Merge branch 'master' into php82

.gitattributes

@@ -7,11 +7,10 @@
 
 # exclude from git export
 /tests export-ignore
-/demo export-ignore
-/docs export-ignore
 /utilities export-ignore
 /docker-compose.yml export-ignore
 /.github export-ignore
+/run_tests_for_all_php_versions.sh export-ignore
 /.gitattributes export-ignore
 /.gitignore export-ignore
 /make-release.sh export-ignore

.github/workflows/ci.yml

@@ -1,8 +1,10 @@
 # https://help.github.com/en/categories/automating-your-workflow-with-github-actions
 
 on:
-  - pull_request
-  - push
+  pull_request:
+  push:
+    branches:
+      - 'master'
 
 name: CI
 
@@ -73,9 +75,5 @@ jobs:
         restore-keys: |
           ${{ runner.os }}-php-${{ matrix.php-version }}-
 
-    - name: Install dependencies
-      if: steps.composer-cache.outputs.cache-hit != 'true'
-      run: composer install --prefer-dist --no-progress --no-suggest
-
     - name: Run tests with phpunit
-      run: ./phpunit.sh
+      run: ./run-tests.sh

CHANGELOG.md

@@ -9,6 +9,32 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - PHP8.2 compatibility [#775](https://github.com/smarty-php/smarty/pull/775)
 
+### Changed
+- Include docs and demo in the releases [#799](https://github.com/smarty-php/smarty/issues/799)
+- Using PHP functions as modifiers now triggers a deprecation notice because we will drop support for this in the next major release [#813](https://github.com/smarty-php/smarty/issues/813) 
+-  Dropped remaining references to removed PHP-support in Smarty 4 from docs, lexer and security class. [#816](https://github.com/smarty-php/smarty/issues/816)
+
+### Fixed
+- Output buffer is now cleaned for internal PHP errors as well, not just for Exceptions [#514](https://github.com/smarty-php/smarty/issues/514)
+- Fixed recursion and out of memory errors when caching in complicated template set-ups using inheritance and includes [#801](https://github.com/smarty-php/smarty/pull/801)
+- Fixed PHP8.1 deprecation errors in strip_tags 
+- Fix Variable Usage in Exception message when unable to load subtemplate [#808](https://github.com/smarty-php/smarty/pull/808)
+- Fixed PHP8.1 deprecation notices for strftime [#672](https://github.com/smarty-php/smarty/issues/672)
+- Fixed PHP8.1 deprecation errors passing null to parameter in trim [#807](https://github.com/smarty-php/smarty/pull/807)
+- Adapt Smarty upper/lower functions to be codesafe (e.g. for Turkish locale) [#586](https://github.com/smarty-php/smarty/pull/586)
+- Bug fix for underscore and limited length in template name in custom resources [#581](https://github.com/smarty-php/smarty/pull/581)
+
+## [4.2.1] - 2022-09-14
+
+### Security
+- Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks [#454](https://github.com/smarty-php/smarty/issues/454)
+
+### Fixed
+- Fixed PHP8.1 deprecation notices in modifiers (upper, explode, number_format and replace) [#755](https://github.com/smarty-php/smarty/pull/755) and [#788](https://github.com/smarty-php/smarty/pull/788)
+- Fixed PHP8.1 deprecation notices in capitalize modifier [#789](https://github.com/smarty-php/smarty/issues/789)
+- Fixed use of `rand()` without a parameter in math function [#794](https://github.com/smarty-php/smarty/issues/794)
+- Fixed unselected year/month/day not working in html_select_date [#395](https://github.com/smarty-php/smarty/issues/395)
+
 ## [4.2.0] - 2022-08-01
 
 ### Fixed

docker-compose.yml

@@ -3,10 +3,11 @@ services:
   base:
     build:
       context: .
+      dockerfile: ./utilities/testrunners/php71/Dockerfile
     volumes:
       - .:/app
     working_dir: /app
-    entrypoint: sh ./utilities/testrunners/run-test.sh
+    entrypoint: sh ./run-tests.sh
   php71:
     extends:
       service: base

docs/appendixes/tips.md

@@ -188,67 +188,6 @@ See also [`{html_select_date}`](#language.function.html.select.date),
 [`date_format`](#language.modifier.date.format) and
 [`$smarty.now`](#language.variables.smarty.now),
 
