Fedora 28: php-Smarty Security Update
Summary
Smarty is a template engine for PHP, facilitating the separation of
presentation (HTML/CSS) from application logic. This implies that PHP
code is application logic, and is separated from the presentation.
Autoloader: /usr/share/php/Smarty/autoload.php
===== 3.1.33 release ===== 12.09.2018 ===== 3.1.33-dev-12 ===== 03.09.2018
- bugfix {foreach} using new style property access like {$item@property} on
Smarty 2 style named foreach loop could produce errors
https://github.com/smarty-php/smarty/issues/484 31.08.2018 - bugfix some
custom left and right delimiters like '{^' '^}' did not work
https://github.com/smarty-php/smarty/issues/450 https://github.com/smarty-php/smarty/pull/482 - reformating for PSR-2 coding standards
https://github.com/smarty-php/smarty/pull/483 - bugfix on Windows absolute
filepathes did fail if the drive letter was followed by a linux
DIRECTORY_SEPARATOR like C:/ at Smarty > 3.1.33-dev-5
https://github.com/smarty-php/smarty/issues/451 - PSR-2 code style fixes for
config and template file Lexer/Parser generated with the Smarty Lexer/Parser
generator from https://github.com/smarty-php/smarty-lexer
https://github.com/smarty-php/smarty/pull/483 26.08.2018 -bugfix/enhancement {capture} allow variable as capture block name in Smarty
special variable like $smarty.capture.$foo https://github.com/smarty-php/smarty/issues/478 https://github.com/smarty-php/smarty/pull/481 ====3.1.33-dev-6 ===== 19.08.2018 - fix PSR-2 coding standards and PHPDoc blocks
https://github.com/smarty-php/smarty/pull/452 https://github.com/smarty-php/smarty/pull/475 https://github.com/smarty-php/smarty/pull/473 - bugfix
PHP5.2 compatibility https://github.com/smarty-php/smarty/pull/472 ====3.1.33-dev-4 ===== 17.05.2018 - bugfix strip-block produces different output
in Smarty v3.1.32 https://github.com/smarty-php/smarty/issues/436 - bugfix
Smarty::compileAllTemplates ignores `$extension` parameter
https://github.com/smarty-php/smarty/issues/437 https://github.com/smarty-php/smarty/pull/438 - improvement do not compute total property in {foreach} if
not needed https://github.com/smarty-php/smarty/issues/443 - bugfix plugins
may not be loaded when setMergeCompiledIncludes is true
https://github.com/smarty-php/smarty/issues/435 26.04.2018 - bugfix
regarding Security Vulnerability did not solve the problem under Linux.
Security issue CVE-2018-16831 ===== 3.1.32 ===== (24.04.2018) 24.04.2018 -bugfix possible Security Vulnerability in Smarty_Security class. 26.03.2018
- bugfix plugins may not be loaded if {function} or {block} tags are executed in
nocache mode https://github.com/smarty-php/smarty/issues/371 26.03.2018 -new feature {parent} = {$smarty.block.parent} {child} = {$smarty.block.child}
23.03.2018 - bugfix preg_replace could fail on large content resulting in a
blank page https://github.com/smarty-php/smarty/issues/417 21.03.2018 -bugfix {$smarty.section...} used outside {section}{/section} showed incorrect
values if {section}{/section} was called inside another loop
https://github.com/smarty-php/smarty/issues/422 - bugfix short form of
{section} attributes did not work https://github.com/smarty-php/smarty/issues/428 17.03.2018 - improvement Smarty::compileAllTemplates()
exit with a non-zero status code if max errors is reached
https://github.com/smarty-php/smarty/pull/402 16.03.2018 - bugfix extends
resource did not work with user defined left/right delimiter
https://github.com/smarty-php/smarty/issues/419 22.11.2017 - bugfix {break}
and {continue} could fail if {foreach}{/foreach} did contain other looping
tags like {for}, {section} and {while} https://github.com/smarty-php/smarty/issues/323 20.11.2017 - bugfix rework of newline spacing between
tag code and template text. now again identical with Smarty2 (forum topic
26878) - replacement of " by ' 05.11.2017 - lexer/parser optimization -code cleanup and optimizations - bugfix {$smarty.section.name.loop} used
together with {$smarty.section.name.total} could produce wrong results
(forum topic 27041) 26.10.2017 - bugfix Smarty version was not filled in
header comment of compiled and cached files - optimization replace internal
Smarty::$ds property by DIRECTORY_SEPARATOR - deprecate functions
Smarty::muteExpectedErrors() and Smarty::unmuteExpectedErrors() as Smarty
does no longer use error suppression like @filemtime(). for backward
compatibility code is moved from Smarty class to an external class and still can
be called. - correction of PHPDoc blocks - minor code cleanup
21.10.2017 - bugfix custom delimiters could fail since modification of
version 3.1.32-dev-23 https://github.com/smarty-php/smarty/issues/394
18.10.2017 - bugfix fix implementation of unclosed block tag in double quoted
string of 12.10.2017 https://github.com/smarty-php/smarty/issues/396
https://github.com/smarty-php/smarty/issues/397 https://github.com/smarty-php/smarty/issues/391 https://github.com/smarty-php/smarty/issues/392
12.10.2017 - bugfix $smarty.block.child and $smarty.block.parent could not be
used like any $smarty special variable https://github.com/smarty-php/smarty/issues/393 - unclosed block tag in double quoted string must throw
compiler exception. https://github.com/smarty-php/smarty/issues/391
https://github.com/smarty-php/smarty/issues/392 07.10.2017 - bugfix
modification of 9.8.2017 did fail on some recursive tag nesting.
https://github.com/smarty-php/smarty/issues/389 26.8.2017 - bugfix chained
modifier failed when last modifier parameter is a signed value
https://github.com/smarty-php/smarty/issues/327 - bugfix templates filepath
with multibyte characters did not work https://github.com/smarty-php/smarty/issues/385 - bugfix {make_nocache} did display code if the template
did not contain other nocache code https://github.com/smarty-php/smarty/issues/369 09.8.2017 - improvement repeated delimiter like {{ and
}} will be treated as literal
https://groups.google.com/forum/#!topic/smarty-developers/h9r82Bx4KZw 05.8.2017
- bugfix wordwrap modifier could fail if used in nocache code. converted
plugin file shared.mb_wordwrap.php into modifier.mb_wordwrap.php - cleanup of
_getSmartyObj() 31.7.2017 - Call clearstatcache() after mkdir() failure
https://github.com/smarty-php/smarty/pull/379 30.7.2017 - rewrite mkdir()
bugfix to retry automatically see https://github.com/smarty-php/smarty/pull/377
https://github.com/smarty-php/smarty/pull/379 21.7.2017 - security possible
PHP code injection on custom resources at display() or fetch() calls if the
resource does not sanitize the template name - bugfix fix 'mkdir(): File
exists' error on create directory from parallel processes
https://github.com/smarty-php/smarty/pull/377 - bugfix solve preg_match() hhvm
parameter problem https://github.com/smarty-php/smarty/pull/372 27.5.2017 -bugfix change compiled code for registered function and modifiers to called as
callable to allow closures https://github.com/smarty-php/smarty/pull/368,
https://github.com/smarty-php/smarty/issues/273 - bugfix
https://github.com/smarty-php/smarty/pull/368 did break the default plugin
handler - improvement replace phpversion() by PHP_VERSION constant.
https://github.com/smarty-php/smarty/pull/363 21.5.2017 - performance store
flag for already required shared plugin functions in static variable or
Smarty's $_cache to improve performance when plugins are often called
https://github.com/smarty-php/smarty/commit/51e0d5cd405d764a4ea257d1bac1fb1205f7
4528#commitcomment-22280086 - bugfix remove special treatment of classes
implementing ArrayAccess in {foreach} https://github.com/smarty-php/smarty/issues/332 - bugfix remove deleted files by clear_cache() and
clear_compiled_template() from ACP cache if present, add some is_file()
checks to avoid possible warnings on filemtime() caused by above functions.
https://github.com/smarty-php/smarty/issues/341 - bugfix version 3.1.31 did
fail under PHP 5.2 https://github.com/smarty-php/smarty/issues/365
19.5.2017 - change properties $accessMap and $obsoleteProperties from private
to protected https://github.com/smarty-php/smarty/issues/351 - new feature
The named capture buffers can now be accessed also as array See
NEWS_FEATURES.txt https://github.com/smarty-php/smarty/issues/366 -improvement check if ini_get() and ini_set() not disabled
https://github.com/smarty-php/smarty/pull/362 24.4.2017 - fix spelling
https://github.com/smarty-php/smarty/commit/e3eda8a5f5653d8abb960eb1bc47e3eca679
b1b4#commitcomment-21803095 17.4.2017 - correct generated code on empty()
and isset() call, observe change PHP behaviour since PHP 5.5
https://github.com/smarty-php/smarty/issues/347 14.4.2017 - merge pull
requests https://github.com/smarty-php/smarty/pull/349,
https://github.com/smarty-php/smarty/pull/322 and https://github.com/smarty-php/smarty/pull/337 to fix spelling and annotation 13.4.2017 - bugfix
array_merge() parameter should be checked https://github.com/smarty-php/smarty/issues/350 ===== 3.1.31 ===== (14.12.2016) 23.11.2016 - move
template object cache into static variables 19.11.2016 - bugfix
inheritance root child templates containing nested {block}{/block} could call
sub-bock content from parent template https://github.com/smarty-php/smarty/issues/317 - change version checking 11.11.2016 - bugfix when
Smarty is using a cached template object on Smarty::fetch() or
Smarty::isCached() the inheritance data must be removed
https://github.com/smarty-php/smarty/issues/312 - smaller speed optimization
08.11.2016 - add bootstrap file to load and register Smarty_Autoloader.
Change composer.json to make it known to composer 07.11.2016 - optimization
of lexer speed https://github.com/smarty-php/smarty/issues/311 27.10.2016 -bugfix template function definitions array has not been cached between
Smarty::fetch() and Smarty::display() calls https://github.com/smarty-php/smarty/issues/301 23.10.2016 - improvement/bugfix when Smarty::fetch()
is called on a template object the inheritance and tplFunctions property
should be copied to the called template object 21.10.2016 - bugfix for
compile locking touched timestamp of old compiled file was not restored on
compilation error https://github.com/smarty-php/smarty/issues/308 20.10.2016
- bugfix nocache code was not removed in cache file when subtemplate did contain
PHP short tags in text but no other nocache code https://github.com/smarty-php/smarty/issues/300 19.10.2016 - bugfix {make_nocache $var} did fail when
variable value did contain '\' https://github.com/smarty-php/smarty/issues/305
- bugfix {make_nocache $var} remove spaces from variable value
https://github.com/smarty-php/smarty/issues/304 12.10.2016 - bugfix
{include} with template names including variable or constants could fail after
bugfix from 28.09.2016 https://github.com/smarty-php/smarty/issues/302
08.10.2016 - optimization move runtime extension for template functions into
Smarty objects 29.09.2016 - improvement new Smarty::$extends_recursion
property to disable execution of {extends} in templates called by extends
resource https://github.com/smarty-php/smarty/issues/296 28.09.2016 -bugfix the generated code for calling a subtemplate must pass the template
resource name in single quotes https://github.com/smarty-php/smarty/issues/299
- bugfix nocache hash was not removed for tags in subtemplates
https://github.com/smarty-php/smarty/issues/300 27.09.2016 - bugfix when
Smarty does use an internally cached template object on Smarty::fetch() calls
the template and config variables must be cleared https://github.com/smarty-php/smarty/issues/297 20.09.2016 - bugfix some $smarty special template
variables are no longer accessed as real variable. using them on calls like
{if isset($smarty.foo)} or {if empty($smarty.foo)} will fail
