Skip to content

Commit 64ad644

Browse files
committed
Merge branch 'security/blockfunctioninjection'
2 parents 3f97b73 + 7eff7d6 commit 64ad644

7 files changed

+27
-17
lines changed

Diff for: CHANGELOG.md

+3-2
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
66

77
## [Unreleased]
88

9-
### Changed
10-
- Exclude docs and demo from export and composer [#751](https://github.com/smarty-php/smarty/pull/751)
9+
### Security
10+
- Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022-
1111

1212
### Fixed
13+
- Exclude docs and demo from export and composer [#751](https://github.com/smarty-php/smarty/pull/751)
1314
- PHP 8.1 deprecation notices in demo/plugins/cacheresource.pdo.php [#706](https://github.com/smarty-php/smarty/issues/706)
1415
- PHP 8.1 deprecation notices in truncate modifier [#699](https://github.com/smarty-php/smarty/issues/699)
1516
- Math equation `max(x, y)` didn't work anymore [#721](https://github.com/smarty-php/smarty/issues/721)

Diff for: libs/sysplugins/smarty_internal_compile_block.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -125,7 +125,7 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler, $
125125
// setup buffer for template function code
126126
$compiler->parser->current_buffer = new Smarty_Internal_ParseTree_Template();
127127
$output = "<?php\n";
128-
$output .= "/* {block {$_name}} */\n";
128+
$output .= $compiler->cStyleComment(" {block {$_name}} ") . "\n";
129129
$output .= "class {$_className} extends Smarty_Internal_Block\n";
130130
$output .= "{\n";
131131
foreach ($_block as $property => $value) {
@@ -155,7 +155,7 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler, $
155155
}
156156
$output .= "}\n";
157157
$output .= "}\n";
158-
$output .= "/* {/block {$_name}} */\n\n";
158+
$output .= $compiler->cStyleComment(" {/block {$_name}} ") . "\n\n";
159159
$output .= "?>\n";
160160
$compiler->parser->current_buffer->append_subtree(
161161
$compiler->parser,

Diff for: libs/sysplugins/smarty_internal_compile_function.php

+4-4
Original file line numberDiff line numberDiff line change
@@ -134,7 +134,7 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler)
134134
if ($compiler->template->compiled->has_nocache_code) {
135135
$compiler->parent_compiler->tpl_function[ $_name ][ 'call_name_caching' ] = $_funcNameCaching;
136136
$output = "<?php\n";
137-
$output .= "/* {$_funcNameCaching} */\n";
137+
$output .= $compiler->cStyleComment(" {$_funcNameCaching} ") . "\n";
138138
$output .= "if (!function_exists('{$_funcNameCaching}')) {\n";
139139
$output .= "function {$_funcNameCaching} (Smarty_Internal_Template \$_smarty_tpl,\$params) {\n";
140140
$output .= "ob_start();\n";
@@ -159,7 +159,7 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler)
159159
$output .= "/*/%%SmartyNocache:{$compiler->template->compiled->nocache_hash}%%*/\";\n?>";
160160
$output .= "<?php echo str_replace('{$compiler->template->compiled->nocache_hash}', \$_smarty_tpl->compiled->nocache_hash ?? '', ob_get_clean());\n";
161161
$output .= "}\n}\n";
162-
$output .= "/*/ {$_funcName}_nocache */\n\n";
162+
$output .= $compiler->cStyleComment("/ {$_funcName}_nocache ") . "\n\n";
163163
$output .= "?>\n";
164164
$compiler->parser->current_buffer->append_subtree(
165165
$compiler->parser,
@@ -179,7 +179,7 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler)
179179
}
180180
$compiler->parent_compiler->tpl_function[ $_name ][ 'call_name' ] = $_funcName;
181181
$output = "<?php\n";
182-
$output .= "/* {$_funcName} */\n";
182+
$output .= $compiler->cStyleComment(" {$_funcName} ") . "\n";
183183
$output .= "if (!function_exists('{$_funcName}')) {\n";
184184
$output .= "function {$_funcName}(Smarty_Internal_Template \$_smarty_tpl,\$params) {\n";
185185
$output .= $_paramsCode;
@@ -196,7 +196,7 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler)
196196
);
197197
$compiler->parser->current_buffer->append_subtree($compiler->parser, $_functionCode);
198198
$output = "<?php\n}}\n";
199-
$output .= "/*/ {$_funcName} */\n\n";
199+
$output .= $compiler->cStyleComment("/ {$_funcName} ") . "\n\n";
200200
$output .= "?>\n";
201201
$compiler->parser->current_buffer->append_subtree(
202202
$compiler->parser,

