From: garvinhicking Date: Wed, 21 Jun 2006 12:03:37 +0000 (+0000) Subject: Upgrade to Smarty 2.6.14 X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=82cb62738b342f8cd010eec3d4553efb5b1ed96e;p=s9y.git Upgrade to Smarty 2.6.14 --- diff --git a/bundled-libs/Smarty/ChangeLog b/bundled-libs/Smarty/ChangeLog index 2b3cf33..41af8fa 100644 --- a/bundled-libs/Smarty/ChangeLog +++ b/bundled-libs/Smarty/ChangeLog @@ -1,3 +1,874 @@ +2006-05-25 boots + + * NEWS + libs/Smarty_Compiler.class.php: + un-hide hidden xml open tags + +2006-05-09 boots + + * NEWS + libs/Smarty_Compiler.class.php: + separate handling of comment blocks from "special blocks" + + * NEWS + libs/plugins/function.popup_init.php: + reverted {popup_init} as proposed change to insertion behviour was not BC + +2006-05-04 boots + + * NEWS + libs/plugins/function.popup_init.php: + changed {popup_init} to only emit code once during a request + + Thanks to TGKnIght from forums + +2006-04-22 Messju Mohr + + * NEWS + libs/Smarty_Compiler.class.php: + fix handling of block-methods of registered objects + thanks to El Hombre Gris + +2006-04-04 Monte Ohrt + + * libs/plugins/function.html_select_date.php: + fix typo + +2006-03-09 Monte Ohrt + + * (Smarty_2_6_13) + NEWS: + update for release + +2006-03-08 Monte Ohrt + + * libs/plugins/modifier.regex_replace.php: + remove delim quote + + * libs/plugins/modifier.regex_replace.php: + fix delimiter issue + +2006-03-03 Monte Ohrt + + * libs/plugins/modifier.regex_replace.php: + use preg_replace to cover any space chars + + * libs/plugins/modifier.regex_replace.php: + fix problem with allowing "e" modifier + +2006-01-29 Messju Mohr + + * libs/Smarty_Compiler.class.php: + removed possiblity for E_NOTICE on an undefined variable in + Smarty_Compiler::_compile_if_tag() - thanks to sbeh + +2006-01-18 Monte Ohrt + + * libs/Config_File.class.php + libs/Smarty.class.php + libs/Smarty_Compiler.class.php: + update version numbers + + * (Smarty_2_6_12) + NEWS: + commit 2.6.12 release + +2006-01-15 Messju Mohr + + * NEWS + libs/Smarty_Compiler.class.php: + fixed use of references $cache_attrs and $repeat in Smarty_Compiler. + + php does not allow to pass an assigned by reference to a function. since + php-5.1.2 + the reference to the lval gets lost when passing an assignment. + +2005-12-31 Messju Mohr + + * NEWS + libs/Smarty.class.php: + fixed incompatible use of fread() in Smarty::_read_file() + it choke on php-5.1.1 and later. + thanks to andig for pointing this out. + +2005-12-21 boots + + * NEWS + libs/Smarty_Compiler.class.php: + Fix improper tokenization of certain inline math expressions. + + Thanks to gerard at forums for reporting this. + +2005-12-19 Messju Mohr + + * libs/plugins/function.math.php: + fixed problem with math in certain LC_NUMERIC locales. + thanks to wiebren for providing problem+solution. + +2005-12-14 Messju Mohr + + * NEWS: + fixed iso-latin1 special chars + +2005-12-14 Monte Ohrt + + * libs/Config_File.class.php + libs/Smarty.class.php + libs/Smarty_Compiler.class.php: + update version numbers + + * (Smarty_2_6_11) + NEWS: + commit NEWS file for 2.6.11 + +2005-12-08 Messju Mohr + + * docs/de/getting-started.xml: + sync with en + +2005-11-29 Messju Mohr + + * NEWS + libs/Smarty_Compiler.class.php: + fixed code generation of non-cacheable blocks to play well with php's + "Alternative syntax" used for example in compiled {if}..{else}..{/if} + blocks. + + (see: http://php.net/manual/en/control-structures.alternative-syntax.php + on "Alternative syntax") + + thanks to kihara from the forum. + +2005-11-26 Messju Mohr + + * NEWS: + fixed handling of multiple identical calls to {insert}. + + the function was called multiple times, but all inserts where replaced + by the results of the first call to the insert function. + + * libs/plugins/compiler.assign.php + libs/plugins/function.config_load.php: + added credits + + * libs/plugins/function.popup.php: + added "closeclick" from + http://www.bosrup.com/web/overlib/?Command_Reference + +2005-11-23 boots + + * NEWS + libs/Config_File.class.php + libs/Smarty.class.php + libs/Smarty_Compiler.class.php + libs/plugins/modifier.escape.php: + replace {} string access with equivalent substr() to avoid E_STRICT + warnings in PHP 5.1 + +2005-11-09 boots + + * NEWS + libs/Smarty.class.php: + return valid reference in get_config_vars() when given var is non-existant + +2005-10-11 Monte Ohrt + + * libs/plugins/block.textformat.php + libs/plugins/compiler.assign.php + libs/plugins/function.assign_debug_info.php + libs/plugins/function.config_load.php + libs/plugins/function.counter.php + libs/plugins/function.eval.php + libs/plugins/function.fetch.php + libs/plugins/function.html_options.php + libs/plugins/function.html_select_date.php + libs/plugins/function.html_select_time.php + libs/plugins/function.math.php + libs/plugins/function.popup.php + libs/plugins/function.popup_init.php + libs/plugins/modifier.capitalize.php + libs/plugins/modifier.count_characters.php + libs/plugins/modifier.count_paragraphs.php + libs/plugins/modifier.count_sentences.php + libs/plugins/modifier.count_words.php + libs/plugins/modifier.date_format.php + libs/plugins/modifier.debug_print_var.php + libs/plugins/modifier.default.php + libs/plugins/modifier.escape.php + libs/plugins/modifier.indent.php + libs/plugins/modifier.lower.php + libs/plugins/modifier.regex_replace.php + libs/plugins/modifier.replace.php + libs/plugins/modifier.spacify.php + libs/plugins/modifier.string_format.php + libs/plugins/modifier.strip_tags.php + libs/plugins/modifier.truncate.php + libs/plugins/modifier.upper.php + libs/plugins/modifier.wordwrap.php + libs/plugins/shared.escape_special_chars.php + libs/plugins/shared.make_timestamp.php: + Added author title to plugins where they don't exist. I put my name where I + was the original or co-author. If there needs to be more credit given + somewhere, speak up! + +2005-10-10 Monte Ohrt + + * NEWS + libs/plugins/function.html_image.php: + add path_prefix to html_image, fix incorrect secure_dir error when image + file is missing + +2005-10-04 Monte Ohrt + + * demo/templates/index.tpl: + remove popup example, update section var syntax + +2005-09-16 Nuno Lopes + + * docs/de/getting-started.xml: + more fixes + + * docs/de/getting-started.xml: + fix php bug #34520: broken example display (de only) + +2005-08-30 Monte Ohrt + + * libs/plugins/modifier.escape.php: + change default charset from utf8 to iso-8859-1 + + * NEWS + libs/plugins/modifier.escape.php: + add char_set param + +2005-08-17 Monte Ohrt + + * NEWS: + fix notice in debug security check + + * libs/Smarty.class.php: + fix typo + + * NEWS + libs/Smarty.class.php: + return valid reference in get_template_vars() when given var is + non-existant + +2005-08-12 Monte Ohrt + + * NEWS + libs/plugins/modifier.escape.php: + add "urlpathinfo" escape type to escape modifier. (apache does not like %2F + in the PATH_INFO) + +2005-08-05 Monte Ohrt + + * NEWS + libs/Config_File.class.php + libs/Smarty.class.php + libs/Smarty_Compiler.class.php: + update version numbers + +2005-08-04 Monte Ohrt + + * NEWS: + update secure_dir notes + + * NEWS: + allow debug.tpl to work from arbitrary dir + +2005-08-04 Messju Mohr + + * NEWS + libs/Smarty_Compiler.class.php: + fixed proper escaping for literal strings passed to + Smarty_Compiler::_expand_quoted_text() by + Smarty_Compiler::_parse_var_props() + +2005-07-27 Messju Mohr + + * NEWS + libs/plugins/shared.make_timestamp.php: + removed ambiguity for numeric values passed to