From a188c6b38acbc4cbbe2b31fc978a5902c6f6b2b5 Mon Sep 17 00:00:00 2001 From: kaetemi Date: Thu, 3 Jun 2021 16:38:38 +0800 Subject: [PATCH] Update admin tool smarty lib --- .../admin/smarty/Config_File.class.php | 4 +- web/public_php/admin/smarty/Smarty.class.php | 14 ++- .../admin/smarty/Smarty_Compiler.class.php | 23 ++-- .../core.assemble_plugin_filepath.php | 8 +- .../admin/smarty/plugins/function.math.php | 106 +++++++++++------- 5 files changed, 91 insertions(+), 64 deletions(-) diff --git a/web/public_php/admin/smarty/Config_File.class.php b/web/public_php/admin/smarty/Config_File.class.php index c25f2a0ea..6d8c2987f 100644 --- a/web/public_php/admin/smarty/Config_File.class.php +++ b/web/public_php/admin/smarty/Config_File.class.php @@ -29,7 +29,7 @@ * @package Smarty */ -/* $Id: Config_File.class.php 3149 2009-05-23 20:59:25Z monte.ohrt $ */ +/* $Id$ */ /** * Config file reading class @@ -73,7 +73,7 @@ class Config_File { * * @param string $config_path (optional) path to the config files */ - function Config_File($config_path = NULL) + public function __construct($config_path = NULL) { if (isset($config_path)) $this->set_path($config_path); diff --git a/web/public_php/admin/smarty/Smarty.class.php b/web/public_php/admin/smarty/Smarty.class.php index d57c1f67e..3c97b5fda 100644 --- a/web/public_php/admin/smarty/Smarty.class.php +++ b/web/public_php/admin/smarty/Smarty.class.php @@ -27,10 +27,10 @@ * @author Monte Ohrt * @author Andrei Zmievski * @package Smarty - * @version 2.6.28 + * @version 2.6.31-dev */ -/* $Id: Smarty.class.php 4660 2012-09-24 20:05:15Z uwe.tews@googlemail.com $ */ +/* $Id$ */ /** * DIR_SEP isn't used anymore, but third party apps might @@ -465,7 +465,7 @@ class Smarty * * @var string */ - var $_version = '2.6.28'; + var $_version = '2.6.31'; /** * current template inclusion depth @@ -562,11 +562,17 @@ class Smarty */ var $_cache_including = false; + /** + * plugin filepath cache + * + * @var array + */ + var $_filepaths_cache = array(); /**#@-*/ /** * The class constructor. */ - function __construct() + public function __construct() { $this->assign('SCRIPT_NAME', isset($_SERVER['SCRIPT_NAME']) ? $_SERVER['SCRIPT_NAME'] : @$GLOBALS['HTTP_SERVER_VARS']['SCRIPT_NAME']); diff --git a/web/public_php/admin/smarty/Smarty_Compiler.class.php b/web/public_php/admin/smarty/Smarty_Compiler.class.php index 27bf469f1..904601d7e 100644 --- a/web/public_php/admin/smarty/Smarty_Compiler.class.php +++ b/web/public_php/admin/smarty/Smarty_Compiler.class.php @@ -26,7 +26,7 @@ * @package Smarty */ -/* $Id: Smarty_Compiler.class.php 4779 2013-09-30 19:14:32Z Uwe.Tews@googlemail.com $ */ +/* $Id$ */ /** * Template compiling class @@ -78,10 +78,8 @@ class Smarty_Compiler extends Smarty { /** * The class constructor. */ - function __construct() + public function __construct() { - parent::__construct(); - // matches double quoted strings: // "foobar" // "foo\"bar" @@ -261,14 +259,10 @@ class Smarty_Compiler extends Smarty { preg_match_all($search, $source_content, $match, PREG_SET_ORDER); $this->_folded_blocks = $match; - reset($this->_folded_blocks); /* replace special blocks by "{php}" */ - $source_content = preg_replace_callback($search, function($matches) { - return $this->_quote_replace($this->left_delimiter).'php'. - str_repeat("\n", substr_count($matches[1], "\n")). - $this->_quote_replace($this->right_delimiter); - }, $source_content); + $source_content = preg_replace_callback($search, array($this,'_preg_callback') + , $source_content); /* Gather all template tags. */ preg_match_all("~{$ldq}\s*(.*?)\s*{$rdq}~s", $source_content, $_match); @@ -557,7 +551,7 @@ class Smarty_Compiler extends Smarty { case 'php': /* handle folded tags replaced by {php} */ - $block = current($this->_folded_blocks); + $block = array_shift($this->_folded_blocks); $this->_current_line_no += substr_count($block[0], "\n"); /* the number of matched elements in the regexp in _compile_file() determins the type of folded tag that was found */ @@ -755,7 +749,12 @@ class Smarty_Compiler extends Smarty { return true; } - + function _preg_callback ($matches) { + return $this->_quote_replace($this->left_delimiter) + . 'php' + . str_repeat("\n", substr_count($matches[1], "\n")) + . $this->_quote_replace($this->right_delimiter); + } /** * compile custom function tag * diff --git a/web/public_php/admin/smarty/internals/core.assemble_plugin_filepath.php b/web/public_php/admin/smarty/internals/core.assemble_plugin_filepath.php index 690d3ddbc..22c02483f 100644 --- a/web/public_php/admin/smarty/internals/core.assemble_plugin_filepath.php +++ b/web/public_php/admin/smarty/internals/core.assemble_plugin_filepath.php @@ -14,11 +14,9 @@ */ function smarty_core_assemble_plugin_filepath($params, &$smarty) { - static $_filepaths_cache = array(); - $_plugin_filename = $params['type'] . '.' . $params['name'] . '.php'; - if (isset($_filepaths_cache[$_plugin_filename])) { - return $_filepaths_cache[$_plugin_filename]; + if (isset($smarty->_filepaths_cache[$_plugin_filename])) { + return $smarty->_filepaths_cache[$_plugin_filename]; } $_return = false; @@ -58,7 +56,7 @@ function smarty_core_assemble_plugin_filepath($params, &$smarty) } } } - $_filepaths_cache[$_plugin_filename] = $_return; + $smarty->_filepaths_cache[$_plugin_filename] = $_return; return $_return; } diff --git a/web/public_php/admin/smarty/plugins/function.math.php b/web/public_php/admin/smarty/plugins/function.math.php index 6575e0600..d0ce1e671 100644 --- a/web/public_php/admin/smarty/plugins/function.math.php +++ b/web/public_php/admin/smarty/plugins/function.math.php @@ -1,85 +1,109 @@ * Name: math