Diff for: libs/sysplugins/smarty_internal_compile_include.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -318,14 +318,14 @@ public function compileInlineTemplate(
318318
}
319319
// get compiled code
320320
$compiled_code = "<?php\n\n";
321-
$compiled_code .= "/* Start inline template \"{$sourceInfo}\" =============================*/\n";
321+
$compiled_code .= $compiler->cStyleComment(" Start inline template \"{$sourceInfo}\" =============================") . "\n";
322322
$compiled_code .= "function {$tpl->compiled->unifunc} (Smarty_Internal_Template \$_smarty_tpl) {\n";
323323
$compiled_code .= "?>\n" . $tpl->compiler->compileTemplateSource($tpl, null, $compiler->parent_compiler);
324324
$compiled_code .= "<?php\n";
325325
$compiled_code .= "}\n?>\n";
326326
$compiled_code .= $tpl->compiler->postFilter($tpl->compiler->blockOrFunctionCode);
327327
$compiled_code .= "<?php\n\n";
328-
$compiled_code .= "/* End inline template \"{$sourceInfo}\" =============================*/\n";
328+
$compiled_code .= $compiler->cStyleComment(" End inline template \"{$sourceInfo}\" =============================") . "\n";
329329
$compiled_code .= '?>';
330330
unset($tpl->compiler);
331331
if ($tpl->compiled->has_nocache_code) {

Diff for: libs/sysplugins/smarty_internal_config_file_compiler.php

+6-4
Original file line numberDiff line numberDiff line change
@@ -157,10 +157,12 @@ public function compileTemplate(Smarty_Internal_Template $template)
157157
$this->smarty->_debug->end_compile($this->template);
158158
}
159159
// template header code
160-
$template_header =
161-
"<?php /* Smarty version " . Smarty::SMARTY_VERSION . ", created on " . date("Y-m-d H:i:s") .
162-
"\n";
163-
$template_header .= " compiled from '{$this->template->source->filepath}' */ ?>\n";
160+
$template_header = sprintf(
161+
"<?php /* Smarty version %s, created on %s\n compiled from '%s' */ ?>\n",
162+
Smarty::SMARTY_VERSION,
163+
date("Y-m-d H:i:s"),
164+
str_replace('*/', '* /' , $this->template->source->filepath)
165+
);
164166
$code = '<?php $_smarty_tpl->smarty->ext->configLoad->_loadConfigVars($_smarty_tpl, ' .
165167
var_export($this->config_data, true) . '); ?>';
166168
return $template_header . $this->template->smarty->ext->_codeFrame->create($this->template, $code);

Diff for: libs/sysplugins/smarty_internal_runtime_codeframe.php

+6-3
Original file line numberDiff line numberDiff line change
@@ -44,9 +44,12 @@ public function create(
4444
$properties[ 'file_dependency' ] = $_template->cached->file_dependency;
4545
$properties[ 'cache_lifetime' ] = $_template->cache_lifetime;
4646
}
47-
$output = "<?php\n";
48-
$output .= "/* Smarty version {$properties[ 'version' ]}, created on " . date("Y-m-d H:i:s") .
49-
"\n from '" . str_replace('*/', '* /', $_template->source->filepath) . "' */\n\n";
47+
$output = sprintf(
48+
"<?php\n/* Smarty version %s, created on %s\n from '%s' */\n\n",
49+
$properties[ 'version' ],
50+
date("Y-m-d H:i:s"),
51+
str_replace('*/', '* /', $_template->source->filepath)
52+
);
5053
$output .= "/* @var Smarty_Internal_Template \$_smarty_tpl */\n";
5154
$dec = "\$_smarty_tpl->_decodeProperties(\$_smarty_tpl, " . var_export($properties, true) . ',' .
5255
($cache ? 'true' : 'false') . ')';

Diff for: libs/sysplugins/smarty_internal_templatecompilerbase.php

+4
Original file line numberDiff line numberDiff line change
@@ -1439,6 +1439,10 @@ public function compileCheckPlugins($requiredPlugins)
14391439
*/
14401440
abstract protected function doCompile($_content, $isTemplateSource = false);
14411441

1442+
public function cStyleComment($string) {
1443+
return '/*' . str_replace('*/', '* /' , $string) . '*/';
1444+
}
1445+
14421446
/**
14431447
* Compile Tag
14441448
*

0 commit comments

Comments
 (0)