|
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
View previous topic :: View next topic |
Author |
Message |
mohrt Administrator
Joined: 16 Apr 2003 Posts: 7368 Location: Lincoln Nebraska, USA
|
Posted: Wed May 13, 2009 3:57 pm Post subject: Smarty 2.6.23 Released |
|
|
This release addresses a correction with the {math} plugin where backticks were not properly sanitized, creating a possible shell execution, even from a secure template. There are no known sequences that actually do anything, but removing backticks will rule out any question. Also addressed, templates that exist but are not readable now create a proper error message.
NEWS/Changelog: http://www.smarty.net/misc/NEWS
Download: http://www.smarty.net/download.php |
|
Back to top |
|
mohrt Administrator
Joined: 16 Apr 2003 Posts: 7368 Location: Lincoln Nebraska, USA
|
Posted: Thu May 14, 2009 1:24 pm Post subject: |
|
|
Also in this release:
Super global access from templates are now read-only, so it's no longer possible to do something like {$smarty.session.foo++} |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|