Smarty Forum Index Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon.

Smarty 2.6.23 Released

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Announcements
View previous topic :: View next topic  
Author Message
mohrt
Administrator


Joined: 16 Apr 2003
Posts: 7368
Location: Lincoln Nebraska, USA

PostPosted: Wed May 13, 2009 3:57 pm    Post subject: Smarty 2.6.23 Released Reply with quote

This release addresses a correction with the {math} plugin where backticks were not properly sanitized, creating a possible shell execution, even from a secure template. There are no known sequences that actually do anything, but removing backticks will rule out any question. Also addressed, templates that exist but are not readable now create a proper error message.

NEWS/Changelog: http://www.smarty.net/misc/NEWS
Download: http://www.smarty.net/download.php
Back to top
View user's profile Send private message Visit poster's website
mohrt
Administrator


Joined: 16 Apr 2003
Posts: 7368
Location: Lincoln Nebraska, USA

PostPosted: Thu May 14, 2009 1:24 pm    Post subject: Reply with quote

Also in this release:

Super global access from templates are now read-only, so it's no longer possible to do something like {$smarty.session.foo++}
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP