- bugfix string resource could inject code at {block} or inline subte…

…mplates through PHP comments #157
smarty-php · Jan 26, 2016 · 2850cce · 2850cce
1 parent 0b31052
commit 2850cce
Show file tree

Hide file tree

Showing 4 changed files with 223 additions and 173 deletions.
diff --git a/change_log.txt b/change_log.txt
@@ -3,6 +3,7 @@
   - revert bugfix compiling {section} did create warning
   - bugfix {$smarty.section.customer.loop} did throw compiler error https://github.com/smarty-php/smarty/issues/161
     update of yesterdays fix
+  - bugfix string resource could inject code at {block} or inline subtemplates through PHP comments https://github.com/smarty-php/smarty/issues/157
 
  26.01.2016
   - improvement observe Smarty::$_CHARSET in debugging console https://github.com/smarty-php/smarty/issues/169

diff --git a/libs/Smarty.class.php b/libs/Smarty.class.php
@@ -121,7 +121,7 @@ class Smarty extends Smarty_Internal_TemplateBase
     /**
      * smarty version
      */
-    const SMARTY_VERSION = '3.1.30-dev/21';
+    const SMARTY_VERSION = '3.1.30-dev/22';
 
     /**
      * define variable scopes

diff --git a/libs/sysplugins/smarty_internal_compile_block.php b/libs/sysplugins/smarty_internal_compile_block.php
@@ -15,6 +15,13 @@
  */
 class Smarty_Internal_Compile_Block extends Smarty_Internal_Compile_Shared_Inheritance
 {
+    /**
+     * nesting level of block tags
+     *
+     * @var int
+     */
+    public static $blockTagNestingLevel = 0;
+
     /**
      * Attribute definition: Overwrites base class.
      *
@@ -48,29 +55,65 @@ class Smarty_Internal_Compile_Block extends Smarty_Internal_Compile_Shared_Inher
     public $optional_attributes = array('assign');
 
     /**
-     * nesting level of block tags
+     * Saved compiler object
      *
-     * @var int
+     * @var Smarty_Internal_TemplateCompiler
      */
-    public static $blockTagNestingLevel = 0;
+    public $compiler = null;
 
     /**
-     * Saved compiler object
+     * Compile saved child block source
+     *
+     * @param \Smarty_Internal_TemplateCompiler compiler object
+     * @param string                            $_name   optional name of child block
      *
-     * @var Smarty_Internal_TemplateCompilerBase
+     * @return string   compiled code of child block
      */
-    public $compiler = null;
+    static function compileChildBlock(Smarty_Internal_TemplateCompiler $compiler, $_name = null)
+    {
+        if (!isset($compiler->_cache[ 'blockNesting' ])) {
+            $compiler->trigger_template_error(' tag {$smarty.block.child} used outside {block} tags ',
+                                              $compiler->parser->lex->taglineno);
+        }
+        $compiler->has_code = true;
+        $compiler->suppressNocacheProcessing = true;
+        $compiler->_cache[ 'blockParams' ][ $compiler->_cache[ 'blockNesting' ] ][ 1 ] = true;
+        $output =
+            "\$_smarty_tpl->_getExtension('_inheritance')->processBlock(\$_smarty_tpl, 2, {$compiler->_cache['blockName'][$compiler->_cache['blockNesting']]}, null, \$_blockParentStack);\n";
+        return $output;
+    }
+
+    /**
+     * Compile $smarty.block.parent
+     *
+     * @param \Smarty_Internal_TemplateCompiler $compiler compiler object
+     * @param string                            $_name    optional name of child block
+     *
+     * @return string   compiled code of child block
+     */
+    static function compileParentBlock(Smarty_Internal_TemplateCompiler $compiler, $_name = null)
+    {
+        if (!isset($compiler->_cache[ 'blockNesting' ])) {
+            $compiler->trigger_template_error(' tag {$smarty.block.parent} used outside {block} tags ',
+                                              $compiler->parser->lex->taglineno);
+        }
+        $compiler->suppressNocacheProcessing = true;
+        $compiler->has_code = true;
+        $output =
+            "\$_smarty_tpl->_getExtension('_inheritance')->processBlock(\$_smarty_tpl, 4, {$compiler->_cache['blockName'][$compiler->_cache['blockNesting']]}, null, \$_blockParentStack);\n";
+        return $output;
+    }
 