https://www.smarty.net//forums/viewtopic.php?t=26222 - temporary fix for
https://github.com/smarty-php/smarty/issues/293 main reason still under
investigation - improvement new tags {block_parent} {block_child} in template
inheritance 19.09.2016 - optimization clear compiled and cached folder
completely on detected version change - cleanup convert cache resource file
method clear into runtime extension 15.09.2016 - bugfix assigning a
variable in if condition by function like {if $value = array_shift($array)} the
function got called twice https://github.com/smarty-php/smarty/issues/291 -bugfix function plugins called with assign attribute like {foo assign='bar'} did
not output returned content because because assumption was made that
it was assigned to a variable https://github.com/smarty-php/smarty/issues/292
- bugfix calling $smarty->isCached() on a not existing cache file with
$smarty->cache_locking = true; could cause a 10 second delay
https://www.smarty.net/forums/viewtopic.php - improvement make
Smarty::clearCompiledTemplate() on custom resource independent from changes of
templateId computation 11.09.2016 - improvement {math} misleading
E_USER_WARNING messages when parameter value = null https://github.com/smarty-php/smarty/issues/288 - improvement move often used code snippets into methods
- performance Smarty::configLoad() did load unneeded template source object
09.09.2016 - bugfix/optimization {foreach} did not execute the {foreachelse}
when iterating empty objects https://github.com/smarty-php/smarty/pull/287 -bugfix {foreach} must keep the @properties when restoring a saved $item variable
as the properties might be used outside {foreach} https://github.com/smarty-php/smarty/issues/267 - improvement {foreach} observe {break n} and {continue
n} nesting levels when restoring saved $item and $key variables 08.09.2016
- bugfix implement wrapper for removed method getConfigVariable()
https://github.com/smarty-php/smarty/issues/286 07.09.2016 - bugfix using
nocache like attribute with value true like {plugin nocache=true} did not work
https://github.com/smarty-php/smarty/issues/285 - bugfix uppercase TRUE, FALSE
and NULL did not work when security was enabled https://github.com/smarty-php/smarty/issues/282 - bugfix when {foreach} was looping over an object the
total property like {$item@total} did always return 1 https://github.com/smarty-php/smarty/issues/281 - bugfix {capture}{/capture} did add in 3.1.30
unintended additional blank lines https://github.com/smarty-php/smarty/issues/268 01.09.2016 - performance require_once should be
called only once for shared plugins https://github.com/smarty-php/smarty/issues/280 26.08.2016 - bugfix change of 23.08.2016 failed on
linux when use_include_path = true 23.08.2016 - bugfix remove constant DS
as shortcut for DIRECTORY_SEPARATOR as the user may have defined it to something
else https://github.com/smarty-php/smarty/issues/277 20.08-2016 - bugfix
{config_load ... scope="global"} shall not throw an arror but fallback to
scope="smarty" https://github.com/smarty-php/smarty/issues/274 - bugfix
{make_nocache} failed when using composer autoloader https://github.com/smarty-php/smarty/issues/275 14.08.2016 - bugfix $smarty_>debugging = true; did
E_NOTICE messages when {eval} tag was used https://github.com/smarty-php/smarty/issues/266 - bugfix Class
'Smarty_Internal_Runtime_ValidateCompiled' not found when upgrading from some
older Smarty versions with existing compiled or cached template files
https://github.com/smarty-php/smarty/issues/269 - optimization remove unneeded
call to update acopes when {assign} scope and template scope was local (default)
===== 3.1.30 ===== (07.08.2016) 07.08.2016 - bugfix update of 04.08.2016
was incomplete 05.08.2016 - bugfix compiling of templates failed when the
Smarty delimiter did contain '/' https://github.com/smarty-php/smarty/issues/264
