Merge pull request #60 from ophian/master

Merge current master into dev5
ophian · May 30, 2024 · 1d3cb8b · 1d3cb8b
2 parents 3f7e8a5 + a3c547c
commit 1d3cb8b
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 83 deletions.
diff --git a/bundled-libs/Smarty/CHANGELOG.md b/bundled-libs/Smarty/CHANGELOG.md
@@ -6,19 +6,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-## [4.5.2-Styx-dev-4] - 2024-04-07
-- see [Custom Styx features]
-
-- Fixed argument must be passed by reference error introduced in v4.5.1 [#964](https://github.com/smarty-php/smarty/issues/964)
-
-## [4.5.1] - 2024-03-18
-
-
-## [4.5.0] - 2024-03-18
-
-
-### Changed
-- Using unregistered static class methods in expressions now also triggers a deprecation notice because we will drop support for this in the next major release [#813](https://github.com/smarty-php/smarty/issues/813)
+## [4.4.1-Styx-dev-4] - 2024-05-28
+- Fixed a code injection vulnerability in extends-tag. This addresses CVE-2024-35226.
 
 ## [4.4.1] - 2024-02-26
 - Fixed internal release-tooling

diff --git a/bundled-libs/Smarty/libs/Smarty.class.php b/bundled-libs/Smarty/libs/Smarty.class.php
@@ -107,7 +107,8 @@ class Smarty extends Smarty_Internal_TemplateBase
     /**
      * smarty version
      */
-    const SMARTY_VERSION = '4.5.2-dev-4';
+    const SMARTY_VERSION = '4.5.2-dev-5';
+
     /**
      * define variable scopes
      */

diff --git a/bundled-libs/Smarty/libs/sysplugins/smarty_internal_compile_extends.php b/bundled-libs/Smarty/libs/sysplugins/smarty_internal_compile_extends.php
@@ -30,7 +30,7 @@ class Smarty_Internal_Compile_Extends extends Smarty_Internal_Compile_Shared_Inh
      *
      * @var array
      */
-    public $optional_attributes = array('extends_resource');
+    public $optional_attributes = array();
 
     /**
      * Attribute definition: Overwrites base class.
@@ -62,29 +62,7 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler)
         }
         // add code to initialize inheritance
         $this->registerInit($compiler, true);
-        $file = trim($_attr[ 'file' ], '\'"');
-        if (strlen($file) > 8 && substr($file, 0, 8) === 'extends:') {
-            // generate code for each template
-            $files = array_reverse(explode('|', substr($file, 8)));
-            $i = 0;
-            foreach ($files as $file) {
-                if ($file[ 0 ] === '"') {
-                    $file = trim($file, '".');
-                } else {
-                    $file = "'{$file}'";
-                }
-                $i++;
-                if ($i === count($files) && isset($_attr[ 'extends_resource' ])) {
-                    $this->compileEndChild($compiler);
-                }
-                $this->compileInclude($compiler, $file);
-            }
-            if (!isset($_attr[ 'extends_resource' ])) {
-                $this->compileEndChild($compiler);
-            }
-        } else {
-            $this->compileEndChild($compiler, $_attr[ 'file' ]);
-        }
+        $this->compileEndChild($compiler, $_attr[ 'file' ]);
         $compiler->has_code = false;
         return '';
     }
@@ -115,44 +93,4 @@ private function compileEndChild(Smarty_Internal_TemplateCompilerBase $compiler,
                 '') . ");\n?>"
         );
     }
-
-    /**
-     * Add code for including subtemplate to end of template
-     *
-     * @param \Smarty_Internal_TemplateCompilerBase $compiler
-     * @param string                                $template subtemplate name
-     *
-     * @throws \SmartyCompilerException
-     * @throws \SmartyException
-     */
-    private function compileInclude(Smarty_Internal_TemplateCompilerBase $compiler, $template)
-    {
-        $compiler->parser->template_postfix[] = new Smarty_Internal_ParseTree_Tag(
-            $compiler->parser,
-            $compiler->compileTag(
-                'include',
-                array(
-                    $template,
-                    array('scope' => 'parent')
-                )
-            )
-        );
-    }
-
-    /**
-     * Create source code for {extends} from source components array
-     *
-     * @param \Smarty_Internal_Template $template
-     *
-     * @return string
-     */
-    public static function extendsSourceArrayCode(Smarty_Internal_Template $template)
-    {
-        $resources = array();
-        foreach ($template->source->components as $source) {
-            $resources[] = $source->resource;
-        }
-        return $template->smarty->left_delimiter . 'extends file=\'extends:' . join('|', $resources) .
-               '\' extends_resource=true' . $template->smarty->right_delimiter;
-    }
 }
diff --git a/bundled-libs/Smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php b/bundled-libs/Smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php
@@ -455,15 +455,29 @@ public function compileTemplateSource(
             $this->smarty->_current_file = $this->template->source->filepath;
             // get template source
             if (!empty($this->template->source->components)) {
-                // we have array of inheritance templates by extends: resource
-                // generate corresponding source code sequence
-                $_content =
-                    Smarty_Internal_Compile_Extends::extendsSourceArrayCode($this->template);
+                $_compiled_code = '<?php $_smarty_tpl->_loadInheritance(); $_smarty_tpl->inheritance->init($_smarty_tpl, true); ?>';
+
+                    $i = 0;
+                    $reversed_components = array_reverse($this->template->getSource()->components);
+                    foreach ($reversed_components as $source) {
+                        $i++;
+                        if ($i === count($reversed_components)) {
+                            $_compiled_code .= '<?php $_smarty_tpl->inheritance->endChild($_smarty_tpl); ?>';
+                        }
+                        $_compiled_code .= $this->compileTag(
+                            'include',
+                            [
+                                var_export($source->resource, true),
+                                ['scope' => 'parent'],
+                            ]
+                        );
+                    }
+                    $_compiled_code = $this->postFilter($_compiled_code, $this->template);
             } else {
                 // get template source
                 $_content = $this->template->source->getContent();
+                $_compiled_code = $this->postFilter($this->doCompile($this->preFilter($_content), true));
             }
-            $_compiled_code = $this->postFilter($this->doCompile($this->preFilter($_content), true));
             if (!empty($this->required_plugins[ 'compiled' ]) || !empty($this->required_plugins[ 'nocache' ])) {
                 $_compiled_code = '<?php ' . $this->compileRequiredPlugins() . "?>\n" . $_compiled_code;
             }

diff --git a/docs/NEWS b/docs/NEWS
@@ -52,6 +52,8 @@ Version 4.4.3-DEV ()
  ------------------------------------------------------------------------
 
 
+  * Merge Smarty v.4.5.3 security release into current v.4.4.1-dev-5
+
   * Clear [ pure ] standard theme styles .post_content end/start floats for the
     body/extended field expression, when the first ends and the second starts
     with a floating container, i.e. "_image_", to keep them separated.