[smarty-php] r4892 committed - [No log message]
0 views
Skip to first unread message
smart...@googlecode.com
Oct 12, 2014, 10:11:57 AM10/12/14
to smart...@googlegroups.com
Revision: 4892
Author: Uwe....@googlemail.com
Date: Sun Oct 12 14:11:34 2014 UTC
Log: [No log message]
https://code.google.com/p/smarty-php/source/detail?r=4892
Modified:
/trunk/development/lexer/smarty_internal_templatelexer.php
/trunk/development/lexer/smarty_internal_templatelexer.plex
/trunk/development/lexer/smarty_internal_templateparser.php
/trunk/development/lexer/smarty_internal_templateparser.y
/trunk/distribution/change_log.txt
/trunk/distribution/libs/sysplugins/smarty_internal_templatelexer.php
/trunk/distribution/libs/sysplugins/smarty_internal_templateparser.php
=======================================
--- /trunk/development/lexer/smarty_internal_templatelexer.php Tue Oct 7
22:07:15 2014 UTC
+++ /trunk/development/lexer/smarty_internal_templatelexer.php Sun Oct 12
14:11:34 2014 UTC
@@ -21,6 +21,7 @@
public $line;
public $taglineno;
public $is_phpScript = false;
+ public $phpValue = '';
public $state = 1;
public $smarty;
private $heredoc_id_stack = Array();
@@ -164,12 +165,13 @@
20 => 0,
21 => 0,
22 => 0,
- 23 => 0,
+ 23 => 4,
+ 28 => 0,
);
if ($this->counter >= strlen($this->data)) {
return false; // end of input
}
- $yy_global_pattern = "/\G(\\{\\})|\G(" .
$this->ldel . "\\*([\S\s]*?)\\*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*strip\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*\/strip\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*literal\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*(if|elseif|else if|while)\\s+)|\G(" .
$this->ldel . "\\s*for\\s+)|\G(" . $this->ldel . "\\s*foreach(?![^\s]))|
\G(" . $this->ldel . "\\s*setfilter\\s+)|\G(" . $this->ldel . "\\s*\/)|
\G(" . $this->ldel . "\\s*)|
\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|
(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<\/script>)|
\G(\\s*" . $this->rdel . ")|\G(<%)|\G(%>)|\G([\S\s])/iS";
+ $yy_global_pattern = "/\G(\\{\\})|\G(" .
$this->ldel . "\\*([\S\s]*?)\\*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*strip\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*\/strip\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*literal\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*(if|elseif|else if|while)\\s+)|\G(" .
$this->ldel . "\\s*for\\s+)|\G(" . $this->ldel . "\\s*foreach(?![^\s]))|
\G(" . $this->ldel . "\\s*setfilter\\s+)|\G(" . $this->ldel . "\\s*\/)|
\G(" . $this->ldel . "\\s*)|
\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|
(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<\/script>)|
\G(\\s*" . $this->rdel . ")|\G(<%)|\G(%>)|\G(<(([^>]*?)(?=" .
$this->ldel . ")" . $this->ldel . "\\*([\S\s]*?)\\*" .
$this->rdel . ")+([^>]*?)(?!" . $this->ldel . ")>)|\G([\S\s])/iS";
do {
if (preg_match($yy_global_pattern, $this->data, $yymatches,
null, $this->counter)) {
@@ -341,6 +343,7 @@
if ($script) {
$this->is_phpScript = true;
}
+ $this->phpValue = $this->value;
$this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
} elseif ($this->value == '<?xml') {
$this->token = Smarty_Internal_Templateparser::TP_XMLTAG;
@@ -389,9 +392,24 @@
function yy_r1_23($yy_subpatterns)
{
+ $clean =
preg_replace("/{$this->ldel}\*([\S\s]*?)\*{$this->rdel}/", '',
$this->value);
+ if
(preg_match("/<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>/",
$clean, $match)) {
+ $this->phpValue = $match[0];
+ $this->is_phpScript = true;
+ $this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
+ } else {
+ preg_match("/([\S\s]*?)(?={$this->ldel})/", $this->value,
$match);
+ $this->value = $match[0];
+ $this->token = Smarty_Internal_Templateparser::TP_TEXT;
+ }
+ }
+
+ function yy_r1_28($yy_subpatterns)
+ {
+
$phpEndScript = $this->is_phpScript ? '|<\\/script>' : '';
$to = strlen($this->data);
- preg_match("/{$this->ldel}|<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>{$phpEndScript}/",
$this->data, $match, PREG_OFFSET_CAPTURE, $this->counter);
+ preg_match("/<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>|
<(([^>]*?)(?={$this->ldel}){$this->ldel}\*([\S\s]*?)\*{$this->rdel})+([^>]*?)(?!{$this->ldel})>|
{$this->ldel}{$phpEndScript}/", $this->data, $match, PREG_OFFSET_CAPTURE,
$this->counter);
if (isset($match[0][1])) {
$to = $match[0][1];
}
@@ -969,12 +987,13 @@
7 => 0,
8 => 0,
9 => 0,
- 10 => 0,
+ 10 => 4,
+ 15 => 0,
);
if ($this->counter >= strlen($this->data)) {
return false; // end of input
}
- $yy_global_pattern = "/\G(" . $this->ldel . "\\s*literal\\s*" .
$this->rdel . ")|\G(" . $this->ldel . "\\s*\/literal\\s*" .
$this->rdel . ")|
\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|
(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<%)|\G(%>)|
\G([\S\s])/iS";
+ $yy_global_pattern = "/\G(" . $this->ldel . "\\s*literal\\s*" .
$this->rdel . ")|\G(" . $this->ldel . "\\s*\/literal\\s*" .
$this->rdel . ")|
\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|
(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<%)|\G(%>)|
\G(<(([^>]*?)(?=" . $this->ldel . ")" . $this->ldel . "\\*([\S\s]*?)\\*" .
