Fix incorrect compilation of expressions when escape_html=true

Fixes #930
smarty-php · Feb 5, 2024 · 0141cde · 0141cde
1 parent e0cbbdf
commit 0141cde
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - PHP8.3 support [#925](https://github.com/smarty-php/smarty/issues/925)
 
+### Fixed
+- Incorrect compilation of expressions when escape_html=true [#930](https://github.com/smarty-php/smarty/pull/930)
+
 ## [4.3.4] - 2023-09-14
 
 ## [4.3.3] - 2023-09-14

diff --git a/libs/sysplugins/smarty_internal_compile_private_print_expression.php b/libs/sysplugins/smarty_internal_compile_private_print_expression.php
@@ -93,7 +93,7 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler, $
                 }
                 // autoescape html
                 if ($compiler->template->smarty->escape_html) {
-                    $output = "htmlspecialchars((string) {$output}, ENT_QUOTES, '" . addslashes(Smarty::$_CHARSET) . "')";
+                    $output = "htmlspecialchars((string) ({$output}), ENT_QUOTES, '" . addslashes(Smarty::$_CHARSET) . "')";
                 }
                 // loop over registered filters
                 if (!empty($compiler->template->smarty->registered_filters[ Smarty::FILTER_VARIABLE ])) {