- updated error checking at template and config default handler 04.08.2016
- improvement move template function source parameter into extension
26.07.2016 - optimization unneeded loading of compiled resource 24.07.2016
- regression this->addPluginsDir('/abs/path/to/dir') adding absolute path
without trailing '/' did fail https://github.com/smarty-php/smarty/issues/260
23.07.2016 - bugfix setTemplateDir('/') and setTemplateDir('') did create
wrong absolute filepath https://github.com/smarty-php/smarty/issues/245 -optimization of filepath normalization - improvement remove double function
declaration in plugin shared.escape_special_cars.php https://github.com/smarty-php/smarty/issues/229 19.07.2016 - bugfix multiple {include} with relative
filepath within {block}{/block} could fail https://github.com/smarty-php/smarty/issues/246 - bugfix {math} shell injection vulnerability patch
provided by Tim Weber 18.07.2016 - bugfix {foreach} if key variable and
item@key attribute have been used both the key variable was not updated
https://github.com/smarty-php/smarty/issues/254 - bugfix modifier on plugins
like {plugin|modifier ... } did fail when the plugin does return an array
https://github.com/smarty-php/smarty/issues/228 - bugfix avoid
opcache_invalidate to result in ErrorException when opcache.restrict_api is not
empty https://github.com/smarty-php/smarty/pull/244 - bugfix multiple
{include} with relative filepath within {block}{/block} could fail
https://github.com/smarty-php/smarty/issues/246 14.07.2016 - bugfix wrong
parameter on compileAllTemplates() and compileAllConfig()
https://github.com/smarty-php/smarty/issues/231 13.07.2016 - bugfix PHP 7
compatibility on registered compiler plugins https://github.com/smarty-php/smarty/issues/241 - update testInstall() - bugfix
enable debugging could fail when template objects did already exists
https://github.com/smarty-php/smarty/issues/237 - bugfix template function
data should be merged when loading subtemplate https://github.com/smarty-php/smarty/issues/240 - bugfix wrong parameter on compileAllTemplates()
https://github.com/smarty-php/smarty/issues/231 12.07.2016 - bugfix
{foreach} item variable must be created also on empty from array
https://github.com/smarty-php/smarty/issues/238 and https://github.com/smarty-php/smarty/issues/239 - bugfix enableSecurity() must init cache flags
https://github.com/smarty-php/smarty/issues/247 27.05.2016 -bugfix/improvement of compileAlltemplates() follow symlinks in template folder
(PHP >= 5.3.1) https://github.com/smarty-php/smarty/issues/224 clear
internal cache and expension handler for each template to avoid possible
conflicts https://github.com/smarty-php/smarty/issues/231 16.05.2016 -optimization {foreach} compiler and processing - broken PHP 5.3 and 5.4
compatibility 15.05.2016 - optimization and cleanup of resource code
10.05.2016 - optimization of inheritance processing 07.05.2016 -bugfix
Only variables should be assigned by reference https://github.com/smarty-php/smarty/issues/227 02.05.2016 - enhancement {block} tag names can now be
variable https://github.com/smarty-php/smarty/issues/221 01.05.2016 -bugfix same relative filepath at {include} called from template in different
folders could display wrong sub-template 29.04.2016 - bugfix {strip} remove
space on linebreak between html tags https://github.com/smarty-php/smarty/issues/213 24.04.2016 - bugfix nested {include} with relative
file path could fail when called in {block} ... {/block}
https://github.com/smarty-php/smarty/issues/218 14.04.2016 - bugfix special
variable {$smarty.capture.name} was not case sensitive on name
https://github.com/smarty-php/smarty/issues/210 - bugfix the default template
handler must calculate the source uid https://github.com/smarty-php/smarty/issues/205 13.04.2016 - bugfix template inheritance status must