$this->rdel . ")+([^>]*?)(?!" . $this->ldel . ")>)|\G([\S\s])/iS";
do {
if (preg_match($yy_global_pattern, $this->data, $yymatches,
null, $this->counter)) {
@@ -1087,9 +1106,24 @@
function yy_r3_10($yy_subpatterns)
{
+ $clean =
preg_replace("/{$this->ldel}\*([\S\s]*?)\*{$this->rdel}/", '',
$this->value);
+ if
(preg_match("/<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>/",
$clean, $match)) {
+ $this->phpValue = $match[0];
+ $this->is_phpScript = true;
+ $this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
+ } else {
+ preg_match("/([\S\s]*?)(?={$this->ldel})/", $this->value,
$match);
+ $this->value = $match[0];
+ $this->token = Smarty_Internal_Templateparser::TP_TEXT;
+ }
+ }
+
+ function yy_r3_15($yy_subpatterns)
+ {
+
$phpEndScript = $this->is_phpScript ? '|<\\/script>' : '';
$to = strlen($this->data);
- preg_match("/{$this->ldel}\/?literal{$this->rdel}|<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>{$phpEndScript}/",
$this->data, $match, PREG_OFFSET_CAPTURE, $this->counter);
+ preg_match("/<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>|
<(([^>]*?)(?={$this->ldel}){$this->ldel}\*([\S\s]*?)\*{$this->rdel})+([^>]*?)(?!{$this->ldel})>|
{$this->ldel}\/?literal{$this->rdel}{$phpEndScript}/", $this->data, $match,
PREG_OFFSET_CAPTURE, $this->counter);
if (isset($match[0][1])) {
$to = $match[0][1];
} else {
=======================================
--- /trunk/development/lexer/smarty_internal_templatelexer.plex Tue Oct 7
22:07:15 2014 UTC
+++ /trunk/development/lexer/smarty_internal_templatelexer.plex Sun Oct 12
14:11:34 2014 UTC
@@ -20,6 +20,7 @@
public $line;
public $taglineno;
public $is_phpScript = false;
+ public $phpValue = '';
public $state = 1;
public $smarty;
private $heredoc_id_stack = Array();
@@ -119,6 +120,7 @@
phpstarttag = /(<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>)|
(<\?(?:php\w+|=|[a-zA-Z]+)?)/
phpendtag = /\?>/
phpendscript = /<\/script>/
+ scriptcomment =
/<(([^>]*?)(?=SMARTYldel)SMARTYldel\*([\S\s]*?)\*SMARTYrdel)+([^>]*?)(?!SMARTYldel)>/
aspstarttag = /<%/
aspendtag = /%>/
slash = /\//
@@ -284,6 +286,7 @@
if ($script) {
$this->is_phpScript = true;
}
+ $this->phpValue = $this->value;
$this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
} elseif ($this->value == '<?xml') {
$this->token = Smarty_Internal_Templateparser::TP_XMLTAG;
@@ -310,10 +313,22 @@
aspendtag {
$this->token = Smarty_Internal_Templateparser::TP_ASPENDTAG;
}
+ scriptcomment {
+ $clean =
preg_replace("/{$this->ldel}\*([\S\s]*?)\*{$this->rdel}/",'',$this->value);
+ if
(preg_match("/<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>/",$clean,$match))
{
+ $this->phpValue = $match[0];
+ $this->is_phpScript = true;
+ $this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
+ } else {
+ preg_match("/([\S\s]*?)(?={$this->ldel})/",$this->value,$match);
+ $this->value = $match[0];
+ $this->token = Smarty_Internal_Templateparser::TP_TEXT;
+ }
+ }
text {
$phpEndScript = $this->is_phpScript ? '|<\\/script>' : '';
$to = strlen($this->data);
- preg_match("/{$this->ldel}|<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>{$phpEndScript}/",$this->data,$match,PREG_OFFSET_CAPTURE,$this->counter);
+ preg_match("/<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>|
<(([^>]*?)(?={$this->ldel}){$this->ldel}\*([\S\s]*?)\*{$this->rdel})+([^>]*?)(?!{$this->ldel})>|
{$this->ldel}{$phpEndScript}/",$this->data,$match,PREG_OFFSET_CAPTURE,$this->counter);
if (isset($match[0][1])) {
$to = $match[0][1];
}
@@ -609,10 +624,22 @@
aspendtag {
$this->token = Smarty_Internal_Templateparser::TP_ASPENDTAG;
}
+ scriptcomment {
+ $clean =
preg_replace("/{$this->ldel}\*([\S\s]*?)\*{$this->rdel}/",'',$this->value);
+ if
(preg_match("/<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>/",$clean,$match))
{
+ $this->phpValue = $match[0];
+ $this->is_phpScript = true;
+ $this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
+ } else {
+ preg_match("/([\S\s]*?)(?={$this->ldel})/",$this->value,$match);
+ $this->value = $match[0];
+ $this->token = Smarty_Internal_Templateparser::TP_TEXT;
+ }
+ }
text {
$phpEndScript = $this->is_phpScript ? '|<\\/script>' : '';
$to = strlen($this->data);
- preg_match("/{$this->ldel}\/?literal{$this->rdel}|<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>{$phpEndScript}/",$this->data,$match,PREG_OFFSET_CAPTURE,$this->counter);
+ preg_match("/<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>|
<(([^>]*?)(?={$this->ldel}){$this->ldel}\*([\S\s]*?)\*{$this->rdel})+([^>]*?)(?!{$this->ldel})>|
{$this->ldel}\/?literal{$this->rdel}{$phpEndScript}/",$this->data,$match,PREG_OFFSET_CAPTURE,$this->counter);
if (isset($match[0][1])) {
$to = $match[0][1];
} else {
=======================================
--- /trunk/development/lexer/smarty_internal_templateparser.php Tue Oct 7