     /**
      * Compiles code for the {block} tag
      *
-     * @param  array                                 $args      array with attributes from parser
-     * @param  \Smarty_Internal_TemplateCompilerBase $compiler  compiler object
-     * @param  array                                 $parameter array with compilation parameter
+     * @param  array                             $args      array with attributes from parser
+     * @param  \Smarty_Internal_TemplateCompiler $compiler  compiler object
+     * @param  array                             $parameter array with compilation parameter
      *
      * @return bool true
      */
-    public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler, $parameter)
+    public function compile($args, Smarty_Internal_TemplateCompiler $compiler, $parameter = null)
     {
         if (!isset($compiler->_cache[ 'blockNesting' ])) {
             $compiler->_cache[ 'blockNesting' ] = 0;
@@ -86,13 +129,15 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler, $
         $_attr = $this->getAttributes($compiler, $args);
         $compiler->_cache[ 'blockNesting' ] ++;
         $compiler->_cache[ 'blockName' ][ $compiler->_cache[ 'blockNesting' ] ] = $_attr[ 'name' ];
-        $compiler->_cache[ 'blockParams' ][ $compiler->_cache[ 'blockNesting' ] ][ 'name' ] = "{$_attr['name']}";
+        $compiler->_cache[ 'blockParams' ][ $compiler->_cache[ 'blockNesting' ] ][ 0 ] =
+            'block_' . preg_replace('![^\w]+!', '_', uniqid(rand(), true));
+        $compiler->_cache[ 'blockParams' ][ $compiler->_cache[ 'blockNesting' ] ][ 1 ] = false;
         $this->openTag($compiler, 'block', array($_attr, $compiler->nocache, $compiler->parser->current_buffer,
                                                  $compiler->template->compiled->has_nocache_code,
                                                  $compiler->template->caching));
         // must whole block be nocache ?
         if ($compiler->tag_nocache) {
-            $i = 0;
+            // TODO rethink nocache handling
         }
         $compiler->nocache = $compiler->nocache | $compiler->tag_nocache;
         // $compiler->suppressNocacheProcessing = true;
@@ -103,47 +148,6 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler, $
         $compiler->template->compiled->has_nocache_code = false;
         $compiler->suppressNocacheProcessing = true;
     }
-
-    /**
-     * Compile saved child block source
-     *
-     * @param \Smarty_Internal_TemplateCompilerBase compiler object
-     * @param string                                $_name   optional name of child block
-     *
-     * @return string   compiled code of child block
-     */
-    static function compileChildBlock(Smarty_Internal_TemplateCompilerBase $compiler, $_name = null)
-    {
-        if (!isset($compiler->_cache[ 'blockNesting' ])) {
-            $compiler->trigger_template_error(' tag {$smarty.block.child} used outside {block} tags ',
-                                              $compiler->parser->lex->taglineno);
-        }
-        $compiler->has_code = true;
-        $compiler->suppressNocacheProcessing = true;
-        $compiler->_cache[ 'blockParams' ][ $compiler->_cache[ 'blockNesting' ] ][ 'callsChild' ] = 'true';
-        $output = "<?php \n\$this->callChild(\$_smarty_tpl);\n?>\n";
-        return $output;
-    }
-
-    /**
-     * Compile $smarty.block.parent
-     *
-     * @param \Smarty_Internal_TemplateCompilerBase $compiler compiler object
-     * @param string                                $_name    optional name of child block
-     *
-     * @return string   compiled code of child block
-     */
-    static function compileParentBlock(Smarty_Internal_TemplateCompilerBase $compiler, $_name = null)
-    {
-        if (!isset($compiler->_cache[ 'blockNesting' ])) {
-            $compiler->trigger_template_error(' tag {$smarty.block.parent} used outside {block} tags ',
-                                              $compiler->parser->lex->taglineno);
-        }
-        $compiler->suppressNocacheProcessing = true;
-        $compiler->has_code = true;
-        $output = "<?php \n\$this->callParent(\$_smarty_tpl);\n?>\n";
-        return $output;
-    }
 }
 
 /**
@@ -152,70 +156,91 @@ static function compileParentBlock(Smarty_Internal_TemplateCompilerBase $compile
  */
 class Smarty_Internal_Compile_Blockclose extends Smarty_Internal_Compile_Shared_Inheritance
 {
+    /**
+     * @var Smarty_Internal_TemplateCompiler
+     */
+    public $compiler = null;
+
     /**
      * Compiles code for the {/block} tag
      *
-     * @param  array                                $args      array with attributes from parser
-     * @param \Smarty_Internal_TemplateCompilerBase $compiler  compiler object
-     * @param  array                                $parameter array with compilation parameter
+     * @param  array                            $args      array with attributes from parser
+     * @param \Smarty_Internal_TemplateCompiler $compiler  compiler object
+     * @param  array                            $parameter array with compilation parameter
      *
      * @return bool true
      */
-    public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler, $parameter)
+    public function compile($args, Smarty_Internal_TemplateCompiler $compiler, $parameter = null)
     {
         list($_attr, $_nocache, $_buffer, $_has_nocache_code, $_caching) = $this->closeTag($compiler, array('block'));
         // init block parameter
         $_block = $compiler->_cache[ 'blockParams' ][ $compiler->_cache[ 'blockNesting' ] ];
         unset($compiler->_cache[ 'blockParams' ][ $compiler->_cache[ 'blockNesting' ] ]);
+        $_block[ 2 ] = $_block[ 3 ] = 0;
         $_name = trim($_attr[ 'name' ], "'\"");
         $_assign = isset($_attr[ 'assign' ]) ? $_attr[ 'assign' ] : null;
         unset($_attr[ 'assign' ], $_attr[ 'name' ]);
         foreach ($_attr as $name => $stat) {
             if ((is_bool($stat) && $stat !== false) || (!is_bool($stat) && $stat != 'false')) {
-                $_block[ $name ] = 'true';
+                $_block[ $name ] = is_string($stat) ? trim($stat, "'\"") : $stat;
             }
         }
-        $_className = 'Block_' . preg_replace('#[^\w\|]+#S', '_', $_name) . '_' .
-            preg_replace('![^\w]+!', '_', uniqid(rand(), true));
+        if ($compiler->template->source->type == 'file') {
+            $sourceInfo = $compiler->template->source->filepath;
+        } else {
+            $basename = $compiler->template->source->handler->getBasename($compiler->template->source);
+            $sourceInfo = $compiler->template->source->type .':' . ($basename ? $basename : $compiler->template->source->name);
+        }
+        $_funcName = $_block[ 0 ];
         // get compiled block code
-        $_functionCode = $compiler->parser->current_buffer;
+        $_functionCode = $compiler->parser->current_buffer->to_smarty_php($compiler->parser);
         // setup buffer for template function code
         $compiler->parser->current_buffer = new Smarty_Internal_ParseTree_Template();
 
-        $output = "<?php\n";
-        $output .= "/* {block '{$_name}'} {$compiler->template->source->type}:{$compiler->template->source->name} */\n";
-        $output .= "class {$_className} extends Smarty_Internal_Block\n";
-        $output .= "{\n";
-        foreach ($_block as $property => $value) {
-            $output .= "public \${$property} = {$value};\n";
-        }
-        $output .= "public function callBlock(Smarty_Internal_Template \$_smarty_tpl) {\n";
-        //$output .= "/*/%%SmartyNocache:{$compiler->template->compiled->nocache_hash}%%*/\n";
         if ($compiler->template->compiled->has_nocache_code) {
+            $_has_nocache_code = true;
+            $_block[ 6 ] = $_funcNameCaching = $_funcName . '_nocache';
+            $output =
+                "/* {block '{$_name}'} {$sourceInfo} */\n";
+            $output .= "function {$_funcNameCaching} (\$_smarty_tpl, \$_blockParentStack) {\n";
+            $output .= "/*/%%SmartyNocache:{$compiler->template->compiled->nocache_hash}%%*/\n";
             $output .= "\$_smarty_tpl->cached->hashes['{$compiler->template->compiled->nocache_hash}'] = true;\n";
+            if (isset($_assign)) {
+                $output .= "ob_start();\n";
+            }
+            $output .= $_functionCode;
+            if (isset($_assign)) {
+                $output .= "\$_smarty_tpl->tpl_vars[{$_assign}] = new Smarty_Variable(ob_get_clean());\n";
+            }
+            $output .= "/*%%SmartyNocache:{$compiler->template->compiled->nocache_hash}%%*/\n";
+            $output .= "}\n";
+            $output .= "/* {/block '{$_name}'} */\n\n";
+            $compiler->parser->current_buffer->append_subtree($compiler->parser,
+                                                              new Smarty_Internal_ParseTree_Tag($compiler->parser,
+                                                                                                $output));
+            $compiler->blockOrFunctionCode .= $compiler->parser->current_buffer->to_smarty_php($compiler->parser);
+            $compiler->parser->current_buffer = new Smarty_Internal_ParseTree_Template();
+            $this->compiler = $compiler;
+            $_functionCode =
+                preg_replace_callback("/(echo '\/\*%%SmartyNocache:{$compiler->template->compiled->nocache_hash}%%\*\/([\S\s]*?)\/\*\/%%SmartyNocache:{$compiler->template->compiled->nocache_hash}%%\*\/';)/",
+                                      array($this, 'removeNocache'), $_functionCode);
+            $this->compiler = null;
         }
+        $output = "/* {block '{$_name}'}  {$sourceInfo} */\n";
+        $output .= "function {$_funcName}(\$_smarty_tpl, \$_blockParentStack) {\n";
         if (isset($_assign)) {
             $output .= "ob_start();\n";
         }
-        $output .= "?>\n";
-        $compiler->parser->current_buffer->append_subtree($compiler->parser,
-                                                          new Smarty_Internal_ParseTree_Tag($compiler->parser,
-                                                                                            $output));
-        $compiler->parser->current_buffer->append_subtree($compiler->parser, $_functionCode);
-        $output = "<?php\n";
+        $output .= $_functionCode;
         if (isset($_assign)) {
             $output .= "\$_smarty_tpl->tpl_vars[{$_assign}] = new Smarty_Variable(ob_get_clean());\n";
         }
-        //$output .= "/*%%SmartyNocache:{$compiler->template->compiled->nocache_hash}%%*/\n";
-        $output .= "}\n";
         $output .= "}\n";
         $output .= "/* {/block '{$_name}'} */\n\n";
-        $output .= "?>\n";
         $compiler->parser->current_buffer->append_subtree($compiler->parser,
                                                           new Smarty_Internal_ParseTree_Tag($compiler->parser,
                                                                                             $output));
-        $compiler->blockOrFunctionCode .= $f = $compiler->parser->current_buffer->to_smarty_php($compiler->parser);
-        $compiler->parser->current_buffer = new Smarty_Internal_ParseTree_Template();
+        $compiler->blockOrFunctionCode .= $compiler->parser->current_buffer->to_smarty_php($compiler->parser);
         // nocache plugins must be copied
         if (!empty($compiler->template->compiled->required_plugins[ 'nocache' ])) {
             foreach ($compiler->template->compiled->required_plugins[ 'nocache' ] as $plugin => $tmp) {
@@ -231,13 +256,14 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler, $
         $compiler->tag_nocache = $compiler->nocache;
         $compiler->nocache = $_nocache;
         $compiler->parser->current_buffer = $_buffer;
-        $output = "<?php \n";
+        $output = '';
         if ($compiler->_cache[ 'blockNesting' ] == 1) {
-            $output .= "new {$_className}(\$_smarty_tpl);\n";
+            $output .= "\$_smarty_tpl->_getExtension('_inheritance')->processBlock(\$_smarty_tpl, 0, {$compiler->_cache['blockName'][$compiler->_cache['blockNesting']]}, " .
+                var_export($_block, true) . ");\n";
         } else {
-            $output .= "new {$_className}(\$_smarty_tpl, \$this->tplIndex);\n";
+            $output .= "\$_smarty_tpl->_getExtension('_inheritance')->processBlock(\$_smarty_tpl, 0, {$compiler->_cache['blockName'][$compiler->_cache['blockNesting']]}, " .
+                var_export($_block, true) . ", \$_blockParentStack);\n";
         }
-        $output .= "?>\n";
         $compiler->_cache[ 'blockNesting' ] --;
         if ($compiler->_cache[ 'blockNesting' ] == 0) {
             unset($compiler->_cache[ 'blockNesting' ]);
@@ -246,4 +272,18 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler, $
         $compiler->suppressNocacheProcessing = true;
         return $output;
     }
+
+    /**
+     * @param $match
+     *
+     * @return mixed
+     */
+    function removeNocache($match)
+    {
+        $code =
+            preg_replace("/(echo '\/\*%%SmartyNocache:{$this->compiler->template->compiled->nocache_hash}%%\*\/)|(\/\*\/%%SmartyNocache:{$this->compiler->template->compiled->nocache_hash}%%\*\/';)/",
+                         '', $match[ 0 ]);
+        $code = str_replace(array('\\\'', '\\\\\''), array('\'', '\\\''), $code);
+        return $code;
+    }
 }