From 4070c46d157918a01e2a34820985a64fee4e99f0 Mon Sep 17 00:00:00 2001 From: Mario Date: Tue, 11 Oct 2022 19:20:46 +0000 Subject: composer update smarty --- vendor/composer/installed.json | 14 ++--- vendor/composer/installed.php | 10 ++-- vendor/smarty/smarty/CHANGELOG.md | 22 ++++++- vendor/smarty/smarty/SECURITY.md | 2 +- vendor/smarty/smarty/libs/Smarty.class.php | 2 +- vendor/smarty/smarty/libs/debug.tpl | 53 +++++++++++------ .../libs/plugins/function.html_select_date.php | 69 ++++++++++++---------- .../smarty/smarty/libs/plugins/function.mailto.php | 28 +++++---- .../smarty/smarty/libs/plugins/function.math.php | 2 +- .../smarty/libs/plugins/modifier.capitalize.php | 2 + .../smarty/libs/plugins/modifier.explode.php | 25 ++++++++ .../smarty/libs/plugins/modifier.number_format.php | 26 ++++++++ .../libs/plugins/modifiercompiler.unescape.php | 22 ++++--- .../smarty/libs/plugins/modifiercompiler.upper.php | 4 +- .../smarty/libs/plugins/shared.mb_str_replace.php | 36 ++++++++++- ...y_internal_compile_private_print_expression.php | 2 +- .../smarty_internal_runtime_writefile.php | 17 ++---- .../smarty_internal_templatecompilerbase.php | 3 - 18 files changed, 237 insertions(+), 102 deletions(-) create mode 100644 vendor/smarty/smarty/libs/plugins/modifier.explode.php create mode 100644 vendor/smarty/smarty/libs/plugins/modifier.number_format.php (limited to 'vendor') diff --git a/vendor/composer/installed.json b/vendor/composer/installed.json index 5afb1aada..f4093ccdf 100644 --- a/vendor/composer/installed.json +++ b/vendor/composer/installed.json @@ -1551,17 +1551,17 @@ }, { "name": "smarty/smarty", - "version": "v4.1.1", - "version_normalized": "4.1.1.0", + "version": "v4.2.1", + "version_normalized": "4.2.1.0", "source": { "type": "git", "url": "https://github.com/smarty-php/smarty.git", - "reference": "71036be8be02bf93735c47b0b745f722efbc729f" + "reference": "ffa2b81a8e354a49fd8a2f24742dc9dc399e8007" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/smarty-php/smarty/zipball/71036be8be02bf93735c47b0b745f722efbc729f", - "reference": "71036be8be02bf93735c47b0b745f722efbc729f", + "url": "https://api.github.com/repos/smarty-php/smarty/zipball/ffa2b81a8e354a49fd8a2f24742dc9dc399e8007", + "reference": "ffa2b81a8e354a49fd8a2f24742dc9dc399e8007", "shasum": "" }, "require": { @@ -1571,7 +1571,7 @@ "phpunit/phpunit": "^8.5 || ^7.5", "smarty/smarty-lexer": "^3.1" }, - "time": "2022-05-17T12:56:28+00:00", + "time": "2022-09-14T10:59:01+00:00", "type": "library", "extra": { "branch-alias": { @@ -1614,7 +1614,7 @@ "support": { "forum": "https://github.com/smarty-php/smarty/discussions", "issues": "https://github.com/smarty-php/smarty/issues", - "source": "https://github.com/smarty-php/smarty/tree/v4.1.1" + "source": "https://github.com/smarty-php/smarty/tree/v4.2.1" }, "install-path": "../smarty/smarty" }, diff --git a/vendor/composer/installed.php b/vendor/composer/installed.php index b287e2557..468419cfe 100644 --- a/vendor/composer/installed.php +++ b/vendor/composer/installed.php @@ -3,7 +3,7 @@ 'name' => 'zotlabs/hubzilla', 'pretty_version' => 'dev-master', 'version' => 'dev-master', - 'reference' => '10ba98c4f5ec4efe6272516de47f0ce128ef2902', + 'reference' => 'a749db8d0f216491cfefb3849891d93f89b775f7', 'type' => 'application', 'install_path' => __DIR__ . '/../../', 'aliases' => array(), @@ -215,9 +215,9 @@ 'dev_requirement' => false, ), 'smarty/smarty' => array( - 'pretty_version' => 'v4.1.1', - 