|
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
View previous topic :: View next topic |
Author |
Message |
Mr_Php Smarty n00b
Joined: 10 May 2004 Posts: 3
|
Posted: Mon May 10, 2004 12:09 pm Post subject: misreported bug, ignore topic... |
|
|
This concerns smarty 2.6.2.
Make a displayer for your template with secure mode on:
Quote: |
$sm=new Smarty;
$sm->security=true;
$sm->php_handling=SMARTY_PHP_REMOVE;
$sm->security_settings[PHP_HANDLING]=SMARTY_PHP_REMOVE; |
Put this in your template:
Code: |
this bit of php code is
{php} echo "not stripped ... '.date('Y m d'); { /php }
<p>and this one is
{php} echo "stripped'.date('Y m d'); {/php} |
Here is a very short patch for Smarty_Compiler.class.php that will fix the problem- doesn't seem to be much slower either...
Code: |
284c284
< $text_blocks[$curr_tb] = str_replace('%%%SMARTYSP'.$curr_sp.'%%%', '', $text_blocks[$curr_tb]);
---
> $text_blocks[$curr_tb] = preg_replace("/%%%SMARTYSP.*$curr_sp.*%%%/", '', $text_blocks[$curr_tb]);
|
I would also point out that there are likely other issues with the block of code above this, but my itch has been scratched...
Last edited by Mr_Php on Mon May 10, 2004 1:21 pm; edited 1 time in total |
|
Back to top |
|
messju Administrator
Joined: 16 Apr 2003 Posts: 3336 Location: Oldenburg, Germany
|
Posted: Mon May 10, 2004 12:39 pm Post subject: |
|
|
erm, $smarty->php_handling has nothing to do with handling of {php}-tags, only with handling of <?php ... ?>-tags.
you should get an error like "syntax error: (secure mode) php tags not permitted".
at least I do with your example-template and Smarty-2.6.2. |
|
Back to top |
|
Mr_Php Smarty n00b
Joined: 10 May 2004 Posts: 3
|
Posted: Mon May 10, 2004 12:56 pm Post subject: |
|
|
That may be redundant information, however the code still executes when it isn't supposed to when you simply add spaces inside the {}. |
|
Back to top |
|
messju Administrator
Joined: 16 Apr 2003 Posts: 3336 Location: Oldenburg, Germany
|
Posted: Mon May 10, 2004 1:02 pm Post subject: |
|
|
Mr_Php wrote: | however the code still executes when it isn't supposed to when you simply add spaces inside the {}. |
no, it isn't.
maybe you are fooled by the fact that these security-checks are only done at compile time.
if you compile the template with security disabled then the code gets compiled.
and then it gets executed even if security gets turned on afterwards.
but this is independet of any spaces inside the {php}-tag. |
|
Back to top |
|
Mr_Php Smarty n00b
Joined: 10 May 2004 Posts: 3
|
Posted: Mon May 10, 2004 1:20 pm Post subject: |
|
|
You are correct, there was a compiled template which caused the confusion.
Now that I have deleted all compiled templates I can no longer duplicate the problem.
Sorry for wasting your time. |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|