-WAP/WML {#tips.wap}
-=======
-
-WAP/WML templates require a php [Content-Type
-header](&url.php-manual;header) to be passed along with the template.
-The easist way to do this would be to write a custom function that
-prints the header. If you are using [caching](#caching), that won\'t
-work so we\'ll do it using the [`{insert}`](#language.function.insert)
-tag; remember `{insert}` tags are not cached! Be sure that there is
-nothing output to the browser before the template, or else the header
-may fail.
-
-
-    <?php
-
-    // be sure apache is configure for the .wml extensions!
-    // put this function somewhere in your application, or in Smarty.addons.php
-    function insert_header($params)
-    {
-       // this function expects $content argument
-       if (empty($params['content'])) {
-           return;
-       }
-       header($params['content']);
-       return;
-    }
-
-    ?>
-
-        
-
-your Smarty template *must* begin with the insert tag :
-
-
-    {insert name=header content="Content-Type: text/vnd.wap.wml"}
-
-    <?xml version="1.0"?>
-    <!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml">
-
-    <!-- begin new wml deck -->
-    <wml>
-     <!-- begin first card -->
-     <card>
-      <do type="accept">
-       <go href="#two"/>
-      </do>
-      <p>
-       Welcome to WAP with Smarty!
-       Press OK to continue...
-      </p>
-     </card>
-     <!-- begin second card -->
-     <card id="two">
-      <p>
-       Pretty easy isn't it?
-      </p>
-     </card>
-    </wml>
-
-        
-
 Componentized Templates {#tips.componentized.templates}
 =======================
 
@@ -259,7 +198,7 @@ Smarty object, [`assign()`](#api.assign) the variables and
 [`display()`](#api.display) the template. So lets say for example we
 have a stock ticker on our template. We would collect the stock data in
 our application, then assign these variables in the template and display
-it. Now wouldn\'t it be nice if you could add this stock ticker to any
+it. Now wouldn't it be nice if you could add this stock ticker to any
 application by merely including the template, and not worry about
 fetching the data up front?
 
@@ -301,9 +240,7 @@ assigning it to a template variable.
 
         
 
-See also [`{include_php}`](#language.function.include.php),
-[`{include}`](#language.function.include) and
-[`{php}`](#language.function.php).
+See also: [`{include}`](#language.function.include).
 
 Obfuscating E-mail Addresses {#tips.obfuscating.email}
 ============================

docs/designers/language-basic-syntax/language-syntax-attributes.md

@@ -3,7 +3,7 @@ Attributes {#language.syntax.attributes}
 
 Most of the [functions](#language.syntax.functions) take attributes that
 specify or modify their behavior. Attributes to Smarty functions are
-much like HTML attributes. Static values don\'t have to be enclosed in
+much like HTML attributes. Static values don't have to be enclosed in
 quotes, but it is required for literal strings. Variables with or
 without modifiers may also be used, and should not be in quotes. You can
 even use PHP function results, plugin results and complex expressions.

docs/designers/language-builtin-functions.md

@@ -16,7 +16,6 @@ Built-in Functions {#language.builtin.functions}
 - [{function}](./language-builtin-functions/language-function-function.md)
 - [{if},{elseif},{else}](./language-builtin-functions/language-function-if.md)
 - [{include}](./language-builtin-functions/language-function-include.md)
-- [{include_php}](./language-builtin-functions/language-function-include.php)
 - [{insert}](./language-builtin-functions/language-function-insert.md)
 - [{ldelim},{rdelim}](./language-builtin-functions/language-function-ldelim.md)
 - [{literal}](./language-builtin-functions/language-function-literal.md)

docs/designers/language-builtin-functions/language-function-assign.md

@@ -135,7 +135,6 @@ The following functions can also *optionally* assign template variables.
 
 [`{capture}`](#language.function.capture),
 [`{include}`](#language.function.include),
-[`{include_php}`](#language.function.include.php),
 [`{insert}`](#language.function.insert),
 [`{counter}`](#language.function.counter),
 [`{cycle}`](#language.function.cycle),

docs/designers/language-builtin-functions/language-function-include.md

@@ -188,7 +188,5 @@ current template.
 