'version' => '4.1.1.0', - 'reference' => '71036be8be02bf93735c47b0b745f722efbc729f', + 'pretty_version' => 'v4.2.1', + 'version' => '4.2.1.0', + 'reference' => 'ffa2b81a8e354a49fd8a2f24742dc9dc399e8007', 'type' => 'library', 'install_path' => __DIR__ . '/../smarty/smarty', 'aliases' => array(), @@ -268,7 +268,7 @@ 'zotlabs/hubzilla' => array( 'pretty_version' => 'dev-master', 'version' => 'dev-master', - 'reference' => '10ba98c4f5ec4efe6272516de47f0ce128ef2902', + 'reference' => 'a749db8d0f216491cfefb3849891d93f89b775f7', 'type' => 'application', 'install_path' => __DIR__ . '/../../', 'aliases' => array(), diff --git a/vendor/smarty/smarty/CHANGELOG.md b/vendor/smarty/smarty/CHANGELOG.md index 784cc09f5..85fc91ec3 100644 --- a/vendor/smarty/smarty/CHANGELOG.md +++ b/vendor/smarty/smarty/CHANGELOG.md @@ -6,10 +6,30 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [4.2.1] - 2022-09-14 + +### Security +- Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks [#454](https://github.com/smarty-php/smarty/issues/454) + +### Fixed +- Fixed PHP8.1 deprecation errors in modifiers (upper, explode, number_format and replace) [#755](https://github.com/smarty-php/smarty/pull/755) and [#788](https://github.com/smarty-php/smarty/pull/788) +- Fixed PHP8.1 deprecation errors in capitalize modifier [#789](https://github.com/smarty-php/smarty/issues/789) +- Fixed use of `rand()` without a parameter in math function [#794](https://github.com/smarty-php/smarty/issues/794) +- Fixed unselected year/month/day not working in html_select_date [#395](https://github.com/smarty-php/smarty/issues/395) + +## [4.2.0] - 2022-08-01 + +### Fixed +- Fixed problems with smarty_mb_str_replace [#549](https://github.com/smarty-php/smarty/issues/549) +- Fixed second parameter of unescape modifier not working [#777](https://github.com/smarty-php/smarty/issues/777) + +### Changed +- Updated HTML of the debug template [#599](https://github.com/smarty-php/smarty/pull/599) + ## [4.1.1] - 2022-05-17 ### Security -- Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022- +- Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022-29221 ### Fixed - Exclude docs and demo from export and composer [#751](https://github.com/smarty-php/smarty/pull/751) diff --git a/vendor/smarty/smarty/SECURITY.md b/vendor/smarty/smarty/SECURITY.md index d98ea0189..ae9d5dc8a 100644 --- a/vendor/smarty/smarty/SECURITY.md +++ b/vendor/smarty/smarty/SECURITY.md @@ -2,7 +2,7 @@ ## Supported Versions -Smarty currently supports the latest minor version of Smarty 3 and Smarty 4. (Smarty 4 has not been released yet.) +Smarty currently supports the latest minor version of Smarty 3 and Smarty 4. | Version | Supported | | ------- | ------------------ | diff --git a/vendor/smarty/smarty/libs/Smarty.class.php b/vendor/smarty/smarty/libs/Smarty.class.php index 820a1ebde..21beafdf0 100644 --- a/vendor/smarty/smarty/libs/Smarty.class.php +++ b/vendor/smarty/smarty/libs/Smarty.class.php @@ -98,7 +98,7 @@ class Smarty extends Smarty_Internal_TemplateBase /** * smarty version */ - const SMARTY_VERSION = '4.1.1'; + const SMARTY_VERSION = '4.2.1'; /** * define variable scopes */ diff --git a/vendor/smarty/smarty/libs/debug.tpl b/vendor/smarty/smarty/libs/debug.tpl index edc7bef98..4f82a5820 100644 --- a/vendor/smarty/smarty/libs/debug.tpl +++ b/vendor/smarty/smarty/libs/debug.tpl @@ -1,9 +1,9 @@ {capture name='_smarty_debug' assign=debug_output} - - + + Smarty Debug Console - @@ -112,11 +115,11 @@