22:20:21 2014 UTC
+++ /trunk/development/lexer/smarty_internal_templateparser.php Sun Oct 12
14:11:34 2014 UTC
@@ -3313,13 +3313,13 @@
#line 152 "smarty_internal_templateparser.y"
function yy_r7()
{
- if (strpos($this->yystack[$this->yyidx + 0]->minor, '<s') === 0) {
+ if (strpos($this->lex->phpValue, '<s') === 0) {
$this->lex->is_phpScript = true;
}
if ($this->php_handling == Smarty::PHP_PASSTHRU) {
- $this->_retvalue = new _smarty_text($this,
self::escape_start_tag($this->yystack[$this->yyidx + 0]->minor));
+ $this->_retvalue = new _smarty_text($this,
self::escape_start_tag($this->lex->phpValue));
} elseif ($this->php_handling == Smarty::PHP_QUOTE) {
- $this->_retvalue = new _smarty_text($this,
htmlspecialchars($this->yystack[$this->yyidx + 0]->minor, ENT_QUOTES));
+ $this->_retvalue = new _smarty_text($this,
htmlspecialchars($this->lex->phpValue, ENT_QUOTES));
} elseif ($this->php_handling == Smarty::PHP_ALLOW) {
if (!($this->smarty instanceof SmartyBC)) {
$this->compiler->trigger_template_error(self::Err3);
=======================================
--- /trunk/development/lexer/smarty_internal_templateparser.y Tue Oct 7
22:20:21 2014 UTC
+++ /trunk/development/lexer/smarty_internal_templateparser.y Sun Oct 12
14:11:34 2014 UTC
@@ -69,7 +69,6 @@
}
}
-
%token_prefix TP_
%parse_accept
@@ -78,6 +77,7 @@
$this->internalError = false;
$this->retvalue = $this->_retvalue;
//echo $this->retvalue."\n\n";
+
}
%syntax_error
@@ -150,13 +150,13 @@
// '<?php' | '<script language=php>' tag
template_element(res)::= PHPSTARTTAG(st). {
- if (strpos(st, '<s') === 0) {
+ if (strpos($this->lex->phpValue, '<s') === 0) {
$this->lex->is_phpScript = true;
}
if ($this->php_handling == Smarty::PHP_PASSTHRU) {
- res = new _smarty_text($this, self::escape_start_tag(st));
+ res = new _smarty_text($this,
self::escape_start_tag($this->lex->phpValue));
} elseif ($this->php_handling == Smarty::PHP_QUOTE) {
- res = new _smarty_text($this, htmlspecialchars(st, ENT_QUOTES));
+ res = new _smarty_text($this,
htmlspecialchars($this->lex->phpValue, ENT_QUOTES));
} elseif ($this->php_handling == Smarty::PHP_ALLOW) {
if (!($this->smarty instanceof SmartyBC)) {
$this->compiler->trigger_template_error (self::Err3);
=======================================
--- /trunk/distribution/change_log.txt Thu Oct 9 21:37:21 2014 UTC
+++ /trunk/distribution/change_log.txt Sun Oct 12 14:11:34 2014 UTC
@@ -1,4 +1,7 @@
===== 3.1.21-dev ===== (xx.xx.2014)
+ 12.10.2014
+ - bugfix a comment like "<script{*foo*} language=php>" bypassed
$php_handling checking (Thue Kristensen)
+
===== 3.1.20 ===== (09.10.2014)
08.10.2014
- bugfix security mode of "<script language=php>" must be controlled by
$php_handling property (Thue Kristensen)
=======================================
--- /trunk/distribution/libs/sysplugins/smarty_internal_templatelexer.php
Tue Oct 7 22:07:15 2014 UTC
+++ /trunk/distribution/libs/sysplugins/smarty_internal_templatelexer.php
Sun Oct 12 14:11:34 2014 UTC
@@ -21,6 +21,7 @@
public $line;
public $taglineno;
public $is_phpScript = false;
+ public $phpValue = '';
public $state = 1;
public $smarty;
private $heredoc_id_stack = Array();
@@ -164,12 +165,13 @@
20 => 0,
21 => 0,
22 => 0,
- 23 => 0,
+ 23 => 4,
+ 28 => 0,
);
if ($this->counter >= strlen($this->data)) {
return false; // end of input
}
- $yy_global_pattern = "/\G(\\{\\})|\G(" .
$this->ldel . "\\*([\S\s]*?)\\*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*strip\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*\/strip\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*literal\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*(if|elseif|else if|while)\\s+)|\G(" .
$this->ldel . "\\s*for\\s+)|\G(" . $this->ldel . "\\s*foreach(?![^\s]))|
\G(" . $this->ldel . "\\s*setfilter\\s+)|\G(" . $this->ldel . "\\s*\/)|
\G(" . $this->ldel . "\\s*)|
\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|
(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<\/script>)|
\G(\\s*" . $this->rdel . ")|\G(<%)|\G(%>)|\G([\S\s])/iS";
+ $yy_global_pattern = "/\G(\\{\\})|\G(" .
$this->ldel . "\\*([\S\s]*?)\\*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*strip\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*\/strip\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*literal\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*(if|elseif|else if|while)\\s+)|\G(" .
$this->ldel . "\\s*for\\s+)|\G(" . $this->ldel . "\\s*foreach(?![^\s]))|
\G(" . $this->ldel . "\\s*setfilter\\s+)|\G(" . $this->ldel . "\\s*\/)|
\G(" . $this->ldel . "\\s*)|
\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|
(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<\/script>)|
\G(\\s*" . $this->rdel . ")|\G(<%)|\G(%>)|\G(<(([^>]*?)(?=" .
$this->ldel . ")" . $this->ldel . "\\*([\S\s]*?)\\*" .
