Skip to content

Commit

Permalink
PHP8.2 compatibility (smarty-php#775)
Browse files Browse the repository at this point in the history 
* PHP8.2 compatibility

* PHP8.2 compatibility : Fixed unit tests

* PHP8.2 compatibility : Replace ENT_COMPAT by ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401

* PHP8.2 compatibility : Remove deprecated utf8_decode

* PHP8.2 compatibility : Remove HTML-ENTITIES parameter

* Removed some unused code for clarity, updated the changelog.

* More concise escape implementation and unit test to cover both modifierplugin and modifiercompiler.

* Fix htmlall unescape of quotes without mbstring too

Co-authored-by: Simon Wisselink <s.wisselink@iwink.nl>
  • Loading branch information
@Progi1984 @wisskid @peterpeppered
2 people authored and peterpeppered committed Oct 26, 2023
1 parent 2fc4438 commit 823431d
Show file tree
Hide file tree
Showing 22 changed files with 298 additions and 137 deletions.
16 changes: 15 additions & 1 deletion .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,15 +28,29 @@ jobs:
- "5.3"
- "5.4"
- "5.5"
- "5.6"
- "5.6"
- "7.1"
- "7.2"
- "7.3"
- "7.4"
- "8.0"
- "8.1"
- "8.2"

compiler:
- default

include:
- os: ubuntu-latest
php-version: "8.0"
compiler: jit
- os: ubuntu-latest
php-version: "8.1"
compiler: jit
- os: ubuntu-latest
php-version: "8.2"
compiler: jit

steps:
- name: Checkout
uses: actions/checkout@v2
Expand Down
16 changes: 12 additions & 4 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Security
- Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447.

### Added
- PHP8.2 compatibility [#775](https://github.com/smarty-php/smarty/pull/775)

### Changed
- Include docs and demo in the releases [#799](https://github.com/smarty-php/smarty/issues/799)
- Using PHP functions as modifiers now triggers a deprecation notice because we will drop support for this in the next major release [#813](https://github.com/smarty-php/smarty/issues/813)
- Dropped remaining references to removed PHP-support in Smarty 4 from docs, lexer and security class. [#816](https://github.com/smarty-php/smarty/issues/816)

### Fixed
- Output buffer is now cleaned for internal PHP errors as well, not just for Exceptions [#514](https://github.com/smarty-php/smarty/issues/514)

Expand All @@ -22,8 +30,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Fixed
- Fixed use of `rand()` without a parameter in math function [#794](https://github.com/smarty-php/smarty/issues/794)
- Fixed unselected year/month/day not working in html_select_date [#395](https://github.com/smarty-php/smarty/issues/395)
- Updated requirement contraint for 'php' in composer.json to correctly reflect that Smarty3 does not support PHP8. Please upgrade to Smarty4 to use PHP8.
- Updated requirement contraint for 'php' in composer.json to correctly reflect that Smarty3 does not support PHP8. Please upgrade to Smarty4 to use PHP8.

## [3.1.46] - 2022-08-01

### Fixed
Expand Down Expand Up @@ -599,7 +607,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- revert bugfix compiling {section} did create warning
- bugfix {$smarty.section.customer.loop} did throw compiler error https://github.com/smarty-php/smarty/issues/161
update of yesterdays fix
- bugfix string resource could inject code at {block} or inline subtemplates through PHP comments https://github.com/smarty-php/smarty/issues/157
- bugfix string resource could inject code at {block} or inline subtemplates through PHP comments https://github.com/smarty-php/smarty/issues/157
- bugfix output filters did not observe nocache code flhttps://github.com/smarty-php/smarty/issues/154g https://github.com/smarty-php/smarty/issues/160
- bugfix {extends} with relative file path did not work https://github.com/smarty-php/smarty/issues/154
https://github.com/smarty-php/smarty/issues/158
Expand Down Expand Up @@ -2259,7 +2267,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- bugfix overloading problem when $smarty->fetch()/display() have been used in plugins
(introduced with 3.0.2)
- code cleanup

## Smarty 3.0.3 -

13/11/2010
Expand Down
9 changes: 4 additions & 5 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,15 @@
# Smarty 3 template engine
[smarty.net](https://www.smarty.net/)
[smarty.net](https://www.smarty.net/)

[![Build Status](https://travis-ci.org/smarty-php/smarty.svg?branch=master)](https://travis-ci.org/smarty-php/smarty)

## Documentation

For documentation see
[www.smarty.net/docs/en/](https://www.smarty.net/docs/en/)
For documentation see
[www.smarty.net/docs/en/](https://www.smarty.net/docs/en/)

## Requirements

Smarty can be run with PHP 5.2 to PHP 7.4.
Smarty can be run with PHP 7.1 to PHP 8.2.