smarty_make_timestamp(). + numeric values are *always* treated as timestamps now. + +2005-07-18 Messju Mohr + + * libs/Config_File.class.php: + removed E_NOTICE from Config_File::get() + + * libs/Smarty.class.php: + removed E_NOTICE + +2005-07-10 Yannick Torres + + * docs/fr/getting-started.xml: + sync with EN + +2005-07-08 Monte Ohrt + + * NEWS: + correct username in NEWS file + + * NEWS + libs/plugins/function.html_select_date.php: + added passthru attribute feature to html_select_date + +2005-07-03 Yannick Torres + + * docs/fr/language-snippets.ent + docs/fr/preface.xml: + sync with EN + +2005-06-16 Messju Mohr + + * docs/de/preface.xml + docs/de/preface.xml: + sync with en + +2005-06-13 Monte Ohrt + + * NEWS + libs/plugins/modifier.truncate.php: + add "middle" parameter to truncate modifier + +2005-06-10 Messju Mohr + + * docs/de/livedocs.ent: + added german livedocs.ent + + * docs/de/language-snippets.ent + docs/de/preface.xml: + sync with en + +2005-06-09 Messju Mohr + + * docs/de/bookinfo.xml + docs/de/getting-started.xml + docs/de/getting-started.xml: + sync with en + +2005-05-24 Yannick Torres + + * docs/fr/getting-started.xml + docs/fr/language-snippets.ent: + sync with EN + +2005-05-20 Monte Ohrt + + * libs/plugins/function.html_radios.php: + fix allowable label id characters + +2005-05-06 Monte Ohrt + + * NEWS + libs/plugins/function.html_radios.php: + make form input label ids optional (monte) + +2005-05-02 Monte Ohrt + + * NEWS + libs/Smarty_Compiler.class.php: + add error message for empty if/elseif statements + +2005-04-15 Monte Ohrt + + * NEWS + libs/plugins/function.html_radios.php: + cast selected value to string for comparison in html_radios + +2005-04-07 Messju Mohr + + * NEWS + libs/plugins/function.html_select_date.php: + added xhtml compliance to html_select_date's year_as_text-feature + thanks to Mark West + + * NEWS + libs/plugins/function.html_select_date.php: + fixed handling of selected month html_select_date + thanks to Yuri Weseman for providing problem+solution + +2005-04-07 Nuno Lopes + + * docs/configure.in: + sync configure and file-entities scripts with phpdoc, for better + windows/cygwin support + +2005-03-31 Monte Ohrt + + * libs/Config_File.class.php + libs/Smarty.class.php + libs/Smarty_Compiler.class.php: + update version numbers + + * (Smarty_2_6_9) + NEWS: + update NEWS file + +2005-03-30 Messju Mohr + + * libs/plugins/function.math.php: + re-enabled hex-constant. i hope in a sane way this time. + +2005-03-30 Monte Ohrt + + * libs/plugins/function.math.php: + fix function testing logic + + * libs/Smarty_Compiler.class.php: + disable variable func calls completely + + * libs/Smarty_Compiler.class.php: + disallow variable func calls when security is enabled + +2005-03-22 Messju Mohr + + * NEWS + libs/Config_File.class.php + libs/Smarty.class.php + libs/Smarty_Compiler.class.php: + bumped version-number to 2.6.9-dev + added headline of 2.6.6 release to NEWS file + +2005-03-21 Messju Mohr + + * (Smarty_2_6_8) + NEWS: + maybe even better this way. thanks monte :) + + * NEWS: + little more clear news-entry + +2005-03-21 Monte Ohrt + + * NEWS: + update NEWS with e-modifier removal + + * (Smarty_2_6_8) + libs/plugins/modifier.regex_replace.php: + remove e-modifier + +2005-03-19 Messju Mohr + + * NEWS + libs/Smarty_Compiler.class.php: + objects don't get casted to arrays anymore in {foreach} + +2005-02-26 Messju Mohr + + * NEWS + libs/Smarty.class.php: + add "null" as a valid token for {if} when security is enabled + +2005-02-25 Monte Ohrt + + * NEWS + libs/plugins/function.mailto.php: + add javascript_charcode option to mailto + +2005-02-24 Monte Ohrt + + * NEWS: + update NEWS file + + * QUICK_START + libs/plugins/function.html_radios.php: + add label ids to html_radios + +2005-02-10 Monte Ohrt + + * QUICK_START: + update with directory structure + +2005-02-10 Nuno Lopes + + * docs/Makefile.in: + fix chm generation + +2005-02-10 Messju Mohr + + * libs/Smarty_Compiler.class.php: + fixed too agressive {strip} around delimiters inside strip-blocks + +2005-02-10 Monte Ohrt + + * QUICK_START: + fix a couple errors + +2005-02-10 Nuno Lopes + + * docs/Makefile.in + docs/README: + commiting the new tools to make the CHM manual. + +2005-02-09 Messju Mohr + + * NEWS + libs/Smarty_Compiler.class.php: + fixed handling of strip-tags with non-default delimiters + +2005-02-04 Messju Mohr + + * libs/plugins/function.html_radios.php: + fixed syntax error. shame on me. + +2005-02-03 Monte Ohrt + + * QUICK_START: + fix example + + * QUICK_START: + initial commit + + * RELEASE_NOTES + libs/Config_File.class.php + libs/Smarty.class.php + libs/Smarty_Compiler.class.php: + update version numbers in cvs + + * (Smarty_2_6_7) + NEWS + libs/Config_File.class.php + libs/Smarty.class.php + libs/Smarty_Compiler.class.php: + commit version numbers for new release + +2005-02-03 Messju Mohr + + * (Smarty_2_6_7) + libs/plugins/function.html_image.php: + fixed comment (thanks to CirTap) + +2005-02-01 Monte Ohrt + + * libs/plugins/function.html_image.php: + remove border tag + +2005-02-01 Messju Mohr + + * libs/Smarty.class.php: + fixed serialization of values containing newlines (like _cache_attrs) + in core_write_cache_file() + + bumped version to 2.6.6-dev-3 to indicate that the fileformat of cache + has changed + +2005-01-30 Messju Mohr + + * NEWS + libs/Smarty_Compiler.class.php: + fixed handling of hashed opening php-tags inside strip-blocks + (reported by titi_rafa) + +2005-01-30 Nuno Lopes + + * docs/fr/language-snippets.ent: + fix build + +2005-01-28 Messju Mohr + + * NEWS + libs/plugins/modifier.escape.php: + escape:url now uses the (RFC 1738 compliant) rawurlencode() + +2005-01-23 Messju Mohr + + * libs/Smarty.class.php: + replaced ? true : false and removed intermediate $_cookie_var in the + handling of the SMARTY_DEBUG-cookie + +2005-01-22 Yannick Torres + + * docs/fr/bookinfo.xml: + update EN-Revision tag + +2005-01-21 Monte Ohrt + + * README + RELEASE_NOTES + docs/de/bookinfo.xml + docs/fr/bookinfo.xml + libs/Smarty.class.php + libs/Smarty_Compiler.class.php + libs/plugins/function.cycle.php + libs/plugins/function.debug.php + libs/plugins/function.html_checkboxes.php + libs/plugins/function.html_image.php + libs/plugins/function.html_radios.php + libs/plugins/function.html_table.php + libs/plugins/function.mailto.php + libs/plugins/modifier.cat.php + libs/plugins/modifier.nl2br.php + libs/plugins/modifier.strip.php + libs/plugins/outputfilter.trimwhitespace.php: + de-spammify e-mails + + * README + RELEASE_NOTES + docs/de/bookinfo.xml + docs/fr/bookinfo.xml + libs/Config_File.class.php + libs/Smarty.class.php + libs/Smarty_Compiler.class.php + libs/plugins/function.cycle.php + libs/plugins/function.debug.php + libs/plugins/function.html_checkboxes.php + libs/plugins/function.html_image.php + libs/plugins/function.html_radios.php + libs/plugins/function.html_table.php + libs/plugins/function.mailto.php + libs/plugins/modifier.cat.php + libs/plugins/modifier.nl2br.php + libs/plugins/modifier.strip.php + libs/plugins/outputfilter.trimwhitespace.php: + update copyright notices, e-mail addresses + +2005-01-06 Messju Mohr + + * libs/Smarty_Compiler.class.php: + reduced the code that is generated on a {foreach}-block that has a + name. + + instead of pre-computing all foreach-properties (like first, last, + show) on each iteration, they are computed on demand as soon as + {$smarty.foreach.*}-variables are used. + + * NEWS + libs/Smarty_Compiler.class.php: + slight optimization in the compilation of $smarty.const.FOO . + + more complex consts like $smarty.const.