$this->rdel . ")+([^>]*?)(?!" . $this->ldel . ")>)|\G([\S\s])/iS";
do {
if (preg_match($yy_global_pattern, $this->data, $yymatches,
null, $this->counter)) {
@@ -341,6 +343,7 @@
if ($script) {
$this->is_phpScript = true;
}
+ $this->phpValue = $this->value;
$this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
} elseif ($this->value == '<?xml') {
$this->token = Smarty_Internal_Templateparser::TP_XMLTAG;
@@ -389,9 +392,24 @@
function yy_r1_23($yy_subpatterns)
{
+ $clean =
preg_replace("/{$this->ldel}\*([\S\s]*?)\*{$this->rdel}/", '',
$this->value);
+ if
(preg_match("/<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>/",
$clean, $match)) {
+ $this->phpValue = $match[0];
+ $this->is_phpScript = true;
+ $this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
+ } else {
+ preg_match("/([\S\s]*?)(?={$this->ldel})/", $this->value,
$match);
+ $this->value = $match[0];
+ $this->token = Smarty_Internal_Templateparser::TP_TEXT;
+ }
+ }
+
+ function yy_r1_28($yy_subpatterns)
+ {
+
$phpEndScript = $this->is_phpScript ? '|<\\/script>' : '';
$to = strlen($this->data);
- preg_match("/{$this->ldel}|<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>{$phpEndScript}/",
$this->data, $match, PREG_OFFSET_CAPTURE, $this->counter);
+ preg_match("/<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>|
<(([^>]*?)(?={$this->ldel}){$this->ldel}\*([\S\s]*?)\*{$this->rdel})+([^>]*?)(?!{$this->ldel})>|
{$this->ldel}{$phpEndScript}/", $this->data, $match, PREG_OFFSET_CAPTURE,
$this->counter);
if (isset($match[0][1])) {
$to = $match[0][1];
}
@@ -969,12 +987,13 @@
7 => 0,
8 => 0,
9 => 0,
- 10 => 0,
+ 10 => 4,
+ 15 => 0,
);
if ($this->counter >= strlen($this->data)) {
return false; // end of input
}
- $yy_global_pattern = "/\G(" . $this->ldel . "\\s*literal\\s*" .
$this->rdel . ")|\G(" . $this->ldel . "\\s*\/literal\\s*" .
$this->rdel . ")|
\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|
(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<%)|\G(%>)|
\G([\S\s])/iS";
+ $yy_global_pattern = "/\G(" . $this->ldel . "\\s*literal\\s*" .
$this->rdel . ")|\G(" . $this->ldel . "\\s*\/literal\\s*" .
$this->rdel . ")|
\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|
(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<%)|\G(%>)|
\G(<(([^>]*?)(?=" . $this->ldel . ")" . $this->ldel . "\\*([\S\s]*?)\\*" .
$this->rdel . ")+([^>]*?)(?!" . $this->ldel . ")>)|\G([\S\s])/iS";
do {
if (preg_match($yy_global_pattern, $this->data, $yymatches,
null, $this->counter)) {
@@ -1087,9 +1106,24 @@
function yy_r3_10($yy_subpatterns)
{
+ $clean =
preg_replace("/{$this->ldel}\*([\S\s]*?)\*{$this->rdel}/", '',
$this->value);
+ if
(preg_match("/<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>/",
$clean, $match)) {
+ $this->phpValue = $match[0];
+ $this->is_phpScript = true;
+ $this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
+ } else {
+ preg_match("/([\S\s]*?)(?={$this->ldel})/", $this->value,
$match);
+ $this->value = $match[0];
+ $this->token = Smarty_Internal_Templateparser::TP_TEXT;
+ }
+ }
+
+ function yy_r3_15($yy_subpatterns)
+ {
+
$phpEndScript = $this->is_phpScript ? '|<\\/script>' : '';
$to = strlen($this->data);
- preg_match("/{$this->ldel}\/?literal{$this->rdel}|<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>{$phpEndScript}/",
$this->data, $match, PREG_OFFSET_CAPTURE, $this->counter);
+ preg_match("/<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>|
<(([^>]*?)(?={$this->ldel}){$this->ldel}\*([\S\s]*?)\*{$this->rdel})+([^>]*?)(?!{$this->ldel})>|
{$this->ldel}\/?literal{$this->rdel}{$phpEndScript}/", $this->data, $match,
PREG_OFFSET_CAPTURE, $this->counter);
if (isset($match[0][1])) {
$to = $match[0][1];
} else {
=======================================
--- /trunk/distribution/libs/sysplugins/smarty_internal_templateparser.php
Tue Oct 7 22:20:21 2014 UTC
+++ /trunk/distribution/libs/sysplugins/smarty_internal_templateparser.php
Sun Oct 12 14:11:34 2014 UTC
@@ -3313,13 +3313,13 @@
#line 152 "smarty_internal_templateparser.y"
function yy_r7()
{
- if (strpos($this->yystack[$this->yyidx + 0]->minor, '<s') === 0) {
+ if (strpos($this->lex->phpValue, '<s') === 0) {
$this->lex->is_phpScript = true;
}
if ($this->php_handling == Smarty::PHP_PASSTHRU) {
- $this->_retvalue = new _smarty_text($this,
self::escape_start_tag($this->yystack[$this->yyidx + 0]->minor));
+ $this->_retvalue = new _smarty_text($this,
self::escape_start_tag($this->lex->phpValue));
} elseif ($this->php_handling == Smarty::PHP_QUOTE) {
- $this->_retvalue = new _smarty_text($this,
htmlspecialchars($this->yystack[$this->yyidx + 0]->minor, ENT_QUOTES));
+ $this->_retvalue = new _smarty_text($this,
htmlspecialchars($this->lex->phpValue, ENT_QUOTES));
} elseif ($this->php_handling == Smarty::PHP_ALLOW) {
if (!($this->smarty instanceof SmartyBC)) {
$this->compiler->trigger_template_error(self::Err3);
Author: Uwe....@googlemail.com
Date: Sun Oct 12 14:11:34 2014 UTC
Log: [No log message]
https://code.google.com/p/smarty-php/source/detail?r=4892
Modified:
/trunk/development/lexer/smarty_internal_templatelexer.php
/trunk/development/lexer/smarty_internal_templatelexer.plex
/trunk/development/lexer/smarty_internal_templateparser.php
/trunk/development/lexer/smarty_internal_templateparser.y
/trunk/distribution/change_log.txt
/trunk/distribution/libs/sysplugins/smarty_internal_templatelexer.php
/trunk/distribution/libs/sysplugins/smarty_internal_templateparser.php
=======================================
--- /trunk/development/lexer/smarty_internal_templatelexer.php Tue Oct 7
22:07:15 2014 UTC
+++ /trunk/development/lexer/smarty_internal_templatelexer.php Sun Oct 12
14:11:34 2014 UTC
@@ -21,6 +21,7 @@
public $line;
public $taglineno;
public $is_phpScript = false;
+ public $phpValue = '';
public $state = 1;
public $smarty;
private $heredoc_id_stack = Array();
@@ -164,12 +165,13 @@
20 => 0,
21 => 0,
22 => 0,
- 23 => 0,
+ 23 => 4,
+ 28 => 0,
);
if ($this->counter >= strlen($this->data)) {
return false; // end of input
}
- $yy_global_pattern = "/\G(\\{\\})|\G(" .