included templates & config files (load time in seconds)

{foreach $template_data as $template} - {$template.name} -
   + {$template.name} +
   (compile {$template['compile_time']|string_format:"%.5f"}) (render {$template['render_time']|string_format:"%.5f"}) (cache {$template['cache_time']|string_format:"%.5f"}) -
+
{/foreach}
{/if} @@ -125,13 +128,22 @@ {foreach $assigned_vars as $vars} - - + + + - - {/foreach}

${$vars@key}

- {if isset($vars['nocache'])}Nocache
{/if} - {if isset($vars['scope'])}Origin: {$vars['scope']|debug_print_var nofilter}{/if} +
+

${$vars@key}

+ {if isset($vars['nocache'])}Nocache
{/if} + {if isset($vars['scope'])}Origin: {$vars['scope']|debug_print_var nofilter}{/if} + 		+

Value

+ {$vars['value']|debug_print_var:10:80 nofilter} + 		+ {if isset($vars['attributes'])} +

Attributes

+ {$vars['attributes']|debug_print_var nofilter} + {/if}

Value

{$vars['value']|debug_print_var:10:80 nofilter}		{if isset($vars['attributes'])}

Attributes

{$vars['attributes']|debug_print_var nofilter} {/if}
@@ -139,11 +151,14 @@ {foreach $config_vars as $vars} - - + + - {/foreach} diff --git a/vendor/smarty/smarty/libs/plugins/function.html_select_date.php b/vendor/smarty/smarty/libs/plugins/function.html_select_date.php index 763fc60f9..a396046b2 100644 --- a/vendor/smarty/smarty/libs/plugins/function.html_select_date.php +++ b/vendor/smarty/smarty/libs/plugins/function.html_select_date.php @@ -101,6 +101,7 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem $field_separator = "\n"; $option_separator = "\n"; $time = null; + // $all_empty = null; // $day_empty = null; // $month_empty = null; @@ -113,17 +114,7 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem foreach ($params as $_key => $_value) { switch ($_key) { case 'time': - if (!is_array($_value) && $_value !== null) { - $template->_checkPlugins( - array( - array( - 'function' => 'smarty_make_timestamp', - 'file' => SMARTY_PLUGINS_DIR . 'shared.make_timestamp.php' - ) - ) - ); - $time = smarty_make_timestamp($_value); - } + $$_key = $_value; // we'll handle conversion below break; case 'month_names': if (is_array($_value) && count($_value) === 12) { @@ -178,43 +169,59 @@ function smarty_function_html_select_date($params, Smarty_Internal_Template $tem } // Note: date() is faster than strftime() // Note: explode(date()) is faster than date() date() date() - if (isset($params[ 'time' ]) && is_array($params[ 'time' ])) { - if (isset($params[ 'time' ][ $prefix . 'Year' ])) { + + if (isset($time) && is_array($time)) { + if (isset($time[$prefix . 'Year'])) { // $_REQUEST[$field_array] given - foreach (array( - 'Y' => 'Year', - 'm' => 'Month', - 'd' => 'Day' - ) as $_elementKey => $_elementName) { + foreach ([ + 'Y' => 'Year', + 'm' => 'Month', + 'd' => 'Day' + ] as $_elementKey => $_elementName) { $_variableName = '_' . strtolower($_elementName); $$_variableName = - isset($params[ 'time' ][ $prefix . $_elementName ]) ? $params[ 'time' ][ $prefix . $_elementName ] : + isset($time[$prefix . $_elementName]) ? $time[$prefix . $_elementName] : date($_elementKey); } - } elseif (isset($params[ 'time' ][ $field_array ][ $prefix . 'Year' ])) { + } elseif (isset($time[$field_array][$prefix . 