$name still compile to + constant($this->_tpl_vars['name']) + +2005-01-05 Messju Mohr + + * NEWS + libs/Smarty_Compiler.class.php: + make block functions and registered objects' block methods use a + local variable for block_content instead of $this->_block_content + + it's not necessary to have $smarty->_block_content accessible. + +2005-01-04 Yannick Torres + + * docs/fr/bookinfo.xml: + sync with EN + +2005-01-01 Messju Mohr + + * libs/Config_File.class.php + libs/Smarty.class.php + libs/Smarty_Compiler.class.php: + Happy new year from germany. + +2004-12-28 Monte Ohrt + + * libs/Smarty.class.php: + fix _read_file comments + +2004-12-26 Yannick Torres + + * docs/fr/getting-started.xml + docs/fr/preface.xml: + typo + + * docs/fr/language-defs.ent + docs/fr/language-snippets.ent + docs/fr/livedocs.ent: + sync with EN & typo + +2004-12-21 Yannick Torres + + * docs/fr/bookinfo.xml + docs/fr/getting-started.xml + docs/fr/translation.xml: + sync with EN + +2004-12-17 Messju Mohr + + * NEWS + libs/Smarty_Compiler.class.php: + fixed escaping of template-filenames in the generated code that loads + needed plugins + +2004-12-15 Monte Ohrt + + * NEWS + libs/plugins/function.popup.php: + fix invalid HTML issue with popup + +2004-12-06 boots + + * NEWS + libs/plugins/function.popup.php: + - fixed {popup} to properly handle inarray and function parameters and + added support for mouseoff and followmouse options + +2004-11-21 Mehdi Achour + + * docs/fr/livedocs.ent: + add livedocs specific entities files + +2004-11-16 Messju Mohr + + * libs/plugins/function.html_checkboxes.php + libs/plugins/function.html_radios.php: + cleaned up typecasting + +2004-11-15 Messju Mohr + + * libs/plugins/function.html_options.php: + fixed semantically misleading check for $options (use isset() instead + of is_array() because it is always an array). + + thanks to albert almeida. + +2004-11-08 Messju Mohr + + * libs/Smarty_Compiler.class.php: + removed unused code + +2004-10-25 Mehdi Achour + + * docs/fr/bookinfo.xml + docs/fr/getting-started.xml: + sync with en + +2004-10-13 Monte Ohrt + + * NEWS: + update header + +2004-10-02 Messju Mohr + + * NEWS: + fixed nocache-handling with nested includes. there was a logical error + in the replacement of internal nocache-tags to dynamic content that + lead to false results with deeply nested includes or with + nocache-blocks inside nocache-blocks. + + many thanks to Lars Jankowfsky for providing big help on reproducing + and tracking down this bug! + +2004-10-01 Messju Mohr + + * libs/Smarty.class.php + libs/Smarty_Compiler.class.php: + - better header for compiled includes (more in line with compiled + templates) + + - reuse cache_serials if a file is compiled more than once in one + process (force_compile) + + - don't print nocache-delimiters wenn already inside + process_cached_inserts() + +2004-09-29 Messju Mohr + + * libs/Smarty.class.php: + switched from @count() to !empty() . this was pointed out a few times + by a few people with buggy error-handlers + + * libs/Smarty_Compiler.class.php: + added some property declarations + +2004-09-28 Messju Mohr + + * libs/Smarty.class.php: + bumped up version number to reflect incompatibility in tempfiles of + 'core' vs. 'internals' + +2004-09-24 Messju Mohr + + * libs/plugins/function.html_select_date.php: + fixed $start_year when no value for the year in $time is given. + +2004-09-21 Messju Mohr + + * libs/plugins/function.html_table.php: + fixed handling of "inner"-attribute + + * libs/Smarty_Compiler.class.php: + fixed handling of object derefence inside backticks + +2004-09-20 Monte Ohrt + + * libs/debug.tpl: + add tags + +2004-09-18 boots + + * libs/Smarty.class.php + libs/Smarty_Compiler.class.php + libs/plugins/function.config_load.php + libs/plugins/function.debug.php + libs/plugins/function.fetch.php + libs/plugins/function.html_image.php: + Fixed \\r\\n line endings mistakenly introduced in last commit. d'oh. + +2004-09-16 boots + + * NEWS + libs/Smarty.class.php + libs/Smarty_Compiler.class.php + libs/core/core.assemble_plugin_filepath.php + libs/core/core.assign_smarty_interface.php + libs/core/core.create_dir_structure.php + libs/core/core.display_debug_console.php + libs/core/core.get_include_path.php + libs/core/core.get_microtime.php + libs/core/core.get_php_resource.php + libs/core/core.is_secure.php + libs/core/core.is_trusted.php + libs/core/core.load_plugins.php + libs/core/core.load_resource_plugin.php + libs/core/core.process_cached_inserts.php + libs/core/core.process_compiled_include.php + libs/core/core.read_cache_file.php + libs/core/core.rm_auto.php + libs/core/core.rmdir.php + libs/core/core.run_insert_handler.php + libs/core/core.smarty_include_php.php + libs/core/core.write_cache_file.php + libs/core/core.write_compiled_include.php + libs/core/core.write_compiled_resource.php + libs/core/core.write_file.php + libs/plugins/function.config_load.php + libs/plugins/function.debug.php + libs/plugins/function.fetch.php + libs/plugins/function.html_image.php: + Moved /libs/core to /libs/internals and created new constant, + SMARTY_CORE_DIR which defaults to SMARTY_DIR/internals. This should help + CVS and rsynch users butupgrades will require changes and this may affect + 3rd party plugins that use the /core dir. + +2004-09-15 Messju Mohr + + * NEWS + libs/Smarty_Compiler.class.php: + moved $this->_num_const_regexp out of $this->_var_regexp and added it + to the places that affect $this->_var_regexp + + this should fix some problems parsing plugin-names endings with digits + +2004-09-14 Messju Mohr + + * libs/Config_File.class.php + libs/Smarty.class.php + libs/Smarty_Compiler.class.php: + update files to 2.6.6-dev + +2004-09-13 Messju Mohr + + * NEWS: + fixed typo + +2004-09-13 Monte Ohrt + + * (Smarty_2_6_5) + NEWS: + update NEWS file with parsing correction note + 2004-09-11 Messju Mohr * libs/plugins/function.debug.php: @@ -2849,7 +3720,7 @@ * libs/Smarty.class.php libs/Smarty_Compiler.class.php: - added CVS $Id: ChangeLog,v 1.2 2004/11/19 11:05:24 garvinhicking Exp $ + added CVS $Id: ChangeLog,v 1.417 2006/05/26 05:32:07 changelog Exp $ 2003-03-31 Messju Mohr diff --git a/bundled-libs/Smarty/NEWS b/bundled-libs/Smarty/NEWS index 75c4d31..e8e4df3 100644 --- a/bundled-libs/Smarty/NEWS +++ b/bundled-libs/Smarty/NEWS @@ -1,10 +1,112 @@ +- un-hide hidden xml open tags (boots) +- fix handling of block-methods of registered objects (El Hombre Gris, + messju) + +Version 2.6.13 (March 9th, 2006) +-------------------------------- + + - update regex_replace, removing possible use of "e" modifier + +Version 2.6.12 (Jan 18th, 2006) +------------------------------- + + - fix improper use of references in the compiler handling cached + attributes and in compiled code handling block plugins (messju) + - make Smarty::_read_file() work on latest php (messju) + - fixed improper tokenization of certain inline math expressions (boots) + +Version 2.6.11 (Dec 14, 2005) +----------------------------- + + - fixed code generation of non-cacheable blocks to play well with php's + "Alternative syntax for control structures" (kihara, messju) + - fix handling of multiple identical inserts in one display()-call (messju) + - replace {} string access with equivalent substr() to avoid E_STRICT + warnings in PHP 5.1 (boots) + - return valid reference in get_config_vars() when given var is + non-existant (Thomas Schulz, boots) + - plugin html_image: fix incorrect secure_dir error when + file doesn't exist (monte) + - plugin