$this->ldel . "\\*([\S\s]*?)\\*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*strip\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*\/strip\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*literal\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*(if|elseif|else if|while)\\s+)|\G(" .
$this->ldel . "\\s*for\\s+)|\G(" . $this->ldel . "\\s*foreach(?![^\s]))|
\G(" . $this->ldel . "\\s*setfilter\\s+)|\G(" . $this->ldel . "\\s*\/)|
\G(" . $this->ldel . "\\s*)|
\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|
(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<\/script>)|
\G(\\s*" . $this->rdel . ")|\G(<%)|\G(%>)|\G([\S\s])/iS";
+ $yy_global_pattern = "/\G(\\{\\})|\G(" .
$this->ldel . "\\*([\S\s]*?)\\*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*strip\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*\/strip\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*literal\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*(if|elseif|else if|while)\\s+)|\G(" .
$this->ldel . "\\s*for\\s+)|\G(" . $this->ldel . "\\s*foreach(?![^\s]))|
\G(" . $this->ldel . "\\s*setfilter\\s+)|\G(" . $this->ldel . "\\s*\/)|
\G(" . $this->ldel . "\\s*)|
\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|
(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<\/script>)|
\G(\\s*" . $this->rdel . ")|\G(<%)|\G(%>)|\G(<(([^>]*?)(?=" .
$this->ldel . ")" . $this->ldel . "\\*([\S\s]*?)\\*" .
$this->rdel . ")+([^>]*?)(?!" . $this->ldel . ")>)|\G([\S\s])/iS";
do {
if (preg_match($yy_global_pattern, $this->data, $yymatches,
null, $this->counter)) {
@@ -341,6 +343,7 @@
if ($script) {
$this->is_phpScript = true;
}
+ $this->phpValue = $this->value;
$this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
} elseif ($this->value == '<?xml') {
$this->token = Smarty_Internal_Templateparser::TP_XMLTAG;
@@ -389,9 +392,24 @@
function yy_r1_23($yy_subpatterns)
{
+ $clean =
preg_replace("/{$this->ldel}\*([\S\s]*?)\*{$this->rdel}/", '',
$this->value);
+ if
(preg_match("/<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>/",
$clean, $match)) {
+ $this->phpValue = $match[0];
+ $this->is_phpScript = true;
+ $this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
+ } else {
+ preg_match("/([\S\s]*?)(?={$this->ldel})/", $this->value,
$match);
+ $this->value = $match[0];
+ $this->token = Smarty_Internal_Templateparser::TP_TEXT;
+ }
+ }
+
+ function yy_r1_28($yy_subpatterns)
+ {
+
$phpEndScript = $this->is_phpScript ? '|<\\/script>' : '';
$to = strlen($this->data);
- preg_match("/{$this->ldel}|<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>{$phpEndScript}/",
$this->data, $match, PREG_OFFSET_CAPTURE, $this->counter);
+ preg_match("/<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>|
<(([^>]*?)(?={$this->ldel}){$this->ldel}\*([\S\s]*?)\*{$this->rdel})+([^>]*?)(?!{$this->ldel})>|
{$this->ldel}{$phpEndScript}/", $this->data, $match, PREG_OFFSET_CAPTURE,
$this->counter);
if (isset($match[0][1])) {
$to = $match[0][1];
}
@@ -969,12 +987,13 @@
7 => 0,
8 => 0,
9 => 0,
- 10 => 0,
+ 10 => 4,
+ 15 => 0,
);
if ($this->counter >= strlen($this->data)) {
return false; // end of input
}
- $yy_global_pattern = "/\G(" . $this->ldel . "\\s*literal\\s*" .
$this->rdel . ")|\G(" . $this->ldel . "\\s*\/literal\\s*" .
$this->rdel . ")|
\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|
(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<%)|\G(%>)|
\G([\S\s])/iS";
+ $yy_global_pattern = "/\G(" . $this->ldel . "\\s*literal\\s*" .
$this->rdel . ")|\G(" . $this->ldel . "\\s*\/literal\\s*" .
$this->rdel . ")|
\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|
(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<%)|\G(%>)|
\G(<(([^>]*?)(?=" . $this->ldel . ")" . $this->ldel . "\\*([\S\s]*?)\\*" .
