smarty/libs/plugins/modifier.capitalize.php b/vendor/smarty/smarty/libs/plugins/modifier.capitalize.php index b7da08980..c5fc400a6 100644 --- a/vendor/smarty/smarty/libs/plugins/modifier.capitalize.php +++ b/vendor/smarty/smarty/libs/plugins/modifier.capitalize.php @@ -22,8 +22,6 @@ */ function smarty_modifier_capitalize($string, $uc_digits = false, $lc_rest = false) { - $string = (string) $string; - if (Smarty::$_MBSTRING) { if ($lc_rest) { // uppercase (including hyphenated words) diff --git a/vendor/smarty/smarty/libs/plugins/modifier.explode.php b/vendor/smarty/smarty/libs/plugins/modifier.explode.php deleted file mode 100644 index 5186fde3d..000000000 --- a/vendor/smarty/smarty/libs/plugins/modifier.explode.php +++ /dev/null @@ -1,25 +0,0 @@ -<?php -/** - * Smarty plugin - * - * @package Smarty - * @subpackage PluginsModifier - */ - -/** - * Smarty explode modifier plugin - * Type: modifier - * Name: explode - * Purpose: split a string by a string - * - * @param string $separator - * @param string $string - * @param int|null $limit - * - * @return array - */ -function smarty_modifier_explode($separator, $string, ?int $limit = null) -{ - // provide $string default to prevent deprecation errors in PHP >=8.1 - return explode($separator, $string ?? '', $limit ?? PHP_INT_MAX); -} diff --git a/vendor/smarty/smarty/libs/plugins/modifier.number_format.php b/vendor/smarty/smarty/libs/plugins/modifier.number_format.php deleted file mode 100644 index 8c612601f..000000000 --- a/vendor/smarty/smarty/libs/plugins/modifier.number_format.php +++ /dev/null @@ -1,26 +0,0 @@ -<?php -/** - * Smarty plugin - * - * @package Smarty - * @subpackage PluginsModifier - */ - -/** - * Smarty number_format modifier plugin - * Type: modifier - * Name: number_format - * Purpose: Format a number with grouped thousands - * - * @param float|null $num - * @param int $decimals - * @param string|null $decimal_separator - * @param string|null $thousands_separator - * - * @return string - */ -function smarty_modifier_number_format(?float $num, int $decimals = 0, ?string $decimal_separator = ".", ?string $thousands_separator = ",") -{ - // provide $num default to prevent deprecation errors in PHP >=8.1 - return number_format($num ?? 0.0, $decimals, $decimal_separator, $thousands_separator); -} diff --git a/vendor/smarty/smarty/libs/plugins/modifiercompiler.unescape.php b/vendor/smarty/smarty/libs/plugins/modifiercompiler.unescape.php index 3438fe3e0..05beb81f5 100644 --- a/vendor/smarty/smarty/libs/plugins/modifiercompiler.unescape.php +++ b/vendor/smarty/smarty/libs/plugins/modifiercompiler.unescape.php @@ -14,28 +14,20 @@ * @author Rodney Rehm * * @param array $params parameters - * @param Smarty_Internal_TemplateCompilerBase $compiler * * @return string with compiled code */ -function smarty_modifiercompiler_unescape($params, Smarty_Internal_TemplateCompilerBase $compiler) +function smarty_modifiercompiler_unescape($params) { - $compiler->template->_checkPlugins( - array( - array( - 'function' => 'smarty_literal_compiler_param', - 'file' => SMARTY_PLUGINS_DIR . 'shared.literal_compiler_param.php' - ) - ) - ); - - $esc_type = smarty_literal_compiler_param($params, 1, 'html'); - + if (!isset($params[ 1 ])) { + $params[ 1 ] = 'html'; + } if (!isset($params[ 2 ])) { $params[ 2 ] = '\'' . addslashes(Smarty::$_CHARSET) . '\''; + } else { + $params[ 2 ] = "'{$params[ 2 ]}'"; } - - switch ($esc_type) { + switch (trim($params[ 1 ], '"\'')) { case 'entity': case 'htmlall': if (Smarty::$_MBSTRING) { diff --git a/vendor/smarty/smarty/libs/plugins/modifiercompiler.upper.php b/vendor/smarty/smarty/libs/plugins/modifiercompiler.upper.php index 31a90a055..e12ae6769 100644 --- a/vendor/smarty/smarty/libs/plugins/modifiercompiler.upper.php +++ b/vendor/smarty/smarty/libs/plugins/modifiercompiler.upper.php @@ -21,8 +21,8 @@ function smarty_modifiercompiler_upper($params) { if (Smarty::$_MBSTRING) { - return 'mb_strtoupper(' . $params[ 0 ] . ' ?? \'\', \'' . addslashes(Smarty::$_CHARSET) . '\')'; + return 'mb_strtoupper(' . $params[ 0 ] . ', \'' . addslashes(Smarty::$_CHARSET) . '\')'; } // no MBString fallback - return 'strtoupper(' . $params[ 0 ] . ' ?? \'\')'; + return 'strtoupper(' . $params[ 0 ] . ')'; } diff --git a/vendor/smarty/smarty/libs/plugins/shared.mb_str_replace.php b/vendor/smarty/smarty/libs/plugins/shared.mb_str_replace.php index 7e85f7aae..226d9035d 100644 --- a/vendor/smarty/smarty/libs/plugins/shared.mb_str_replace.php +++ b/vendor/smarty/smarty/libs/plugins/shared.mb_str_replace.php @@ -44,43 +44,9 @@ if (!function_exists('smarty_mb_str_replace')) { } } } else { - $mb_reg_charset = mb_regex_encoding(); - // Check if mbstring regex is using UTF-8 - $reg_is_unicode = !strcasecmp($mb_reg_charset, "UTF-8"); - if(!