html_image: add path_prefix param (monte) + - add char_set parameter to escape modifier (Loading, monte) + - fix notice in debug security check (Drakla, monte) + - return valid reference in get_template_vars() when given var is + non-existant (monte) + - add escape type "urlpathinfo" to escape modifier (monte) + +Version 2.6.10 (Aug 5, 2005) +---------------------------- + + - allow secure_dir to be a filename, not just + a directory name (monte) + - set debug.tpl as a secure_dir, not the entire + SMARTY_DIR (monte) + - fix proper escaping for literal strings in + Smarty_Compiler::_parse_var_props() (boots, messju) + - remove ambiguity for numeric values passed to smarty_make_timestamp() + (and thus the date_format modifier). numeric values are treated as + timestamps now. (andreas, messju) + - add passthru attribute feature to html_select_date (Sedgar, + monte) + - add "middle" parameter to truncate (monte) + - make form input label ids optional (monte) + - add error message for empty if/elseif statements (eykanal, + monte) + - cast selected value to string for comparison in html_radios + (Exeption, monte) + - updated html_select_date's year_as_text-feature to be xhtml compliant + (Mark West, messju) + - fix handling of selected month html_select_date (Yuri Weseman, messju) + +Version 2.6.9 (Mar 31, 2005) +---------------------------- + + - disallow variable function calls in {if} statements (messju, monte) + - disallow variable function calls in {math} equations (messju, monte) + +Version 2.6.8 (Mar 21, 2005) +---------------------------- + + - remove e-modifier from regex_replace modifier (messju) + - remove cast of object to array in foreach's from-attribute (messju) + - add "null" as a valid token for {if} when security is enabled (messju) + - add javascript_charcode encoding option to mailto function + (monte) + - add ids to html_radios labels (monte, menulis) + - fix handling of strip-tags with non-default delimiters (Mark West, messju) + +Version 2.6.7 (Feb 3, 2005) +--------------------------- + + - fix handling of hashed opening php-tags inside strip-blocks (messju) + - removed border tag from html_image function (monte) + - change escape:url use rawurlencode() instead of urlencode() (messju) + - make $smarty.const.FOO compile to "FOO", and not to "constant('foo')". + this is less code and a little faster execution. note that undefined + constants are now displayed as the constant's name. (messju) + - make block functions and registered objects' block methods use a + local variable for block_content instead of a property of $smarty (messju) + - fix escaping in the generated code that calls smarty_core_load_plugins + (jes5199, messju) + - fix invalid HTML issue with popup (Stefanos Harhalakis, + Monte) + - fixed {popup} to properly handle inarray and function parameters and added + support for mouseoff and followmouse options (boots) + +Version 2.6.6 (Oct 13, 2004) +---------------------------- + + - fixed nocache-handling with nested includes (Lars Jankowfsky, messju) + - moved /libs/core to /libs/internals (boots) + - fixed more parsing problems (messju) + Version 2.6.5 (Sept 13, 2004) ----------------------------- - fixed some parsing problems with object calls introduced in 2.6.4 (Monte) - add $smarty->security_settings['ALLOW_CONSTANTS']. note: this - defaults to false which means you have to allow them explicitely + defaults to false which means you have to allow them explicitly in your secured templates from now on! (messju) Version 2.6.4 (Sept 7, 2004) diff --git a/bundled-libs/Smarty/README b/bundled-libs/Smarty/README index 10ff6ea..7d3e56e 100644 --- a/bundled-libs/Smarty/README +++ b/bundled-libs/Smarty/README @@ -6,7 +6,7 @@ VERSION: 2.6.0 AUTHORS: - Monte Ohrt + Monte Ohrt Andrei Zmievski MAILING LISTS: @@ -75,6 +75,6 @@ DESCRIPTION: * and many more. COPYRIGHT: - Copyright (c) 2001,2002 ispi of Lincoln, Inc. All rights reserved. + Copyright (c) 2001-2005 New Digital Group, Inc. All rights reserved. This software is released under the GNU Lesser General Public License. Please read the disclaimer at the top of the Smarty.class.php file. diff --git a/bundled-libs/Smarty/RELEASE_NOTES b/bundled-libs/Smarty/RELEASE_NOTES index d5e95f5..2cc9896 100644 --- a/bundled-libs/Smarty/RELEASE_NOTES +++ b/bundled-libs/Smarty/RELEASE_NOTES @@ -1,3 +1,8 @@ +2.6.7 +----- + +Those using Smarty with security enabled: a hole was found that allowed PHP code to be executed from within a template file. This has been fixed and you are engouraged to upgrade immediately. Note that this hole does NOT affect the security of your web server or PHP applications, only the ability for someone editing a template to execute PHP code. Other changes in this release can be found in the NEWS file. + 2.5.0 ----- @@ -328,7 +333,7 @@ your copy of Smarty.) Documentation is written in docbook format. I updated the docbook -> HTML generating software & style-sheets, and consequently the examples are no longer in a different background color. If anyone wants to contribute a better -stylesheet or help with documentation, drop me a line. +stylesheet or help with documentation, drop me a line. CHANGES/ENHANCEMENTS/UPDATES diff --git a/bundled-libs/Smarty/libs/Config_File.class.php b/bundled-libs/Smarty/libs/Config_File.class.php index 923508a..622c0e8 100644 --- a/bundled-libs/Smarty/libs/Config_File.class.php +++ b/bundled-libs/Smarty/libs/Config_File.class.php @@ -18,14 +18,14 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * @link http://smarty.php.net/ - * @version 2.6.9 + * @version 2.6.14 * @copyright Copyright: 2001-2005 New Digital Group, Inc. * @author Andrei Zmievski * @access public * @package Smarty */ -/* $Id: Config_File.class.php,v 1.4 2005/04/01 08:38:11 tomsommer Exp $ */ +/* $Id: Config_File.class.php,v 1.84 2006/01/18 19:02:52 mohrt Exp $ */ /** * Config file reading class @@ -105,7 +105,7 @@ class Config_File { * @param string $var_name (optional) variable to get info for * @return string|array a value or array of values */ - function &get($file_name, $section_name = NULL, $var_name = NULL) + function get($file_name, $section_name = NULL, $var_name = NULL) { if (empty($file_name)) { $this->_trigger_error_msg('Empty config file name'); @@ -285,9 +285,9 @@ class Config_File { $line = $lines[$i]; if (empty($line)) continue; - if ( $line{0} == '[' && preg_match('!^\[(.*?)\]!', $line, $match) ) { + if ( substr($line, 0, 1) == '[' && preg_match('!^\[(.*?)\]!', $line, $match) ) { /* section found */ - if ($match[1]{0} == '.') { + if (substr($match[1], 0, 1) == '.') { /* hidden section */ if ($this->read_hidden) { $section_name = substr($match[1], 1); @@ -347,7 +347,7 @@ class Config_File { */ function _set_config_var(&$container, $var_name, $var_value, $booleanize) { - if ($var_name{0} == '.') { + if (substr($var_name, 0, 1) == '.') { if (!