$this->rdel . ")+([^>]*?)(?!" . $this->ldel . ")>)|\G([\S\s])/iS";
do {
if (preg_match($yy_global_pattern, $this->data, $yymatches,
null, $this->counter)) {
@@ -1087,9 +1106,24 @@
function yy_r3_10($yy_subpatterns)
{
+ $clean =
preg_replace("/{$this->ldel}\*([\S\s]*?)\*{$this->rdel}/", '',
$this->value);
+ if
(preg_match("/<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>/",
$clean, $match)) {
+ $this->phpValue = $match[0];
+ $this->is_phpScript = true;
+ $this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
+ } else {
+ preg_match("/([\S\s]*?)(?={$this->ldel})/", $this->value,
$match);
+ $this->value = $match[0];
+ $this->token = Smarty_Internal_Templateparser::TP_TEXT;
+ }
+ }
+
+ function yy_r3_15($yy_subpatterns)
+ {
+
$phpEndScript = $this->is_phpScript ? '|<\\/script>' : '';
$to = strlen($this->data);
- preg_match("/{$this->ldel}\/?literal{$this->rdel}|<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>{$phpEndScript}/",
$this->data, $match, PREG_OFFSET_CAPTURE, $this->counter);
+ preg_match("/<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>|
<(([^>]*?)(?={$this->ldel}){$this->ldel}\*([\S\s]*?)\*{$this->rdel})+([^>]*?)(?!{$this->ldel})>|
{$this->ldel}\/?literal{$this->rdel}{$phpEndScript}/", $this->data, $match,
PREG_OFFSET_CAPTURE, $this->counter);
if (isset($match[0][1])) {
$to = $match[0][1];
} else {
=======================================
--- /trunk/development/lexer/smarty_internal_templatelexer.plex Tue Oct 7
22:07:15 2014 UTC
+++ /trunk/development/lexer/smarty_internal_templatelexer.plex Sun Oct 12
14:11:34 2014 UTC
@@ -20,6 +20,7 @@
public $line;
public $taglineno;
public $is_phpScript = false;
+ public $phpValue = '';
public $state = 1;
public $smarty;
private $heredoc_id_stack = Array();
@@ -119,6 +120,7 @@
phpstarttag = /(<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>)|
(<\?(?:php\w+|=|[a-zA-Z]+)?)/
phpendtag = /\?>/
phpendscript = /<\/script>/
+ scriptcomment =
/<(([^>]*?)(?=SMARTYldel)SMARTYldel\*([\S\s]*?)\*SMARTYrdel)+([^>]*?)(?!SMARTYldel)>/
aspstarttag = /<%/
aspendtag = /%>/
slash = /\//
@@ -284,6 +286,7 @@
if ($script) {
$this->is_phpScript = true;
}
+ $this->phpValue = $this->value;
$this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
} elseif ($this->value == '<?xml') {
$this->token = Smarty_Internal_Templateparser::TP_XMLTAG;
@@ -310,10 +313,22 @@
aspendtag {
$this->token = Smarty_Internal_Templateparser::TP_ASPENDTAG;
}
+ scriptcomment {
+ $clean =
preg_replace("/{$this->ldel}\*([\S\s]*?)\*{$this->rdel}/",'',$this->value);
+ if
(preg_match("/<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>/",$clean,$match))
{
+ $this->phpValue = $match[0];
+ $this->is_phpScript = true;
+ $this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
+ } else {
+ preg_match("/([\S\s]*?)(?={$this->ldel})/",$this->value,$match);
+ $this->value = $match[0];
+ $this->token = Smarty_Internal_Templateparser::TP_TEXT;
+ }
+ }
text {
$phpEndScript = $this->is_phpScript ? '|<\\/script>' : '';
$to = strlen($this->data);
- preg_match("/{$this->ldel}|<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>{$phpEndScript}/",$this->data,$match,PREG_OFFSET_CAPTURE,$this->counter);
+ preg_match("/<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>|
<(([^>]*?)(?={$this->ldel}){$this->ldel}\*([\S\s]*?)\*{$this->rdel})+([^>]*?)(?!{$this->ldel})>|
{$this->ldel}{$phpEndScript}/",$this->data,$match,PREG_OFFSET_CAPTURE,$this->counter);
if (isset($match[0][1])) {
$to = $match[0][1];
}
@@ -609,10 +624,22 @@
aspendtag {
$this->token = Smarty_Internal_Templateparser::TP_ASPENDTAG;
}
+ scriptcomment {
+ $clean =
preg_replace("/{$this->ldel}\*([\S\s]*?)\*{$this->rdel}/",'',$this->value);
+ if
(preg_match("/<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>/",$clean,$match))
{
+ $this->phpValue = $match[0];
+ $this->is_phpScript = true;
+ $this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
+ } else {
+ preg_match("/([\S\s]*?)(?={$this->ldel})/",$this->value,$match);
+ $this->value = $match[0];
+ $this->token = Smarty_Internal_Templateparser::TP_TEXT;
+ }
+ }
text {
$phpEndScript = $this->is_phpScript ? '|<\\/script>' : '';
$to = strlen($this->data);
- preg_match("/{$this->ldel}\/?literal{$this->rdel}|<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>{$phpEndScript}/",$this->data,$match,PREG_OFFSET_CAPTURE,$this->counter);
+ preg_match("/<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>|
<(([^>]*?)(?={$this->ldel}){$this->ldel}\*([\S\s]*?)\*{$this->rdel})+([^>]*?)(?!{$this->ldel})>|
{$this->ldel}\/?literal{$this->rdel}{$phpEndScript}/",$this->data,$match,PREG_OFFSET_CAPTURE,$this->counter);
if (isset($match[0][1])) {
$to = $match[0][1];
} else {
=======================================
--- /trunk/development/lexer/smarty_internal_templateparser.php Tue Oct 7
