Skip to content
Permalink
Browse files

- security possible PHP code injection on custom resources at display…

…() or fetch()

    calls if the resource does not sanitize the template name
  • Loading branch information...
uwetews committed Jul 21, 2017
1 parent a6f3a51 commit 614ad1f8b9b00086efc123e49b7bb8efbfa81b61
@@ -1,4 +1,8 @@
===== 3.1.32 - dev ===
21.7.2017
- security possible PHP code injection on custom resources at display() or fetch()
calls if the resource does not sanitize the template name

27.5.2017
- bugfix change compiled code for registered function and modifiers to called as callable to allow closures
https://github.com/smarty-php/smarty/pull/368, https://github.com/smarty-php/smarty/issues/273
@@ -108,7 +108,7 @@ class Smarty extends Smarty_Internal_TemplateBase
/**
* smarty version
*/
const SMARTY_VERSION = '3.1.32-dev-11';
const SMARTY_VERSION = '3.1.32-dev-12';
/**
* define variable scopes
@@ -41,8 +41,8 @@ public function create(Smarty_Internal_Template $_template, $content = '', $func
$properties[ 'cache_lifetime' ] = $_template->cache_lifetime;
}
$output = "<?php\n";
$output .= "/* Smarty version " . Smarty::SMARTY_VERSION . ", created on " . strftime("%Y-%m-%d %H:%M:%S") .
"\n from \"" . $_template->source->filepath . "\" */\n\n";
$output .= "/* Smarty version {Smarty::SMARTY_VERSION}, created on " . strftime("%Y-%m-%d %H:%M:%S") .
"\n from \"" . str_replace('*/','* /',$_template->source->filepath) . "\" */\n\n";
$output .= "/* @var Smarty_Internal_Template \$_smarty_tpl */\n";
$dec = "\$_smarty_tpl->_decodeProperties(\$_smarty_tpl, " . var_export($properties, true) . ',' .
($cache ? 'true' : 'false') . ")";
@@ -47,7 +47,7 @@ protected function fetchTimestamp($name)
*/
public function populate(Smarty_Template_Source $source, Smarty_Internal_Template $_template = null)
{
$source->filepath = $source->type . ':' . $source->name;
$source->filepath = $source->type . ':' . substr(preg_replace('/[^A-Za-z0-9.]/','',$source->name),0,25);
$source->uid = sha1($source->type . ':' . $source->name);
$mtime = $this->fetchTimestamp($source->name);
@@ -90,6 +90,6 @@ public function getContent(Smarty_Template_Source $source)
*/
public function getBasename(Smarty_Template_Source $source)
{
return basename($source->name);
return basename(substr(preg_replace('/[^A-Za-z0-9.]/','',$source->name),0,25));
}
}

0 comments on commit 614ad1f

Please sign in to comment.
You can’t perform that action at this time.