$this->read_hidden) return; else diff --git a/bundled-libs/Smarty/libs/Smarty.class.php b/bundled-libs/Smarty/libs/Smarty.class.php index 54628f1..47ec24e 100644 --- a/bundled-libs/Smarty/libs/Smarty.class.php +++ b/bundled-libs/Smarty/libs/Smarty.class.php @@ -27,10 +27,10 @@ * @author Monte Ohrt * @author Andrei Zmievski * @package Smarty - * @version 2.6.9 + * @version 2.6.14 */ -/* $Id: Smarty.class.php,v 1.4 2005/04/01 08:38:11 tomsommer Exp $ */ +/* $Id: Smarty.class.php,v 1.524 2006/01/18 19:02:52 mohrt Exp $ */ /** * DIR_SEP isn't used anymore, but third party apps might @@ -464,7 +464,7 @@ class Smarty * * @var string */ - var $_version = '2.6.9'; + var $_version = '2.6.14'; /** * current template inclusion depth @@ -1055,9 +1055,12 @@ class Smarty { if(!isset($name)) { return $this->_tpl_vars; - } - if(isset($this->_tpl_vars[$name])) { + } elseif(isset($this->_tpl_vars[$name])) { return $this->_tpl_vars[$name]; + } else { + // var non-existant, return valid reference + $_tmp = null; + return $_tmp; } } @@ -1074,6 +1077,10 @@ class Smarty return $this->_config[0]['vars']; } else if(isset($this->_config[0]['vars'][$name])) { return $this->_config[0]['vars'][$name]; + } else { + // var non-existant, return valid reference + $_tmp = null; + return $_tmp; } } @@ -1691,8 +1698,8 @@ class Smarty */ function _dequote($string) { - if (($string{0} == "'" || $string{0} == '"') && - $string{strlen($string)-1} == $string{0}) + if ((substr($string, 0, 1) == "'" || substr($string, 0, 1) == '"') && + substr($string, -1) == substr($string, 0, 1)) return substr($string, 1, -1); else return $string; @@ -1708,7 +1715,10 @@ class Smarty function _read_file($filename) { if ( file_exists($filename) && ($fd = @fopen($filename, 'rb')) ) { - $contents = ($size = filesize($filename)) ? fread($fd, $size) : ''; + $contents = ''; + while (!feof($fd)) { + $contents .= fread($fd, 8192); + } fclose($fd); return $contents; } else { @@ -1889,7 +1899,7 @@ class Smarty if ($this->_cache_including) { /* return next set of cache_attrs */ - $_return =& current($_cache_attrs); + $_return = current($_cache_attrs); next($_cache_attrs); return $_return; diff --git a/bundled-libs/Smarty/libs/Smarty_Compiler.class.php b/bundled-libs/Smarty/libs/Smarty_Compiler.class.php index acc3de8..cbcbddb 100644 --- a/bundled-libs/Smarty/libs/Smarty_Compiler.class.php +++ b/bundled-libs/Smarty/libs/Smarty_Compiler.class.php @@ -21,12 +21,12 @@ * @link http://smarty.php.net/ * @author Monte Ohrt * @author Andrei Zmievski - * @version 2.6.9 + * @version 2.6.14 * @copyright 2001-2005 New Digital Group, Inc. * @package Smarty */ -/* $Id: Smarty_Compiler.class.php,v 1.4 2005/04/01 08:38:12 tomsommer Exp $ */ +/* $Id: Smarty_Compiler.class.php,v 1.381 2006/05/25 14:46:18 boots Exp $ */ /** * Template compiling class @@ -240,6 +240,9 @@ class Smarty_Compiler extends Smarty { $ldq = preg_quote($this->left_delimiter, '~'); $rdq = preg_quote($this->right_delimiter, '~'); + /* un-hide hidden xml open tags */ + $source_content = preg_replace("~<({$ldq}(.*?){$rdq})[?]~s", '< \\1', $source_content); + // run template source through prefilter functions if (count($this->_plugins['prefilter']) > 0) { foreach ($this->_plugins['prefilter'] as $filter_name => $prefilter) { @@ -361,7 +364,7 @@ class Smarty_Compiler extends Smarty { $compiled_content .= $text_blocks[$i]; // remove \n from the end of the file, if any - if (($_len=strlen($compiled_content)) && ($compiled_content{$_len - 1} == "\n" )) { + if (strlen($compiled_content) && (substr($compiled_content, -1) == "\n") ) { $compiled_content = substr($compiled_content, 0, -1); } @@ -425,7 +428,7 @@ class Smarty_Compiler extends Smarty { function _compile_tag($template_tag) { /* Matched comment. */ - if ($template_tag{0} == '*' && $template_tag{strlen($template_tag) - 1} == '*') + if (substr($template_tag, 0, 1) == '*' && substr($template_tag, -1) == '*') return ''; /* Split tag into two three parts: command, command modifiers and the arguments. */ @@ -529,7 +532,7 @@ class Smarty_Compiler extends Smarty { case 'strip': case '/strip': - if ($tag_command{0}=='/') { + if (substr($tag_command, 0, 1)=='/') { $this->_pop_tag('strip'); if (--$this->_strip_depth==0) { /* outermost closing {/strip} */ $this->_additional_newline = "\n"; @@ -664,7 +667,7 @@ class Smarty_Compiler extends Smarty { */ function _compile_block_tag($tag_command, $tag_args, $tag_modifier, &$output) { - if ($tag_command{0} == '/') { + if (substr($tag_command, 0, 1) == '/') { $start_tag = false; $tag_command = substr($tag_command, 1); } else @@ -726,17 +729,18 @@ class Smarty_Compiler extends Smarty { if ($start_tag) { $output = '_push_cacheable_state('block', $tag_command); $attrs = $this->_parse_attrs($tag_args); - $arg_list = $this->_compile_arg_list('block', $tag_command, $attrs, $_cache_attrs=''); + $_cache_attrs=''; + $arg_list = $this->_compile_arg_list('block', $tag_command, $attrs, $_cache_attrs); $output .= "$_cache_attrs\$this->_tag_stack[] = array('$tag_command', array(".implode(',', $arg_list).')); '; - $output .= $this->_compile_plugin_call('block', $tag_command).'($this->_tag_stack[count($this->_tag_stack)-1][1], null, $this, $_block_repeat=true);'; + $output .= '$_block_repeat=true;' . $this->_compile_plugin_call('block', $tag_command).'($this->_tag_stack[count($this->_tag_stack)-1][1], null, $this, $_block_repeat);'; $output .= 'while ($_block_repeat) { ob_start(); ?>'; } else { $output = '_compile_plugin_call('block', $tag_command).'($this->_tag_stack[count($this->_tag_stack)-1][1], $_block_content, $this, $_block_repeat=false)'; + $_out_tag_text = $this->_compile_plugin_call('block', $tag_command).'($this->_tag_stack[count($this->_tag_stack)-1][1], $_block_content, $this, $_block_repeat)'; if ($tag_modifier != '') { $this->_parse_modifiers($_out_tag_text, $tag_modifier); } - $output .= 'echo '.$_out_tag_text.'; } '; + $output .= '$_block_repeat=false;echo ' . $_out_tag_text . '; } '; $output .= " array_pop(\$this->_tag_stack); " . $this->_pop_cacheable_state('block', $tag_command) . '?>'; } @@ -801,7 +805,8 @@ class Smarty_Compiler extends Smarty { $_cacheable_state = $this->_push_cacheable_state('function', $tag_command); $attrs = $this->_parse_attrs($tag_args); - $arg_list = $this->_compile_arg_list('function', $tag_command, $attrs, $_cache_attrs=''); + $_cache_attrs = ''; + $arg_list = $this->_compile_arg_list('function', $tag_command, $attrs, $_cache_attrs); $output = $this->_compile_plugin_call('function', $tag_command).'(array('.implode(',', $arg_list)."), \$this)"; if($tag_modifier != '') { @@ -826,7 +831,7 @@ class Smarty_Compiler extends Smarty { */ function _compile_registered_object_tag($tag_command, $attrs, $tag_modifier) { - if ($tag_command{0} == '/') { + if (substr($tag_command, 0, 1) == '/') { $start_tag = false; $tag_command = substr($tag_command, 1); } else { @@ -874,13 +879,13 @@ class Smarty_Compiler extends Smarty { // block method if ($start_tag) { $prefix = "\$this->_tag_stack[] = array('$obj_comp', $args); "; - $prefix .= "\$this->_reg_objects['$object'][0]->$obj_comp(\$this->_tag_stack[count(\$this->_tag_stack)-1][1], null, \$this, \$_block_repeat=true); "; + $prefix .= "\$_block_repeat=true; \$this->_reg_objects['$object'][0]->$obj_comp(\$this->_tag_stack[count(\$this->_tag_stack)-1][1], null, \$this, \$_block_repeat); "; $prefix .= "while (\$_block_repeat) { ob_start();"; $return = null; $postfix = ''; - } else { - $prefix = "\$_obj_block_content = ob_get_contents(); ob_end_clean(); "; - $return = "\$this->_reg_objects['$object'][0]->$obj_comp(\$this->_tag_stack[count(\$this->_tag_stack)-1][1], \$_obj_block_content, \$this, \$_block_repeat=false)"; + } else { + $prefix = "\$_obj_block_content = ob_get_contents(); ob_end_clean(); \$_block_repeat=false;"; + $return = "\$this->_reg_objects['$object'][0]->$obj_comp(\$this->_tag_stack[count(\$this->_tag_stack)-1][1], \$_obj_block_content, \$this, \$_block_repeat)"; $postfix = "} array_pop(\$this->_tag_stack);"; } } else { @@ -1250,6 +1255,13 @@ class Smarty_Compiler extends Smarty { $tokens = $match[0]; + if(empty($tokens)) { + $_error_msg = $elseif ? "'elseif'" : "'if'"; + $_error_msg .= ' statement requires arguments'; + $this->_syntax_error($_error_msg, E_USER_ERROR, __FILE__, __LINE__); + } + + // make sure we have balanced parenthesis $token_count = array_count_values($tokens); if(isset($token_count['(']) && $token_count['('] != $token_count[')']) { @@ -1372,7 +1384,7 @@ class Smarty_Compiler extends Smarty { !in_array($token, $this->security_settings['IF_FUNCS'])) { $this->_syntax_error("(secure mode) '$token' not allowed in if statement", E_USER_ERROR, __FILE__, __LINE__); } - } elseif(preg_match('~^' . $this->_var_regexp . '$~', $token) && isset($tokens[$i+1]) && $tokens[$i+1] == '(') { + } elseif(preg_match('~^' . $this->_var_regexp . '$~', $token) && (strpos('+-*/^%&|', substr($token, -1)) === false) && isset($tokens[$i+1]) && $tokens[$i+1] == '(') { // variable function call $this->_syntax_error("variable function call '$token' not allowed in if statement", E_USER_ERROR, __FILE__, __LINE__); } elseif(preg_match('~^' . $this->_obj_call_regexp . '|' . $this->_var_regexp . '(?:' . $this->_mod_regexp . '*)$~', $token)) { @@ -1643,7 +1655,7 @@ class Smarty_Compiler extends Smarty { } elseif(!in_array($val, $this->_permitted_tokens) && !is_numeric($val)) { // literal string - return $this->_expand_quoted_text('"' . $val .'"'); + return $this->_expand_quoted_text('"' . strtr($val, array('\\' => '\\\\', '"' => '\\"')) .'"'); } return $val; } @@ -1723,7 +1735,7 @@ class Smarty_Compiler extends Smarty { } // prevent cutting of first digit in the number (we _definitly_ got a number if the first char is a digit) - if(is_numeric($var_expr{0})) + if(is_numeric(substr($var_expr, 0, 1))) $_var_ref = $var_expr; else $_var_ref = substr($var_expr, 1); @@ -1749,7 +1761,7 @@ class Smarty_Compiler extends Smarty { $_var_name = substr(array_shift($_indexes), 1); $_output = "\$this->_smarty_vars['$_var_name']"; } - } elseif(is_numeric($_var_name) && is_numeric($var_expr{0})) { + } elseif(is_numeric($_var_name) && is_numeric(substr($var_expr, 0, 1))) { // because . is the operator for accessing arrays thru inidizes we need to put it together again for floating point numbers if(count($_indexes) > 0) { @@ -1762,11 +1774,11 @@ class Smarty_Compiler extends Smarty { } foreach ($_indexes as $_index) { - if ($_index{0} == '[') { + if (substr($_index, 0, 1) == '[') { $_index = substr($_index, 1, -1); if (is_numeric($_index)) { $_output .= "[$_index]"; - } elseif ($_index{0} == '$') { + } elseif (substr($_index, 0, 1) == '$') { if (strpos($_index, '.') !== false) { $_output .= '[' . $this->_parse_var($_index) . ']'; } else { @@ -1778,8 +1790,8 @@ class Smarty_Compiler extends Smarty { $_var_section_prop = isset($_var_parts[1]) ? $_var_parts[1] : 'index'; $_output .= "[\$this->_sections['$_var_section']['$_var_section_prop']]"; } - } else if ($_index{0} == '.') { - if ($_index{1} == '$') + } else if (substr($_index, 0, 1) == '.') { + if (substr($_index, 1, 1) == '$') $_output .= "[\$this->_tpl_vars['" . substr($_index, 2) . "']]"; else $_output .= "['" . substr($_index, 1) . "']"; @@ -1788,7 +1800,7 @@ class Smarty_Compiler extends Smarty { $this->_syntax_error('call to internal object members is not allowed', E_USER_ERROR, __FILE__, __LINE__); } elseif($this->security && substr($_index, 2, 1) == '_') { $this->_syntax_error('(secure) call to private object member is not allowed', E_USER_ERROR, __FILE__, __LINE__); - } elseif ($_index{2} == '$') { + } elseif (substr($_index, 2, 1) == '$') { if ($this->security) { $this->_syntax_error('(secure) call to dynamic object member is not allowed', E_USER_ERROR, __FILE__, __LINE__); } else { @@ -1797,7 +1809,7 @@ class Smarty_Compiler extends Smarty { } else { $_output .= $_index; } - } elseif ($_index{0} == '(') { + } elseif (substr($_index, 0, 1) == '(') { $_index = $this->_parse_parenth_args($_index); $_output .= $_index; } else { @@ -1894,7 +1906,7 @@ class Smarty_Compiler extends Smarty { preg_match_all('~:(' . $this->_qstr_regexp . '|[^:]+)~', $modifier_arg_strings[$_i], $_match); $_modifier_args = $_match[1]; - if ($_modifier_name{0} == '@') { + if (substr($_modifier_name, 0, 1) == '@') { $_map_array = false; $_modifier_name = substr($_modifier_name, 1); } else { @@ -1916,10 +1928,10 @@ class Smarty_Compiler extends Smarty { if($_modifier_name == 'default') { // supress notifications of default modifier vars and args - if($output{0} == '$') { + if(substr($output, 0, 1) == '$') { $output = '@' . $output; } - if(isset($_modifier_args[0]) && $_modifier_args[0]{0} == '$') { + if(isset($_modifier_args[0]) && substr($_modifier_args[0], 0, 1) == '$') { $_modifier_args[0] = '@' . $_modifier_args[0]; } } @@ -1971,7 +1983,7 @@ class Smarty_Compiler extends Smarty { /* Extract the reference name. */ $_ref = substr($indexes[0], 1); foreach($indexes as $_index_no=>$_index) { - if ($_index{0} != '.' && $_index_no<2 || !preg_match('~^(\.|\[|->)~', $_index)) { + if (substr($_index, 0, 1) != '.' && $_index_no<2 || !preg_match('~^(\.|\[|->)~', $_index)) { $this->_syntax_error('$smarty' . implode('', array_slice($indexes, 0, 2)) . ' is an invalid reference', E_USER_ERROR, __FILE__, __LINE__); } } @@ -2209,7 +2221,7 @@ class Smarty_Compiler extends Smarty { if (!isset($this->_cache_serial)) $this->_cache_serial = md5(uniqid('Smarty')); $_ret = 'if ($this->caching && !$this->_cache_including) { echo \'{nocache:' . $this->_cache_serial . '#' . $this->_nocache_count - . '}\';}'; + . '}\'; };'; return $_ret; } @@ -2226,7 +2238,7 @@ class Smarty_Compiler extends Smarty { || --$this->_cacheable_state>0) return ''; return 'if ($this->caching && !$this->_cache_including) { echo \'{/nocache:' . $this->_cache_serial . '#' . ($this->_nocache_count++) - . '}\';}'; + . '}\'; };'; } diff --git a/bundled-libs/Smarty/libs/internals/core.create_dir_structure.php b/bundled-libs/Smarty/libs/internals/core.create_dir_structure.php index 999cf59..3eecc49 100644 --- a/bundled-libs/Smarty/libs/internals/core.create_dir_structure.php +++ b/bundled-libs/Smarty/libs/internals/core.create_dir_structure.php @@ -22,7 +22,7 @@ function smarty_core_create_dir_structure($params, &$smarty) /* unix-style paths */ $_dir = $params['dir']; $_dir_parts = preg_split('!/+!', $_dir, -1, PREG_SPLIT_NO_EMPTY); - $_new_dir = ($_dir{0}=='/') ? '/' : getcwd().'/'; + $_new_dir = (substr($_dir, 0, 1)=='/') ? '/' : getcwd().'/'; if($_use_open_basedir = !empty($_open_basedir_ini)) { $_open_basedirs = explode(':', $_open_basedir_ini); } diff --git a/bundled-libs/Smarty/libs/internals/core.display_debug_console.php b/bundled-libs/Smarty/libs/internals/core.display_debug_console.php index a5d7291..1a80f39 100644 --- a/bundled-libs/Smarty/libs/internals/core.display_debug_console.php +++ b/bundled-libs/Smarty/libs/internals/core.display_debug_console.php @@ -23,7 +23,7 @@ function smarty_core_display_debug_console($params, &$smarty) // set path to debug template from SMARTY_DIR $smarty->debug_tpl = SMARTY_DIR . 'debug.tpl'; if($smarty->security && is_file($smarty->debug_tpl)) { - $smarty->secure_dir[] = dirname(realpath($smarty->debug_tpl)); + $smarty->secure_dir[] = realpath($smarty->debug_tpl); } $smarty->debug_tpl = 'file:' . SMARTY_DIR . 'debug.tpl'; } diff --git a/bundled-libs/Smarty/libs/internals/core.is_secure.php b/bundled-libs/Smarty/libs/internals/core.is_secure.php index 342f3af..d54abd4 100644 --- a/bundled-libs/Smarty/libs/internals/core.is_secure.php +++ b/bundled-libs/Smarty/libs/internals/core.is_secure.php @@ -27,18 +27,21 @@ function smarty_core_is_secure($params, &$smarty) foreach ((array)$params['resource_base_path'] as $curr_dir) { if ( ($_cd = realpath($curr_dir)) !== false && strncmp($_rp, $_cd, strlen($_cd)) == 0 && - $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) { + substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) { return true; } } } if (!empty($smarty->secure_dir)) { foreach ((array)$smarty->secure_dir as $curr_dir) { - if ( ($_cd = realpath($curr_dir)) !== false && - strncmp($_rp, $_cd, strlen($_cd)) == 0 && - $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) { - return true; - } + if ( ($_cd = realpath($curr_dir)) !== false) { + if($_cd == $_rp) { + return true; + } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 && + substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) { + return true; + } + } } } } else { diff --git a/bundled-libs/Smarty/libs/internals/core.is_trusted.php b/bundled-libs/Smarty/libs/internals/core.is_trusted.php index f0bd2fb..4299731 100644 --- a/bundled-libs/Smarty/libs/internals/core.is_trusted.php +++ b/bundled-libs/Smarty/libs/internals/core.is_trusted.php @@ -25,7 +25,7 @@ function smarty_core_is_trusted($params, &$smarty) if (!empty($curr_dir) && is_readable ($curr_dir)) { $_cd = realpath($curr_dir); if (strncmp($_rp, $_cd, strlen($_cd)) == 0 - && $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) { + && substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) { $_smarty_trusted = true; break; } diff --git a/bundled-libs/Smarty/libs/internals/core.process_cached_inserts.php b/bundled-libs/Smarty/libs/internals/core.process_cached_inserts.php index 29cb007..1d78edd 100644 --- a/bundled-libs/Smarty/libs/internals/core.process_cached_inserts.php +++ b/bundled-libs/Smarty/libs/internals/core.process_cached_inserts.php @@ -52,7 +52,7 @@ function smarty_core_process_cached_inserts($params, &$smarty) $replace = ''; } - $params['results'] = str_replace($cached_inserts[$i], $replace, $params['results']); + $params['results'] = substr_replace($params['results'], $replace, strpos($params['results'], $cached_inserts[$i]), strlen($cached_inserts[$i])); if ($smarty->debugging) { $_params = array(); require_once(SMARTY_CORE_DIR . 'core.get_microtime.php'); diff --git a/bundled-libs/Smarty/libs/internals/core.process_compiled_include.php b/bundled-libs/Smarty/libs/internals/core.process_compiled_include.php index 3e1d4c1..d539423 100644 --- a/bundled-libs/Smarty/libs/internals/core.process_compiled_include.php +++ b/bundled-libs/Smarty/libs/internals/core.process_compiled_include.php @@ -20,6 +20,11 @@ function smarty_core_process_compiled_include($params, &$smarty) $smarty->_cache_including = true; $_return = $params['results']; + + foreach ($smarty->_cache_info['cache_serials'] as $_include_file_path=>$_cache_serial) { + $smarty->_include($_include_file_path, true); + } + foreach ($smarty->_cache_serials as $_include_file_path=>$_cache_serial) { $_return = preg_replace_callback('!(\{nocache\:('.$_cache_serial.')#(\d+)\})!s', array(&$smarty, '_process_compiled_include_callback'), diff --git a/bundled-libs/Smarty/libs/internals/core.read_cache_file.php b/bundled-libs/Smarty/libs/internals/core.read_cache_file.php index ecb1470..c60e113 100644 --- a/bundled-libs/Smarty/libs/internals/core.read_cache_file.php +++ b/bundled-libs/Smarty/libs/internals/core.read_cache_file.php @@ -90,16 +90,6 @@ function smarty_core_read_cache_file(&$params, &$smarty) } } - foreach ($_cache_info['cache_serials'] as $_include_file_path=>$_cache_serial) { - if (empty($smarty->_cache_serials[$_include_file_path])) { - $smarty->_include($_include_file_path, true); - } - - if ($smarty->_cache_serials[$_include_file_path] != $_cache_serial) { - /* regenerate */ - return false; - } - } $content_cache[$params['tpl_file'].','.$params['cache_id'].','.$params['compile_id']] = array($params['results'], $_cache_info); $smarty->_cache_info = $_cache_info; diff --git a/bundled-libs/Smarty/libs/internals/core.rmdir.php b/bundled-libs/Smarty/libs/internals/core.rmdir.php index 4fdbccc..2166c44 100644 --- a/bundled-libs/Smarty/libs/internals/core.rmdir.php +++ b/bundled-libs/Smarty/libs/internals/core.rmdir.php @@ -32,7 +32,6 @@ function smarty_core_rmdir($params, &$smarty) 'level' => $params['level'] + 1, 'exp_time' => $params['exp_time'] ); - require_once(SMARTY_CORE_DIR . 'core.rmdir.php'); smarty_core_rmdir($_params, $smarty); } else { diff --git a/bundled-libs/Smarty/libs/internals/core.write_compiled_include.php b/bundled-libs/Smarty/libs/internals/core.write_compiled_include.php index 5e0b2e0..3a78094 100644 --- a/bundled-libs/Smarty/libs/internals/core.write_compiled_include.php +++ b/bundled-libs/Smarty/libs/internals/core.write_compiled_include.php @@ -15,8 +15,8 @@ function smarty_core_write_compiled_include($params, &$smarty) { - $_tag_start = 'if \(\$this->caching && \!\$this->_cache_including\) \{ echo \'\{nocache\:('.$params['cache_serial'].')#(\d+)\}\';\}'; - $_tag_end = 'if \(\$this->caching && \!\$this->_cache_including\) \{ echo \'\{/nocache\:(\\2)#(\\3)\}\';\}'; + $_tag_start = 'if \(\$this->caching && \!\$this->_cache_including\) \{ echo \'\{nocache\:('.$params['cache_serial'].')#(\d+)\}\'; \};'; + $_tag_end = 'if \(\$this->caching && \!\$this->_cache_including\) \{ echo \'\{/nocache\:(\\2)#(\\3)\}\'; \};'; preg_match_all('!('.$_tag_start.'(.*)'.$_tag_end.')!Us', $params['compiled_content'], $_match_source, PREG_SET_ORDER); diff --git a/bundled-libs/Smarty/libs/plugins/block.textformat.php b/bundled-libs/Smarty/libs/plugins/block.textformat.php index aaebab2..8cd010a 100644 --- a/bundled-libs/Smarty/libs/plugins/block.textformat.php +++ b/bundled-libs/Smarty/libs/plugins/block.textformat.php @@ -23,6 +23,7 @@ * indent_char: string (" ") * wrap_boundary: boolean (true) * + * @author Monte Ohrt * @param string contents of the block * @param Smarty clever simulation of a method * @return string string $content re-formatted diff --git a/bundled-libs/Smarty/libs/plugins/compiler.assign.php b/bundled-libs/Smarty/libs/plugins/compiler.assign.php index 2e02017..be17298 100644 --- a/bundled-libs/Smarty/libs/plugins/compiler.assign.php +++ b/bundled-libs/Smarty/libs/plugins/compiler.assign.php @@ -13,6 +13,8 @@ * Purpose: assign a value to a template variable * @link http://smarty.php.net/manual/en/language.custom.functions.php#LANGUAGE.FUNCTION.ASSIGN {assign} * (Smarty online manual) + * @author Monte Ohrt (initial author) + * @auther messju mohr (conversion to compiler function) * @param string containing var-attribute and value-attribute * @param Smarty_Compiler */ diff --git a/bundled-libs/Smarty/libs/plugins/function.assign_debug_info.php b/bundled-libs/Smarty/libs/plugins/function.assign_debug_info.php index 8015624..6540498 100644 --- a/bundled-libs/Smarty/libs/plugins/function.assign_debug_info.php +++ b/bundled-libs/Smarty/libs/plugins/function.assign_debug_info.php @@ -11,6 +11,7 @@ * Type: function
* Name: assign_debug_info
* Purpose: assign debug info to the template
+ * @author Monte Ohrt * @param array unused in this plugin, this plugin uses {@link Smarty::$_config}, * {@link Smarty::$_tpl_vars} and {@link Smarty::$_smarty_debug_info} * @param Smarty diff --git a/bundled-libs/Smarty/libs/plugins/function.config_load.php b/bundled-libs/Smarty/libs/plugins/function.config_load.php index db7f8f6..db89f63 100644 --- a/bundled-libs/Smarty/libs/plugins/function.config_load.php +++ b/bundled-libs/Smarty/libs/plugins/function.config_load.php @@ -13,6 +13,8 @@ * Purpose: load config file vars * @link http://smarty.php.net/manual/en/language.function.config.load.php {config_load} * (Smarty online manual) + * @author Monte Ohrt + * @author messju mohr (added use of resources) * @param array Format: * 