'Year'])) { // $_REQUEST given - foreach (array( - 'Y' => 'Year', - 'm' => 'Month', - 'd' => 'Day' - ) as $_elementKey => $_elementName) { + foreach ([ + 'Y' => 'Year', + 'm' => 'Month', + 'd' => 'Day' + ] as $_elementKey => $_elementName) { $_variableName = '_' . strtolower($_elementName); - $$_variableName = isset($params[ 'time' ][ $field_array ][ $prefix . $_elementName ]) ? - $params[ 'time' ][ $field_array ][ $prefix . $_elementName ] : date($_elementKey); + $$_variableName = isset($time[$field_array][$prefix . $_elementName]) ? + $time[$field_array][$prefix . $_elementName] : date($_elementKey); } } else { // no date found, use NOW - list($_year, $_month, $_day) = $time = explode('-', date('Y-m-d')); + [$_year, $_month, $_day] = explode('-', date('Y-m-d')); } + } elseif (isset($time) && preg_match("/(\d*)-(\d*)-(\d*)/", $time, $matches)) { + $_year = $_month = $_day = null; + if ($matches[1] > '') $_year = (int) $matches[1]; + if ($matches[2] > '') $_month = (int) $matches[2]; + if ($matches[3] > '') $_day = (int) $matches[3]; } elseif ($time === null) { if (array_key_exists('time', $params)) { - $_year = $_month = $_day = $time = null; + $_year = $_month = $_day = null; } else { - list($_year, $_month, $_day) = $time = explode('-', date('Y-m-d')); + [$_year, $_month, $_day] = explode('-', date('Y-m-d')); } } else { - list($_year, $_month, $_day) = $time = explode('-', date('Y-m-d', $time)); + $template->_checkPlugins( + array( + array( + 'function' => 'smarty_make_timestamp', + 'file' => SMARTY_PLUGINS_DIR . 'shared.make_timestamp.php' + ) + ) + ); + $time = smarty_make_timestamp($time); + [$_year, $_month, $_day] = explode('-', date('Y-m-d', $time)); } + // make syntax "+N" or "-N" work with $start_year and $end_year // Note preg_match('!^(\+|\-)\s*(\d+)$!', $end_year, $match) is slower than trim+substr foreach (array( diff --git a/vendor/smarty/smarty/libs/plugins/function.mailto.php b/vendor/smarty/smarty/libs/plugins/function.mailto.php index 834d0535a..671ac0694 100644 --- a/vendor/smarty/smarty/libs/plugins/function.mailto.php +++ b/vendor/smarty/smarty/libs/plugins/function.mailto.php @@ -48,8 +48,13 @@ */ function smarty_function_mailto($params) { - static $_allowed_encoding = - array('javascript' => true, 'javascript_charcode' => true, 'hex' => true, 'none' => true); + static $_allowed_encoding = [ + 'javascript' => true, + 'javascript_charcode' => true, + 'hex' => true, + 'none' => true + ]; + $extra = ''; if (empty($params[ 'address' ])) { trigger_error("mailto: missing 'address' parameter", E_USER_WARNING); @@ -57,19 +62,19 @@ function smarty_function_mailto($params) } else { $address = $params[ 'address' ]; } + $text = $address; + // netscape and mozilla do not decode %40 (@) in BCC field (bug?) // so, don't encode it. - $search = array('%40', '%2C'); - $replace = array('@', ','); - $mail_parms = array(); + $mail_parms = []; foreach ($params as $var => $value) { switch ($var) { case 'cc': case 'bcc': case 'followupto': if (!empty($value)) { - $mail_parms[] = $var . '=' . str_replace($search, $replace, rawurlencode($value)); + $mail_parms[] = $var . '=' . str_replace(['%40', '%2C'], ['@', ','], rawurlencode($value)); } break; case 'subject': @@ -83,6 +88,7 @@ function smarty_function_mailto($params) default: } } + if ($mail_parms) { $address .= '?' . join('&', $mail_parms); } @@ -94,19 +100,21 @@ function smarty_function_mailto($params) ); return; } + + $string = '' . htmlspecialchars($text, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401, Smarty::$_CHARSET) . ''; + if ($encode === 'javascript') { - $string = '' . $text . ''; $js_encode = ''; for ($x = 0, $_length = strlen($string); $x < $_length; $x++) { $js_encode .