## Distribution repository

Expand Down
16 changes: 15 additions & 1 deletion docker-compose.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,4 +48,18 @@ services:
service: base
build:
dockerfile: ./utilities/testrunners/php74/Dockerfile

php80:
extends:
service: base
build:
dockerfile: ./utilities/testrunners/php80/Dockerfile
php81:
extends:
service: base
build:
dockerfile: ./utilities/testrunners/php81/Dockerfile
php82:
extends:
service: base
build:
dockerfile: ./utilities/testrunners/php82/Dockerfile
169 changes: 169 additions & 0 deletions docs/getting-started.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,169 @@
What is Smarty?
==============

## Requirements
Smarty can be run with PHP 7.1 to PHP 8.2.

## Installation
Smarty versions 3.1.11 or later can be installed with [Composer](https://getcomposer.org/).

To get the latest stable version of Smarty use:
```bash
composer require smarty/smarty
````

To get the latest, unreleased version, use:
```bash
composer require smarty/smarty:dev-master
````
To get the previous stable version of Smarty, Smarty 3, use:
```bash
composer require smarty/smarty:^3
````

Here's how you create an instance of Smarty in your PHP scripts:
```php
<?php
require 'vendor/autoload.php';
$smarty = new Smarty();
```
Now that the library files are in place, it's time to setup the Smarty
directories for your application.

Smarty requires four directories which are by default named
[`templates`](./programmers/api-variables/variable-template-dir.md),
[`configs`](./programmers/api-variables/variable-config-dir.md),
[`templates_c`](./programmers/api-variables/variable-compile-dir.md)
and
[`cache`](./programmers/api-variables/variable-cache-dir.md)
relative to the current working directory.

The defaults can be changed as follows:
```php
$smarty = new Smarty();
$smarty->setTemplateDir('/some/template/dir');
$smarty->setConfigDir('/some/config/dir');
$smarty->setCompileDir('/some/compile/dir');
$smarty->setCacheDir('/some/cache/dir');
```

The compile dir and cache dir need to be writable for the user running the PHP script.

> **Note**
>
> This is usually user "nobody" and group "nobody". For OS X users, the
> default is user "www" and group "www". If you are using Apache, you
> can look in your `httpd.conf` file to see what user and group are
> being used.

```bash
chown nobody:nobody /web/www.example.com/guestbook/templates_c/
chmod 770 /web/www.example.com/guestbook/templates_c/
chown nobody:nobody /web/www.example.com/guestbook/cache/
chmod 770 /web/www.example.com/guestbook/cache/
```

You can verify if your system has the correct access rights for
these directories with [`testInstall()`](./programmers/api-functions/api-test-install.md):

```php
$smarty = new Smarty();
$smarty->setTemplateDir('/some/template/dir');
$smarty->setConfigDir('/some/config/dir');
$smarty->setCompileDir('/some/compile/dir');
$smarty->setCacheDir('/some/cache/dir');
$smarty->testInstall();
```

Now, let's create the `index.tpl` file that Smarty will display. This
needs to be located in the [`$template_dir`](./programmers/api-variables/variable-template-dir.md).
```html
{* Smarty *}
Hello {$name}, welcome to Smarty!
```
> **Note**
>
> `{* Smarty *}` is a template [comment](./designers/language-basic-syntax/language-syntax-comments.md). It
> is not required, but it is good practice to start all your template
> files with this comment. It makes the file easy to recognize
> regardless of the file extension. For example, text editors could
> recognize the file and turn on special syntax highlighting.
Now lets edit our php file. We'll create an instance of Smarty,
[`assign()`](./programmers/api-functions/api-assign.md) a template variable and
[`display()`](./programmers/api-functions/api-display.md) the `index.tpl` file.

```php
<?php
require 'vendor/autoload.php';
$smarty = new Smarty();
$smarty->setTemplateDir('/web/www.example.com/guestbook/templates/');
$smarty->setCompileDir('/web/www.example.com/guestbook/templates_c/');
$smarty->setConfigDir('/web/www.example.com/guestbook/configs/');
$smarty->setCacheDir('/web/www.example.com/guestbook/cache/');
$smarty->assign('name', 'Ned');
$smarty->display('index.tpl');
```

> **Note**
>
> In our example, we are setting absolute paths to all of the Smarty
> directories. If `/web/www.example.com/guestbook/` is within your PHP
> include\_path, then these settings are not necessary. However, it is
> more efficient and (from experience) less error-prone to set them to
> absolute paths. This ensures that Smarty is getting files from the
> directories you intended.

