Attachment 169804 Details for Bug 243856 – smarty-function-injection.patch

[patch] smarty-function-injection.patch

smarty-function-injection.patch (text/plain), 1.21 KB, created by Robert Buchholz (RETIRED) on 2008-10-25 12:47:04 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Robert Buchholz (RETIRED)

Created: 2008-10-25 12:47:04 UTC

Size: 1.21 KB

patch

obsolete

>------------------------------------------------------------------------
>r2784 | Uwe.Tews | 2008-09-18 23:03:32 +0200 (Thu, 18 Sep 2008) | 1 line
>
> - fix  function injection security hole closed (U.Tews)
>------------------------------------------------------------------------
>r2796 | monte.ohrt | 2008-09-22 17:29:16 +0200 (Mon, 22 Sep 2008) | 3 lines
>
>revert patch for secuity hole, update site url
>
>
>------------------------------------------------------------------------
>r2797 | monte.ohrt | 2008-09-22 21:26:32 +0200 (Mon, 22 Sep 2008) | 3 lines
>
>patch for security, php executed in templates
>
>
>------------------------------------------------------------------------
>Index: Smarty_Compiler.class.php
>===================================================================
>--- Smarty-2.6.20.orig/libs/Smarty_Compiler.class.php	(revision 2781)
>+++ Smarty-2.6.20/libs/Smarty_Compiler.class.php	(revision 2797)
>@@ -1705,6 +1705,8 @@
>         }
>         // replace double quoted literal string with single quotes
>         $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
>+        // escape dollar sign if not printing a var
>+        $_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return);
>         return $_return;
>     }
>

Actions: View | Diff

Attachments on bug 243856: 169804