Skip to content

Commit 579ffa5

Browse files
committed
Fix CVE-2022-0323 (improper neutralization of section names)
- Fixes possible RCE when rendering untrusted user templates. - Remove unnecessary comments in generated source.
1 parent 0762097 commit 579ffa5

File tree

1 file changed

+2
-4
lines changed

1 file changed

+2
-4
lines changed

Diff for: src/Mustache/Compiler.php

+2-4
Original file line numberDiff line numberDiff line change
@@ -320,7 +320,6 @@ private function block($nodes)
320320
}
321321

322322
const SECTION_CALL = '
323-
// %s section
324323
$value = $context->%s(%s);%s
325324
$buffer .= $this->section%s($context, $indent, $value);
326325
';
@@ -391,11 +390,10 @@ private function section($nodes, $id, $filters, $start, $end, $otag, $ctag, $lev
391390
$id = var_export($id, true);
392391
$filters = $this->getFilters($filters, $level);
393392

394-
return sprintf($this->prepare(self::SECTION_CALL, $level), $id, $method, $id, $filters, $key);
393+
return sprintf($this->prepare(self::SECTION_CALL, $level), $method, $id, $filters, $key);
395394
}
396395

397396
const INVERTED_SECTION = '
398-
// %s inverted section
399397
$value = $context->%s(%s);%s
400398
if (empty($value)) {
401399
%s
@@ -418,7 +416,7 @@ private function invertedSection($nodes, $id, $filters, $level)
418416
$id = var_export($id, true);
419417
$filters = $this->getFilters($filters, $level);
420418

421-
return sprintf($this->prepare(self::INVERTED_SECTION, $level), $id, $method, $id, $filters, $this->walk($nodes, $level));
419+
return sprintf($this->prepare(self::INVERTED_SECTION, $level), $method, $id, $filters, $this->walk($nodes, $level));
422420
}
423421

424422
const PARTIAL_INDENT = ', $indent . %s';

0 commit comments

Comments
 (0)