= '%' . bin2hex($string[ $x ]); } return ''; } elseif ($encode === 'javascript_charcode') { - $string = '' . $text . ''; for ($x = 0, $_length = strlen($string); $x < $_length; $x++) { $ord[] = ord($string[ $x ]); } - return ''; + return ''; } elseif ($encode === 'hex') { preg_match('!^(.*)(\?.*)$!', $address, $match); if (!empty($match[ 2 ])) { @@ -129,6 +137,6 @@ function smarty_function_mailto($params) return '' . $text_encode . ''; } else { // no encoding - return '' . $text . ''; + return $string; } } diff --git a/vendor/smarty/smarty/libs/plugins/function.math.php b/vendor/smarty/smarty/libs/plugins/function.math.php index 8560e9441..f9cf67fe7 100644 --- a/vendor/smarty/smarty/libs/plugins/function.math.php +++ b/vendor/smarty/smarty/libs/plugins/function.math.php @@ -70,7 +70,7 @@ function smarty_function_math($params, $template) $number = '(?:\d+(?:[,.]\d+)?|pi|π)'; // What is a number $functionsOrVars = '((?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*))'; $operators = '[,+\/*\^%-]'; // Allowed math operators - $regexp = '/^(('.$number.'|'.$functionsOrVars.'|('.$functionsOrVars.'\s*\((?1)+\)|\((?1)+\)))(?:'.$operators.'(?1))?)+$/'; + $regexp = '/^(('.$number.'|'.$functionsOrVars.'|('.$functionsOrVars.'\s*\((?1)*\)|\((?1)*\)))(?:'.$operators.'(?1))?)+$/'; if (!preg_match($regexp, $equation)) { trigger_error("math: illegal characters", E_USER_WARNING); diff --git a/vendor/smarty/smarty/libs/plugins/modifier.capitalize.php b/vendor/smarty/smarty/libs/plugins/modifier.capitalize.php index c5fc400a6..b7da08980 100644 --- a/vendor/smarty/smarty/libs/plugins/modifier.capitalize.php +++ b/vendor/smarty/smarty/libs/plugins/modifier.capitalize.php @@ -22,6 +22,8 @@ */ function smarty_modifier_capitalize($string, $uc_digits = false, $lc_rest = false) { + $string = (string) $string; + if (Smarty::$_MBSTRING) { if ($lc_rest) { // uppercase (including hyphenated words) diff --git a/vendor/smarty/smarty/libs/plugins/modifier.explode.php b/vendor/smarty/smarty/libs/plugins/modifier.explode.php new file mode 100644 index 000000000..5186fde3d --- /dev/null +++ b/vendor/smarty/smarty/libs/plugins/modifier.explode.php @@ -0,0 +1,25 @@ +=8.1 + return explode($separator, $string ?? '', $limit ?? PHP_INT_MAX); +} diff --git a/vendor/smarty/smarty/libs/plugins/modifier.number_format.php b/vendor/smarty/smarty/libs/plugins/modifier.number_format.php new file mode 100644 index 000000000..8c612601f --- /dev/null +++ b/vendor/smarty/smarty/libs/plugins/modifier.number_format.php @@ -0,0 +1,26 @@ +=8.1 + return number_format($num ?? 0.0, $decimals, $decimal_separator, $thousands_separator); +} diff --git a/vendor/smarty/smarty/libs/plugins/modifiercompiler.unescape.php b/vendor/smarty/smarty/libs/plugins/modifiercompiler.unescape.php index 05beb81f5..3438fe3e0 100644 --- a/vendor/smarty/smarty/libs/plugins/modifiercompiler.unescape.php +++ b/vendor/smarty/smarty/libs/plugins/modifiercompiler.unescape.php @@ -14,20 +14,28 @@ * @author Rodney Rehm * * @param array $params parameters + * @param Smarty_Internal_TemplateCompilerBase $compiler * * @return string with compiled code */ -function smarty_modifiercompiler_unescape($params) +function smarty_modifiercompiler_unescape($params, Smarty_Internal_TemplateCompilerBase $compiler) { - if (!isset($params[ 1 ])) { - $params[ 1 ] = 'html'; - } + $compiler->template->_checkPlugins( + array( + array( + 'function' => 'smarty_literal_compiler_param', + 'file' => SMARTY_PLUGINS_DIR . 