22:20:21 2014 UTC
+++ /trunk/development/lexer/smarty_internal_templateparser.php Sun Oct 12
14:11:34 2014 UTC
@@ -3313,13 +3313,13 @@
#line 152 "smarty_internal_templateparser.y"
function yy_r7()
{
- if (strpos($this->yystack[$this->yyidx + 0]->minor, '<s') === 0) {
+ if (strpos($this->lex->phpValue, '<s') === 0) {
$this->lex->is_phpScript = true;
}
if ($this->php_handling == Smarty::PHP_PASSTHRU) {
- $this->_retvalue = new _smarty_text($this,
self::escape_start_tag($this->yystack[$this->yyidx + 0]->minor));
+ $this->_retvalue = new _smarty_text($this,
self::escape_start_tag($this->lex->phpValue));
} elseif ($this->php_handling == Smarty::PHP_QUOTE) {
- $this->_retvalue = new _smarty_text($this,
htmlspecialchars($this->yystack[$this->yyidx + 0]->minor, ENT_QUOTES));
+ $this->_retvalue = new _smarty_text($this,
htmlspecialchars($this->lex->phpValue, ENT_QUOTES));
} elseif ($this->php_handling == Smarty::PHP_ALLOW) {
if (!($this->smarty instanceof SmartyBC)) {
$this->compiler->trigger_template_error(self::Err3);
=======================================
--- /trunk/development/lexer/smarty_internal_templateparser.y Tue Oct 7
22:20:21 2014 UTC
+++ /trunk/development/lexer/smarty_internal_templateparser.y Sun Oct 12
14:11:34 2014 UTC
@@ -69,7 +69,6 @@
}
}
-
%token_prefix TP_
%parse_accept
@@ -78,6 +77,7 @@
$this->internalError = false;
$this->retvalue = $this->_retvalue;
//echo $this->retvalue."\n\n";
+
}
%syntax_error
@@ -150,13 +150,13 @@
// '<?php' | '<script language=php>' tag
template_element(res)::= PHPSTARTTAG(st). {
- if (strpos(st, '<s') === 0) {
+ if (strpos($this->lex->phpValue, '<s') === 0) {
$this->lex->is_phpScript = true;
}
if ($this->php_handling == Smarty::PHP_PASSTHRU) {
- res = new _smarty_text($this, self::escape_start_tag(st));
+ res = new _smarty_text($this,
self::escape_start_tag($this->lex->phpValue));
} elseif ($this->php_handling == Smarty::PHP_QUOTE) {
- res = new _smarty_text($this, htmlspecialchars(st, ENT_QUOTES));
+ res = new _smarty_text($this,
htmlspecialchars($this->lex->phpValue, ENT_QUOTES));
} elseif ($this->php_handling == Smarty::PHP_ALLOW) {
if (!($this->smarty instanceof SmartyBC)) {
$this->compiler->trigger_template_error (self::Err3);
=======================================
--- /trunk/distribution/change_log.txt Thu Oct 9 21:37:21 2014 UTC
+++ /trunk/distribution/change_log.txt Sun Oct 12 14:11:34 2014 UTC
@@ -1,4 +1,7 @@
===== 3.1.21-dev ===== (xx.xx.2014)
+ 12.10.2014
+ - bugfix a comment like "<script{*foo*} language=php>" bypassed
$php_handling checking (Thue Kristensen)
+
===== 3.1.20 ===== (09.10.2014)
08.10.2014
- bugfix security mode of "<script language=php>" must be controlled by
$php_handling property (Thue Kristensen)
=======================================
--- /trunk/distribution/libs/sysplugins/smarty_internal_templatelexer.php
Tue Oct 7 22:07:15 2014 UTC
+++ /trunk/distribution/libs/sysplugins/smarty_internal_templatelexer.php
Sun Oct 12 14:11:34 2014 UTC
@@ -21,6 +21,7 @@
public $line;
public $taglineno;
public $is_phpScript = false;
+ public $phpValue = '';
public $state = 1;
public $smarty;
private $heredoc_id_stack = Array();
@@ -164,12 +165,13 @@
20 => 0,
21 => 0,
22 => 0,
- 23 => 0,
+ 23 => 4,
+ 28 => 0,
);
if ($this->counter >= strlen($this->data)) {
return false; // end of input
}
- $yy_global_pattern = "/\G(\\{\\})|\G(" .
$this->ldel . "\\*([\S\s]*?)\\*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*strip\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*\/strip\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*literal\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*(if|elseif|else if|while)\\s+)|\G(" .
$this->ldel . "\\s*for\\s+)|\G(" . $this->ldel . "\\s*foreach(?![^\s]))|
\G(" . $this->ldel . "\\s*setfilter\\s+)|\G(" . $this->ldel . "\\s*\/)|
\G(" . $this->ldel . "\\s*)|
\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|
(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<\/script>)|
\G(\\s*" . $this->rdel . ")|\G(<%)|\G(%>)|\G([\S\s])/iS";
+ $yy_global_pattern = "/\G(\\{\\})|\G(" .
$this->ldel . "\\*([\S\s]*?)\\*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*strip\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*\/strip\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*literal\\s*" . $this->rdel . ")|\G(" .
$this->ldel . "\\s*(if|elseif|else if|while)\\s+)|\G(" .
$this->ldel . "\\s*for\\s+)|\G(" . $this->ldel . "\\s*foreach(?![^\s]))|
\G(" . $this->ldel . "\\s*setfilter\\s+)|\G(" . $this->ldel . "\\s*\/)|
\G(" . $this->ldel . "\\s*)|
\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|
(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<\/script>)|
\G(\\s*" . $this->rdel . ")|\G(<%)|\G(%>)|\G(<(([^>]*?)(?=" .
$this->ldel . ")" . $this->ldel . "\\*([\S\s]*?)\\*" .