  * array('file' => required config file name,
diff --git a/bundled-libs/Smarty/libs/plugins/function.counter.php b/bundled-libs/Smarty/libs/plugins/function.counter.php
index cfe5dd8..1f26db5 100644
--- a/bundled-libs/Smarty/libs/plugins/function.counter.php
+++ b/bundled-libs/Smarty/libs/plugins/function.counter.php
@@ -12,6 +12,7 @@
  * Type:     function

  * Name:     counter

  * Purpose:  print out a counter value
+ * @author Monte Ohrt 
  * @link http://smarty.php.net/manual/en/language.function.counter.php {counter}
  *       (Smarty online manual)
  * @param array parameters
diff --git a/bundled-libs/Smarty/libs/plugins/function.eval.php b/bundled-libs/Smarty/libs/plugins/function.eval.php
index 3a4b8b2..ff0472d 100644
--- a/bundled-libs/Smarty/libs/plugins/function.eval.php
+++ b/bundled-libs/Smarty/libs/plugins/function.eval.php
@@ -14,6 +14,7 @@
  * Purpose:  evaluate a template variable as a template

  * @link http://smarty.php.net/manual/en/language.function.eval.php {eval}
  *       (Smarty online manual)
+ * @author Monte Ohrt 
  * @param array
  * @param Smarty
  */
diff --git a/bundled-libs/Smarty/libs/plugins/function.fetch.php b/bundled-libs/Smarty/libs/plugins/function.fetch.php
index f5a6987..81b1bfc 100644
--- a/bundled-libs/Smarty/libs/plugins/function.fetch.php
+++ b/bundled-libs/Smarty/libs/plugins/function.fetch.php
@@ -14,6 +14,7 @@
  * Purpose:  fetch file, web or ftp data and display results
  * @link http://smarty.php.net/manual/en/language.function.fetch.php {fetch}
  *       (Smarty online manual)
+ * @author Monte Ohrt 
  * @param array
  * @param Smarty
  * @return string|null if the assign parameter is passed, Smarty assigns the
diff --git a/bundled-libs/Smarty/libs/plugins/function.html_image.php b/bundled-libs/Smarty/libs/plugins/function.html_image.php
index c62b0fe..9abae72 100644
--- a/bundled-libs/Smarty/libs/plugins/function.html_image.php
+++ b/bundled-libs/Smarty/libs/plugins/function.html_image.php
@@ -19,9 +19,10 @@
  *         - width = image width (optional, default actual width)
  *         - basedir = base directory for absolute paths, default
  *                     is environment variable DOCUMENT_ROOT
+ *         - path_prefix = prefix for path output (optional, default empty)
  *
- * Examples: {html_image file="images/masthead.gif"}
- * Output:   
+ * Examples: {html_image file="/images/masthead.gif"}
+ * Output:   
  * @link http://smarty.php.net/manual/en/language.function.html.image.php {html_image}
  *      (Smarty online manual)
  * @author   Monte Ohrt 
@@ -44,6 +45,7 @@ function smarty_function_html_image($params, &$smarty)
     $extra = '';
     $prefix = '';
     $suffix = '';
+    $path_prefix = '';
     $server_vars = ($smarty->request_use_auto_globals) ? $_SERVER : $GLOBALS['HTTP_SERVER_VARS'];
     $basedir = isset($server_vars['DOCUMENT_ROOT']) ? $server_vars['DOCUMENT_ROOT'] : '';
     foreach($params as $_key => $_val) {
@@ -52,6 +54,7 @@ function smarty_function_html_image($params, &$smarty)
             case 'height':
             case 'width':
             case 'dpi':
+            case 'path_prefix':
             case 'basedir':
                 $$_key = $_val;
                 break;
@@ -90,15 +93,9 @@ function smarty_function_html_image($params, &$smarty)
     } else {
         $_image_path = $file;
     }
-
+    
     if(!isset($params['width']) || !isset($params['height'])) {
-        if ($smarty->security &&
-            ($_params = array('resource_type' => 'file', 'resource_name' => $_image_path)) &&
-            (require_once(SMARTY_CORE_DIR . 'core.is_secure.php')) &&
-            (!smarty_core_is_secure($_params, $smarty)) ) {
-            $smarty->trigger_error("html_image: (secure) '$_image_path' not in secure directory", E_USER_NOTICE);
-
-        } elseif (!$_image_data = @getimagesize($_image_path)) {
+        if(!$_image_data = @getimagesize($_image_path)) {
             if(!file_exists($_image_path)) {
                 $smarty->trigger_error("html_image: unable to find '$_image_path'", E_USER_NOTICE);
                 return;
@@ -110,7 +107,13 @@ function smarty_function_html_image($params, &$smarty)
                 return;
             }
         }
-
+        if ($smarty->security &&
+            ($_params = array('resource_type' => 'file', 'resource_name' => $_image_path)) &&
+            (require_once(SMARTY_CORE_DIR . 'core.is_secure.php')) &&
+            (!smarty_core_is_secure($_params, $smarty)) ) {
+            $smarty->trigger_error("html_image: (secure) '$_image_path' not in secure directory", E_USER_NOTICE);
+        }        
+        
         if(!isset($params['width'])) {
             $width = $_image_data[0];
         }
@@ -131,7 +134,7 @@ function smarty_function_html_image($params, &$smarty)
         $height = round($height * $_resize);
     }
 
-    return $prefix . ''.$alt.'' . $suffix;
+    return $prefix . ''.$alt.'' . $suffix;
 }
 
 /* vim: set expandtab: */
diff --git a/bundled-libs/Smarty/libs/plugins/function.html_options.php b/bundled-libs/Smarty/libs/plugins/function.html_options.php
index ae864f7..cebadde 100644
--- a/bundled-libs/Smarty/libs/plugins/function.html_options.php
+++ b/bundled-libs/Smarty/libs/plugins/function.html_options.php
@@ -21,6 +21,7 @@
  *           the passed parameters
  * @link http://smarty.php.net/manual/en/language.function.html.options.php {html_image}
  *      (Smarty online manual)
+ * @author Monte Ohrt 
  * @param array
  * @param Smarty
  * @return string
diff --git a/bundled-libs/Smarty/libs/plugins/function.html_radios.php b/bundled-libs/Smarty/libs/plugins/function.html_radios.php
index dc7baee..7503cfa 100644
--- a/bundled-libs/Smarty/libs/plugins/function.html_radios.php
+++ b/bundled-libs/Smarty/libs/plugins/function.html_radios.php
@@ -48,6 +48,7 @@ function smarty_function_html_radios($params, &$smarty)
     $selected = null;
     $separator = '';
     $labels = true;
+    $label_ids = false;
     $output = null;
     $extra = '';
 
@@ -68,6 +69,7 @@ function smarty_function_html_radios($params, &$smarty)
                 break;
 
             case 'labels':
+            case 'label_ids':
                 $$_key = (bool)$_val;
                 break;
 
@@ -106,13 +108,13 @@ function smarty_function_html_radios($params, &$smarty)
     if (isset($options)) {
 
         foreach ($options as $_key=>$_val)
-            $_html_result[] = smarty_function_html_radios_output($name, $_key, $_val, $selected, $extra, $separator, $labels);
+            $_html_result[] = smarty_function_html_radios_output($name, $_key, $_val, $selected, $extra, $separator, $labels, $label_ids);
 
     } else {
 
         foreach ($values as $_i=>$_key) {
             $_val = isset($output[$_i]) ? $output[$_i] : '';
-            $_html_result[] = smarty_function_html_radios_output($name, $_key, $_val, $selected, $extra, $separator, $labels);
+            $_html_result[] = smarty_function_html_radios_output($name, $_key, $_val, $selected, $extra, $separator, $labels, $label_ids);
         }
 
     }
@@ -125,19 +127,23 @@ function smarty_function_html_radios($params, &$smarty)
 
 }
 
-function smarty_function_html_radios_output($name, $value, $output, $selected, $extra, $separator, $labels) {
+function smarty_function_html_radios_output($name, $value, $output, $selected, $extra, $separator, $labels, $label_ids) {
     $_output = '';
     if ($labels) {
-      $_id = smarty_function_escape_special_chars($name . '_' . $value);
-      $_output .= '