'shared.literal_compiler_param.php' + ) + ) + ); + + $esc_type = smarty_literal_compiler_param($params, 1, 'html'); + if (!isset($params[ 2 ])) { $params[ 2 ] = '\'' . addslashes(Smarty::$_CHARSET) . '\''; - } else { - $params[ 2 ] = "'{$params[ 2 ]}'"; } - switch (trim($params[ 1 ], '"\'')) { + + switch ($esc_type) { case 'entity': case 'htmlall': if (Smarty::$_MBSTRING) { diff --git a/vendor/smarty/smarty/libs/plugins/modifiercompiler.upper.php b/vendor/smarty/smarty/libs/plugins/modifiercompiler.upper.php index e12ae6769..31a90a055 100644 --- a/vendor/smarty/smarty/libs/plugins/modifiercompiler.upper.php +++ b/vendor/smarty/smarty/libs/plugins/modifiercompiler.upper.php @@ -21,8 +21,8 @@ function smarty_modifiercompiler_upper($params) { if (Smarty::$_MBSTRING) { - return 'mb_strtoupper(' . $params[ 0 ] . ', \'' . addslashes(Smarty::$_CHARSET) . '\')'; + return 'mb_strtoupper(' . $params[ 0 ] . ' ?? \'\', \'' . addslashes(Smarty::$_CHARSET) . '\')'; } // no MBString fallback - return 'strtoupper(' . $params[ 0 ] . ')'; + return 'strtoupper(' . $params[ 0 ] . ' ?? \'\')'; } diff --git a/vendor/smarty/smarty/libs/plugins/shared.mb_str_replace.php b/vendor/smarty/smarty/libs/plugins/shared.mb_str_replace.php index 226d9035d..7e85f7aae 100644 --- a/vendor/smarty/smarty/libs/plugins/shared.mb_str_replace.php +++ b/vendor/smarty/smarty/libs/plugins/shared.mb_str_replace.php @@ -44,9 +44,43 @@ if (!function_exists('smarty_mb_str_replace')) { } } } else { - $parts = mb_split(preg_quote($search), $subject) ?: array(); + $mb_reg_charset = mb_regex_encoding(); + // Check if mbstring regex is using UTF-8 + $reg_is_unicode = !strcasecmp($mb_reg_charset, "UTF-8"); + if(!$reg_is_unicode) { + // ...and set to UTF-8 if not + mb_regex_encoding("UTF-8"); + } + + // See if charset used by Smarty is matching one used by regex... + $current_charset = mb_regex_encoding(); + $convert_result = (bool)strcasecmp(Smarty::$_CHARSET, $current_charset); + if($convert_result) { + // ...convert to it if not. + $subject = mb_convert_encoding($subject, $current_charset, Smarty::$_CHARSET); + $search = mb_convert_encoding($search, $current_charset, Smarty::$_CHARSET); + $replace = mb_convert_encoding($replace, $current_charset, Smarty::$_CHARSET); + } + + $parts = mb_split(preg_quote($search), $subject ?? "") ?: array(); + // If original regex encoding was not unicode... + if(!$reg_is_unicode) { + // ...restore original regex encoding to avoid breaking the system. + mb_regex_encoding($mb_reg_charset); + } + if($parts === false) { + // This exception is thrown if call to mb_split failed. + // Usually it happens, when $search or $replace are not valid for given mb_regex_encoding(). + // There may be other cases for it to fail, please file an issue if you find a reproducible one. + throw new SmartyException("Source string is not a valid $current_charset sequence (probably)"); + } + $count = count($parts) - 1; $subject = implode($replace, $parts); + // Convert results back to charset used by Smarty, if needed. + if($convert_result) { + $subject = mb_convert_encoding($subject, Smarty::$_CHARSET, $current_charset); + } } return $subject; } diff --git a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_print_expression.php b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_print_expression.php index 23cae8aef..96bd37244 100644 --- a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_print_expression.php +++ b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_compile_private_print_expression.php @@ -93,7 +93,7 @@ class Smarty_Internal_Compile_Private_Print_Expression extends Smarty_Internal_C } // autoescape html if ($compiler->template->smarty->escape_html) { - $output = "htmlspecialchars({$output}, ENT_QUOTES, '" . addslashes(Smarty::$_CHARSET) . "')"; + $output = "htmlspecialchars((string) {$output}, ENT_QUOTES, '" . addslashes(Smarty::$_CHARSET) . "')"; } // loop over registered filters if (!empty($compiler->template->smarty->registered_filters[ Smarty::FILTER_VARIABLE ])) { diff --git a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_runtime_writefile.php b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_runtime_writefile.php index 4383e6f38..18c149459 100644 --- a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_runtime_writefile.php +++ b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_runtime_writefile.php @@ -29,12 +29,7 @@ class Smarty_Internal_Runtime_WriteFile { $_error_reporting = error_reporting(); error_reporting($_error_reporting & ~E_NOTICE & ~E_WARNING); - $_file_perms = property_exists($smarty, '_file_perms') ? $smarty->_file_perms : 0644; - $_dir_perms = - property_exists($smarty, '_dir_perms') ? (isset($smarty->_dir_perms) ? $smarty->_dir_perms : 0777) : 0771; - if ($_file_perms !== null) { - $old_umask = umask(0); - } + $old_umask = umask(0); $_dirpath = dirname($_filepath); // if subdirs, create dir structure if ($_dirpath !== '.') { @@ -42,7 +37,7 @@ class Smarty_Internal_Runtime_WriteFile // loop if concurrency problem occurs // see https://bugs.php.net/bug.php?id=35326 while (!is_dir($_dirpath)) { - if (@mkdir($_dirpath, $_dir_perms, true)) { + if (@mkdir($_dirpath, 0771, true)) { break; } clearstatcache(); @@ -89,11 +84,9 @@ class Smarty_Internal_Runtime_WriteFile error_reporting($_error_reporting); throw new SmartyException("unable to write file {$_filepath}"); } - if ($_file_perms !== null) { - // set file permissions - chmod($_filepath, $_file_perms); - umask($old_umask); - } + // set file permissions + chmod($_filepath, 0644); + umask($old_umask); error_reporting($_error_reporting); return true; } diff --git a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php index bd500abe4..d6f86ac0a 100644 --- a/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php +++ b/vendor/smarty/smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php @@ -422,9 +422,6 @@ abstract class Smarty_Internal_TemplateCompilerBase try { // save template object in compiler class $this->template = $template; - if (property_exists($this->template->smarty, 'plugin_search_order')) { - $this->plugin_search_order = $this->template->smarty->plugin_search_order; - } if ($this->smarty->debugging) { if (!isset($this->smarty->_debug)) { $this->smarty->_debug = new Smarty_Internal_Debug(); -- cgit v1.2.3

#{$vars@key}#

- {if isset($vars['scope'])}Origin: {$vars['scope']|debug_print_var nofilter}{/if} +
+

#{$vars@key}#

+ {if isset($vars['scope'])}Origin: {$vars['scope']|debug_print_var nofilter}{/if} + 		+ {$vars['value']|debug_print_var:10:80 nofilter} {$vars['value']|debug_print_var:10:80 nofilter}