$this->rdel . ")+([^>]*?)(?!" . $this->ldel . ")>)|\G([\S\s])/iS";
do {
if (preg_match($yy_global_pattern, $this->data, $yymatches,
null, $this->counter)) {
@@ -341,6 +343,7 @@
if ($script) {
$this->is_phpScript = true;
}
+ $this->phpValue = $this->value;
$this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
} elseif ($this->value == '<?xml') {
$this->token = Smarty_Internal_Templateparser::TP_XMLTAG;
@@ -389,9 +392,24 @@
function yy_r1_23($yy_subpatterns)
{
+ $clean =
preg_replace("/{$this->ldel}\*([\S\s]*?)\*{$this->rdel}/", '',
$this->value);
+ if
(preg_match("/<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>/",
$clean, $match)) {
+ $this->phpValue = $match[0];
+ $this->is_phpScript = true;
+ $this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
+ } else {
+ preg_match("/([\S\s]*?)(?={$this->ldel})/", $this->value,
$match);
+ $this->value = $match[0];
+ $this->token = Smarty_Internal_Templateparser::TP_TEXT;
+ }
+ }
+
+ function yy_r1_28($yy_subpatterns)
+ {
+
$phpEndScript = $this->is_phpScript ? '|<\\/script>' : '';
$to = strlen($this->data);
- preg_match("/{$this->ldel}|<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>{$phpEndScript}/",
$this->data, $match, PREG_OFFSET_CAPTURE, $this->counter);
+ preg_match("/<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>|
<(([^>]*?)(?={$this->ldel}){$this->ldel}\*([\S\s]*?)\*{$this->rdel})+([^>]*?)(?!{$this->ldel})>|
{$this->ldel}{$phpEndScript}/", $this->data, $match, PREG_OFFSET_CAPTURE,
$this->counter);
if (isset($match[0][1])) {
$to = $match[0][1];
}
@@ -969,12 +987,13 @@
7 => 0,
8 => 0,
9 => 0,
- 10 => 0,
+ 10 => 4,
+ 15 => 0,
);
if ($this->counter >= strlen($this->data)) {
return false; // end of input
}
- $yy_global_pattern = "/\G(" . $this->ldel . "\\s*literal\\s*" .
$this->rdel . ")|\G(" . $this->ldel . "\\s*\/literal\\s*" .
$this->rdel . ")|
\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|
(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<%)|\G(%>)|
\G([\S\s])/iS";
+ $yy_global_pattern = "/\G(" . $this->ldel . "\\s*literal\\s*" .
$this->rdel . ")|\G(" . $this->ldel . "\\s*\/literal\\s*" .
$this->rdel . ")|
\G((<script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*>)|
(<\\?(?:php\\w+|=|[a-zA-Z]+)?))|\G(\\?>)|\G(<\/script>)|\G(<%)|\G(%>)|
\G(<(([^>]*?)(?=" . $this->ldel . ")" . $this->ldel . "\\*([\S\s]*?)\\*" .
$this->rdel . ")+([^>]*?)(?!" . $this->ldel . ")>)|\G([\S\s])/iS";
do {
if (preg_match($yy_global_pattern, $this->data, $yymatches,
null, $this->counter)) {
@@ -1087,9 +1106,24 @@
function yy_r3_10($yy_subpatterns)
{
+ $clean =
preg_replace("/{$this->ldel}\*([\S\s]*?)\*{$this->rdel}/", '',
$this->value);
+ if
(preg_match("/<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>/",
$clean, $match)) {
+ $this->phpValue = $match[0];
+ $this->is_phpScript = true;
+ $this->token = Smarty_Internal_Templateparser::TP_PHPSTARTTAG;
+ } else {
+ preg_match("/([\S\s]*?)(?={$this->ldel})/", $this->value,
$match);
+ $this->value = $match[0];
+ $this->token = Smarty_Internal_Templateparser::TP_TEXT;
+ }
+ }
+
+ function yy_r3_15($yy_subpatterns)
+ {
+
$phpEndScript = $this->is_phpScript ? '|<\\/script>' : '';
$to = strlen($this->data);
- preg_match("/{$this->ldel}\/?literal{$this->rdel}|<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>{$phpEndScript}/",
$this->data, $match, PREG_OFFSET_CAPTURE, $this->counter);
+ preg_match("/<\?|<%|\?>|%>|
<script\s+language\s*=\s*[\"\']?\s*php\s*[\"\']?\s*>|
<(([^>]*?)(?={$this->ldel}){$this->ldel}\*([\S\s]*?)\*{$this->rdel})+([^>]*?)(?!{$this->ldel})>|
{$this->ldel}\/?literal{$this->rdel}{$phpEndScript}/", $this->data, $match,
PREG_OFFSET_CAPTURE, $this->counter);
if (isset($match[0][1])) {
$to = $match[0][1];
} else {
=======================================
--- /trunk/distribution/libs/sysplugins/smarty_internal_templateparser.php
Tue Oct 7 22:20:21 2014 UTC
+++ /trunk/distribution/libs/sysplugins/smarty_internal_templateparser.php
Sun Oct 12 14:11:34 2014 UTC
@@ -3313,13 +3313,13 @@
#line 152 "smarty_internal_templateparser.y"
function yy_r7()
{
- if (strpos($this->yystack[$this->yyidx + 0]->minor, '<s') === 0) {
+ if (strpos($this->lex->phpValue, '<s') === 0) {
$this->lex->is_phpScript = true;
}
if ($this->php_handling == Smarty::PHP_PASSTHRU) {
- $this->_retvalue = new _smarty_text($this,
self::escape_start_tag($this->yystack[$this->yyidx + 0]->minor));
+ $this->_retvalue = new _smarty_text($this,
self::escape_start_tag($this->lex->phpValue));
} elseif ($this->php_handling == Smarty::PHP_QUOTE) {
- $this->_retvalue = new _smarty_text($this,
htmlspecialchars($this->yystack[$this->yyidx + 0]->minor, ENT_QUOTES));
+ $this->_retvalue = new _smarty_text($this,
htmlspecialchars($this->lex->phpValue, ENT_QUOTES));
} elseif ($this->php_handling == Smarty::PHP_ALLOW) {
if (!($this->smarty instanceof SmartyBC)) {
$this->compiler->trigger_template_error(self::Err3);
Reply all
Reply to author
Forward
0 new messages