 |
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
| View previous topic :: View next topic |
| Author |
Message |
Mr_Php
Smarty n00b
Joined: 10 May 2004
Posts: 3
|
 Posted: Mon May 10, 2004 12:09 pm Post subject: misreported bug, ignore topic... |
 |
|
This concerns smarty 2.6.2.
Make a displayer for your template with secure mode on:
| Quote: |
$sm=new Smarty;
$sm->security=true;
$sm->php_handling=SMARTY_PHP_REMOVE;
$sm->security_settings[PHP_HANDLING]=SMARTY_PHP_REMOVE; |
Put this in your template:
| Code: |
this bit of php code is
{php} echo "not stripped ... '.date('Y m d'); { /php }
<p>and this one is
{php} echo "stripped'.date('Y m d'); {/php} |
Here is a very short patch for Smarty_Compiler.class.php that will fix the problem- doesn't seem to be much slower either...
| Code: |
284c284
< $text_blocks[$curr_tb] = str_replace('%%%SMARTYSP'.$curr_sp.'%%%', '', $text_blocks[$curr_tb]);
---
> $text_blocks[$curr_tb] = preg_replace("/%%%SMARTYSP.*$curr_sp.*%%%/", '', $text_blocks[$curr_tb]);
|
I would also point out that there are likely other issues with the block of code above this, but my itch has been scratched...
Last edited by Mr_Php on Mon May 10, 2004 1:21 pm; edited 1 time in total |
|
| Back to top |
|
messju
Administrator
Joined: 16 Apr 2003
Posts: 3336
Location: Oldenburg, Germany
|
| Posted: Mon May 10, 2004 12:39 pm Post subject: |
|
|
erm, $smarty->php_handling has nothing to do with handling of {php}-tags, only with handling of <?php ... ?>-tags.
you should get an error like "syntax error: (secure mode) php tags not permitted".
at least I do with your example-template and Smarty-2.6.2. |
|
| Back to top |
|
Mr_Php
Smarty n00b
Joined: 10 May 2004
Posts: 3
|
| Posted: Mon May 10, 2004 12:56 pm Post subject: |
|
|
| That may be redundant information, however the code still executes when it isn't supposed to when you simply add spaces inside the {}. |
|
| Back to top |
|
messju
Administrator
Joined: 16 Apr 2003
Posts: 3336
Location: Oldenburg, Germany
|
| Posted: Mon May 10, 2004 1:02 pm Post subject: |
|
|
| Mr_Php wrote: | | however the code still executes when it isn't supposed to when you simply add spaces inside the {}. |
no, it isn't.
maybe you are fooled by the fact that these security-checks are only done at compile time.
if you compile the template with security disabled then the code gets compiled.
and then it gets executed even if security gets turned on afterwards.
but this is independet of any spaces inside the {php}-tag. |
|
| Back to top |
|
Mr_Php
Smarty n00b
Joined: 10 May 2004
Posts: 3
|
| Posted: Mon May 10, 2004 1:20 pm Post subject: |
|
|
You are correct, there was a compiled template which caused the confusion.
Now that I have deleted all compiled templates I can no longer duplicate the problem.
Sorry for wasting your time. |
|
| Back to top |
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