       
 
-See also [`{include_php}`](#language.function.include.php),
-[`{insert}`](#language.function.insert),
-[`{php}`](#language.function.php), [template resources](#resources) and
+See also [`{insert}`](#language.function.insert), [template resources](#resources) and
 [componentized templates](#tips.componentized.templates).

docs/programmers/advanced-features/advanced-features-security.md

@@ -8,30 +8,14 @@ security compromises through the template language.
 The settings of the security policy are defined by properties of an
 instance of the Smarty\_Security class. These are the possible settings:
 
--   `$php_handling` determines how Smarty to handle PHP code embedded in
-    templates. Possible values are:
-
-    -   Smarty::PHP\_PASSTHRU -\> echo PHP tags as they are
-
-    -   Smarty::PHP\_QUOTE -\> escape tags as entities
-
-    -   Smarty::PHP\_REMOVE -\> remove php tags
-
-    -   Smarty::PHP\_ALLOW -\> execute php tags
-
-    The default value is Smarty::PHP\_PASSTHRU.
-
-    If security is enabled the [`$php_handling`](#variable.php.handling)
-    setting of the Smarty object is not checked for security.
-
 -   `$secure_dir` is an array of template directories that are
     considered secure. [`$template_dir`](#variable.template.dir)
     concidered secure implicitly. The default is an empty array.
 
 -   `$trusted_dir` is an array of all directories that are considered
     trusted. Trusted directories are where you keep php scripts that are
     executed directly from the templates with
-    [`{include_php}`](#language.function.include.php). The default is an
+    [`{insert}`](#language.function.insert.php). The default is an
     empty array.
 
 -   `$trusted_uri` is an array of regular expressions matching URIs that
@@ -110,12 +94,8 @@ instance of the Smarty\_Security class. These are the possible settings:
     super globals can be accessed by the template. The default is
     \"true\".
 
--   `$allow_php_tag` is a boolean flag which controls if {php} and
-    {include\_php} tags can be used by the template. The default is
-    \"false\".
-
 If security is enabled, no private methods, functions or properties of
-static classes or assigned objects can be accessed (beginningwith
+static classes or assigned objects can be accessed (beginning with
 \'\_\') by the template.
 
 To customize the security policy settings you can extend the
@@ -128,8 +108,6 @@ Smarty\_Security class or create an instance of it.
     class My_Security_Policy extends Smarty_Security {
       // disable all PHP functions
       public $php_functions = null;
-      // remove PHP tags
-      public $php_handling = Smarty::PHP_REMOVE;
       // allow everthing as modifier
       public $php_modifiers = array();
     }
@@ -145,8 +123,6 @@ Smarty\_Security class or create an instance of it.
     $my_security_policy = new Smarty_Security($smarty);
     // disable all PHP functions
     $my_security_policy->php_functions = null;
-    // remove PHP tags
-    $my_security_policy->php_handling = Smarty::PHP_REMOVE;
     // allow everthing as modifier
     $my_security_policy->php_modifiers = array();
     // enable security

docs/programmers/api-variables.md

@@ -39,7 +39,6 @@ them directly, or use the corresponding setter/getter methods.
 - [$left_delimiter](./api-variables/variable-left-delimiter.md)
 - [$locking_timeout](./api-variables/variable-locking-timeout.md)
 - [$merge_compiled_includes](./api-variables/variable-merge-compiled-includes.md)
-- [$php_handling](./api-variables/variable-php-handling.md)
 - [$plugins_dir](./api-variables/variable-plugins-dir.md)
 - [$right_delimiter](./api-variables/variable-right-delimiter.md)
 - [$smarty_debug_id](./api-variables/variable-smarty-debug-id.md)

docs/programmers/api-variables/variable-trusted-dir.md

@@ -5,4 +5,4 @@
 array of all directories that are considered trusted. Trusted
 directories are where you keep php scripts that are executed directly
 from the templates with
-[`{include_php}`](#language.function.include.php).
+[`{insert}`](#language.function.insert.php).

docs/programmers/smarty-constants.md

@@ -23,5 +23,4 @@ to determine the appropriate value automatically. If defined, the path
 
          
 
-See also [`$smarty.const`](../designers/language-variables/language-variables-smarty.md) and
-[`$php_handling constants`](./api-variables/variable-php-handling.md)
+See also [`$smarty.const`](../designers/language-variables/language-variables-smarty.md).

lexer/smarty_internal_templatelexer.plex

@@ -161,7 +161,6 @@ class Smarty_Internal_Templatelexer
                                                'COMMENT'     => 'comment',
                                                'AS'          => 'as',
                                                'TO'          => 'to',
-                                               'PHP'         => '"<?php", "<%", "{php}" tag',
                                                'LOGOP'       => '"<", "==" ... logical operator',
                                                'TLOGOP'      => '"lt", "eq" ... logical operator; "is div by" ... if condition',
                                                'SCOND'       => '"is even" ... if condition',