Now, run your PHP file. You should see *\"Hello Ned, welcome to Smarty!\"*

You have completed the basic setup for Smarty!

## Extended Setup {#installing.smarty.extended}
==============

This is a continuation of the [basic
installation](#installing.smarty.basic), please read that first!

A slightly more flexible way to setup Smarty is to extend the Smarty
class and initialize your Smarty
environment. So instead of repeatedly setting directory paths, assigning
the same vars, etc., we can do that in one place.

```php
<?php
class Smarty_GuestBook extends Smarty {
public function __construct()
{
parent::__construct();
$this->setTemplateDir('/web/www.example.com/guestbook/templates/');
$this->setCompileDir('/web/www.example.com/guestbook/templates_c/');
$this->setConfigDir('/web/www.example.com/guestbook/configs/');
$this->setCacheDir('/web/www.example.com/guestbook/cache/');
$this->caching = Smarty::CACHING_LIFETIME_CURRENT;
$this->assign('app_name', 'Guest Book');
}
}
```

Now, we can use `Smarty_GuestBook` instead of `Smarty` in our scripts:
```php
$smarty = new Smarty_GuestBook();
$smarty->assign('name','Ned');
$smarty->display('index.tpl');
```
80 changes: 4 additions & 76 deletions libs/plugins/modifier.escape.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,87 +34,15 @@ function smarty_modifier_escape($string, $esc_type = 'html', $char_set = null, $
}
switch ($esc_type) {
case 'html':
if ($_double_encode) {
// php >=5.3.2 - go native
return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
} else {
if ($double_encode) {
// php <5.2.3 - only handle double encoding
return htmlspecialchars($string, ENT_QUOTES, $char_set);
} else {
// php <5.2.3 - prevent double encoding
$string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
$string = htmlspecialchars($string, ENT_QUOTES, $char_set);
$string = str_replace(
array(
'%%%SMARTY_START%%%',
'%%%SMARTY_END%%%'
),
array(
'&',
';'
),
$string
);
return $string;
}
}
return htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
// no break
case 'htmlall':
if (Smarty::$_MBSTRING) {
// mb_convert_encoding ignores htmlspecialchars()
if ($_double_encode) {
// php >=5.3.2 - go native
$string = htmlspecialchars($string, ENT_QUOTES, $char_set, $double_encode);
} else {
if ($double_encode) {
// php <5.2.3 - only handle double encoding
$string = htmlspecialchars($string, ENT_QUOTES, $char_set);
} else {
// php <5.2.3 - prevent double encoding
$string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
$string = htmlspecialchars($string, ENT_QUOTES, $char_set);
$string =
str_replace(
array(
'%%%SMARTY_START%%%',
'%%%SMARTY_END%%%'
),
array(
'&',
';'
),
$string
);
return $string;
}
}
// htmlentities() won't convert everything, so use mb_convert_encoding
return mb_convert_encoding($string, 'HTML-ENTITIES', $char_set);
$string = mb_convert_encoding($string, 'UTF-8', $char_set);
return htmlentities($string, ENT_QUOTES, 'UTF-8', $double_encode);
}
// no MBString fallback
if ($_double_encode) {
return htmlentities($string, ENT_QUOTES, $char_set, $double_encode);
} else {
if ($double_encode) {
return htmlentities($string, ENT_QUOTES, $char_set);
} else {
$string = preg_replace('!&(#?\w+);!', '%%%SMARTY_START%%%\\1%%%SMARTY_END%%%', $string);
$string = htmlentities($string, ENT_QUOTES, $char_set);
$string = str_replace(
array(
'%%%SMARTY_START%%%',
'%%%SMARTY_END%%%'
),
array(
'&',
';'
),
$string
);
return $string;
}
}
return htmlentities($string, ENT_QUOTES, $char_set, $double_encode);
// no break
case 'url':
return rawurlencode($string);
Expand Down
Loading

0 comments on commit 823431d

Please sign in to comment.