- * Purpose: handle math computations in template
- * @link http://smarty.php.net/manual/en/language.function.math.php {math} - * (Smarty online manual) + * Purpose: handle math computations in template + * + * @link http://www.smarty.net/manual/en/language.function.math.php {math} + * (Smarty online manual) * @author Monte Ohrt - * @param array + * + * @param array $params parameters * @param Smarty - * @return string + * + * @return string|null */ function smarty_function_math($params, &$smarty) { + static $_allowed_funcs = + array('int' => true, 'abs' => true, 'ceil' => true, 'cos' => true, 'exp' => true, 'floor' => true, + 'log' => true, 'log10' => true, 'max' => true, 'min' => true, 'pi' => true, 'pow' => true, 'rand' => true, + 'round' => true, 'sin' => true, 'sqrt' => true, 'srand' => true, 'tan' => true); // be sure equation parameter is present - if (empty($params['equation'])) { - $smarty->trigger_error("math: missing equation parameter"); + if (empty($params[ 'equation' ])) { + trigger_error("math: missing equation parameter", E_USER_WARNING); + return; } - // strip out backticks, not necessary for math - $equation = str_replace('`','',$params['equation']); + $equation = $params[ 'equation' ]; // make sure parenthesis are balanced - if (substr_count($equation,"(") != substr_count($equation,")")) { - $smarty->trigger_error("math: unbalanced parenthesis"); + if (substr_count($equation, "(") != substr_count($equation, ")")) { + trigger_error("math: unbalanced parenthesis", E_USER_WARNING); + return; } - // match all vars in equation, make sure all are passed - preg_match_all("!(?:0x[a-fA-F0-9]+)|([a-zA-Z][a-zA-Z0-9_]*)!",$equation, $match); - $allowed_funcs = array('int','abs','ceil','cos','exp','floor','log','log10', - 'max','min','pi','pow','rand','round','sin','sqrt','srand','tan'); - - foreach($match[1] as $curr_var) { - if ($curr_var && !in_array($curr_var, array_keys($params)) && !in_array($curr_var, $allowed_funcs)) { - $smarty->trigger_error("math: function call $curr_var not allowed"); - return; - } + // disallow backticks + if (strpos($equation, '`') !== false) { + trigger_error("math: backtick character not allowed in equation", E_USER_WARNING); + + return; + } + + // also disallow dollar signs + if (strpos($equation, '$') !== false) { + trigger_error("math: dollar signs not allowed in equation", E_USER_WARNING); + + return; } - foreach($params as $key => $val) { + foreach ($params as $key => $val) { if ($key != "equation" && $key != "format" && $key != "assign") { // make sure value is not empty - if (strlen($val)==0) { - $smarty->trigger_error("math: parameter $key is empty"); + if (strlen($val) == 0) { + trigger_error("math: parameter '{$key}' is empty", E_USER_WARNING); + return; } if (!is_numeric($val)) { - $smarty->trigger_error("math: parameter $key: is not numeric"); + trigger_error("math: parameter '{$key}' is not numeric", E_USER_WARNING); + return; } - $equation = preg_replace("/\b$key\b/", " \$params['$key'] ", $equation); } } - eval("\$smarty_math_result = ".$equation.";"); + // match all vars in equation, make sure all are passed + preg_match_all('!(?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*)!', $equation, $match); + + foreach ($match[ 1 ] as $curr_var) { + if ($curr_var && !isset($params[ $curr_var ]) && !isset($_allowed_funcs[ $curr_var ])) { + trigger_error("math: function call '{$curr_var}' not allowed, or missing parameter '{$curr_var}'", E_USER_WARNING); + + return; + } + } + + foreach ($params as $key => $val) { + if ($key != "equation" && $key != "format" && $key != "assign") { + $equation = preg_replace("/\b$key\b/", " \$params['$key'] ", $equation); + } + } + $smarty_math_result = null; + eval("\$smarty_math_result = " . $equation . ";"); - if (empty($params['format'])) { - if (empty($params['assign'])) { + if (empty($params[ 'format' ])) { + if (empty($params[ 'assign' ])) { return $smarty_math_result; } else { - $smarty->assign($params['assign'],$smarty_math_result); + $smarty->assign($params[ 'assign' ], $smarty_math_result); } } else { - if (empty($params['assign'])){ - printf($params['format'],$smarty_math_result); + if (empty($params[ 'assign' ])) { + printf($params[ 'format' ], $smarty_math_result); } else { - $smarty->assign($params['assign'],sprintf($params['format'],$smarty_math_result)); + $smarty->assign($params[ 'assign' ], sprintf($params[ 'format' ], $smarty_math_result)); } } } - -/* vim: set expandtab: */ - -?> \ No newline at end of file