$reg_is_unicode) { - // ...and set to UTF-8 if not - mb_regex_encoding("UTF-8"); - } - - // See if charset used by Smarty is matching one used by regex... - $current_charset = mb_regex_encoding(); - $convert_result = (bool)strcasecmp(Smarty::$_CHARSET, $current_charset); - if($convert_result) { - // ...convert to it if not. - $subject = mb_convert_encoding($subject, $current_charset, Smarty::$_CHARSET); - $search = mb_convert_encoding($search, $current_charset, Smarty::$_CHARSET); - $replace = mb_convert_encoding($replace, $current_charset, Smarty::$_CHARSET); - } - - $parts = mb_split(preg_quote($search), $subject ?? "") ?: array(); - // If original regex encoding was not unicode... - if(!$reg_is_unicode) { - // ...restore original regex encoding to avoid breaking the system. - mb_regex_encoding($mb_reg_charset); - } - if($parts === false) { - // This exception is thrown if call to mb_split failed. - // Usually it happens, when $search or $replace are not valid for given mb_regex_encoding(). - // There may be other cases for it to fail, please file an issue if you find a reproducible one. - throw new SmartyException("Source string is not a valid $current_charset sequence (probably)"); - } - + $parts = mb_split(preg_quote($search), $subject) ?: array(); $count = count($parts) - 1; $subject = implode($replace, $parts); - // Convert results back to charset used by Smarty, if needed. - if($convert_result) { - $subject = mb_convert_encoding($subject, Smarty::$_CHARSET, $current_charset); - } } return $subject; } diff --git a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_print_expression.php b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_print_expression.php index 96bd37244..23cae8aef 100644 --- a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_print_expression.php +++ b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_print_expression.php @@ -93,7 +93,7 @@ class Smarty_Internal_Compile_Private_Print_Expression extends Smarty_Internal_C } // autoescape html if ($compiler->template->smarty->escape_html) { - $output = "htmlspecialchars((string) {$output}, ENT_QUOTES, '" . addslashes(Smarty::$_CHARSET) . "')"; + $output = "htmlspecialchars({$output}, ENT_QUOTES, '" . addslashes(Smarty::$_CHARSET) . "')"; } // loop over registered filters if (!empty($compiler->template->smarty->registered_filters[ Smarty::FILTER_VARIABLE ])) { diff --git a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_runtime_writefile.php b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_runtime_writefile.php index 18c149459..4383e6f38 100644 --- a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_runtime_writefile.php +++ b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_runtime_writefile.php @@ -29,7 +29,12 @@ class Smarty_Internal_Runtime_WriteFile { $_error_reporting = error_reporting(); error_reporting($_error_reporting & ~E_NOTICE & ~E_WARNING); - $old_umask = umask(0); + $_file_perms = property_exists($smarty, '_file_perms') ? $smarty->_file_perms : 0644; + $_dir_perms = + property_exists($smarty, '_dir_perms') ? (isset($smarty->_dir_perms) ? $smarty->_dir_perms : 0777) : 0771; + if ($_file_perms !== null) { + $old_umask = umask(0); + } $_dirpath = dirname($_filepath); // if subdirs, create dir structure if ($_dirpath !== '.') { @@ -37,7 +42,7 @@ class Smarty_Internal_Runtime_WriteFile // loop if concurrency problem occurs // see https://bugs.php.net/bug.php?id=35326 while (!is_dir($_dirpath)) { - if (@mkdir($_dirpath, 0771, true)) { + if (@mkdir($_dirpath, $_dir_perms, true)) { break; } clearstatcache(); @@ -84,9 +89,11 @@ class Smarty_Internal_Runtime_WriteFile error_reporting($_error_reporting); throw new SmartyException("unable to write file {$_filepath}"); } - // set file permissions - chmod($_filepath, 0644); - umask($old_umask); + if ($_file_perms !== null) { + // set file permissions + chmod($_filepath, $_file_perms); + umask($old_umask); + } error_reporting($_error_reporting); return true; } diff --git a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php index d6f86ac0a..bd500abe4 100644 --- a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php +++ b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php @@ -422,6 +422,9 @@ abstract class Smarty_Internal_TemplateCompilerBase try { // save template object in compiler class $this->template = $template; + if (property_exists($this->template->smarty, 'plugin_search_order')) { + $this->plugin_search_order = $this->template->smarty->plugin_search_order; + } if ($this->smarty->debugging) { if (!isset($this->smarty->_debug)) { $this->smarty->_debug = new Smarty_Internal_Debug(); |