be saved when calling sub-templates https://github.com/smarty-php/smarty/issues/215 27.03.2016 - bugfix change of 11.03.2016 cause again
{capture} data could not been seen in other templates with
{$smarty.capture.name} https://github.com/smarty-php/smarty/issues/153
11.03.2016 - optimization of capture and security handling - improvement
$smarty->clearCompiledTemplate() should return on recompiled or uncompiled
resources 10.03.2016 - optimization of resource processing 09.03.2016
- improvement rework of 'scope' attribute handling see see NEW_FEATURES.txt
https://github.com/smarty-php/smarty/issues/194 https://github.com/smarty-php/smarty/issues/186 https://github.com/smarty-php/smarty/issues/179 - bugfix
correct Autoloader update of 2.3.2014 https://github.com/smarty-php/smarty/issues/199 04.03.2016 - bugfix change from 01.03.2016 will cause
$smarty->isCached(..) failure if called multiple time for same template
(forum topic 25935) 02.03.2016 - revert autoloader optimizations because of
unexplainable warning when using plugins https://github.com/smarty-php/smarty/issues/199 01.03.2016 - bugfix template objects must be cached
on $smarty->fetch('foo.tpl) calls incase the template is fetched multiple
times (forum topic 25909) 25.02.2016 - bugfix wrong _realpath with 4 or
more parent-directories https://github.com/smarty-php/smarty/issues/190 -optimization of _realpath - bugfix instanceof expression in template code must
be treated as value https://github.com/smarty-php/smarty/issues/191 20.02.2016
- bugfix {strip} must keep space between hmtl tags. Broken by changes of
10.2.2016 https://github.com/smarty-php/smarty/issues/184 - new feature/bugfix
{foreach}{section} add 'properties' attribute to force compilation of loop
properties see NEW_FEATURES.txt https://github.com/smarty-php/smarty/issues/189 19.02.2016 - revert output buffer flushing on
display, echo content again because possible problems when PHP files had
characters (newline} after ?> at file end https://github.com/smarty-php/smarty/issues/187 14.02.2016 - new tag {make_nocache} read
NEW_FEATURES.txt https://github.com/smarty-php/smarty/issues/110 -optimization of sub-template processing - bugfix using extendsall as default
resource and {include} inside {block} tags could produce unexpected results
https://github.com/smarty-php/smarty/issues/183 - optimization of tag
attribute compiling - optimization make compiler tag object cache static for
higher compilation speed 11.02.2016 - improvement added KnockoutJS comments
to trimwhitespace outputfilter https://github.com/smarty-php/smarty/issues/82
https://github.com/smarty-php/smarty/pull/181 10.02.2016 - bugfix {strip}
must keep space on output creating smarty tags within html tags
https://github.com/smarty-php/smarty/issues/177 - bugfix wrong precedence on
special if conditions like '$foo is ... by $bar' could cause wrong code
https://github.com/smarty-php/smarty/issues/178 - improvement because of
ambiguities the inline constant support has been removed from the $foo.bar
syntax https://github.com/smarty-php/smarty/issues/149 - bugfix other {strip}
error with output tags between hmtl https://github.com/smarty-php/smarty/issues/180 09.02.2016 - move some code from parser into compiler
- reformat all code for unique style - update/bugfix scope attribute handling
reworked. Read the newfeatures.txt file 05.02.2016 - improvement internal
compiler changes 01.02.2016 - bugfix {foreach} compilation failed when
$smarty->merge_compiled_includes = true and pre-filters are used. 29.01.2016
- bugfix implement replacement code for _tag_stack property
https://github.com/smarty-php/smarty/issues/151 28.01.2016 - bugfix allow
windows network filepath or wrapper (forum topic 25876)
https://github.com/smarty-php/smarty/issues/170 - bugfix if fetch('foo.tpl')
is called on a template object the $parent parameter should default to the
calling template object https://github.com/smarty-php/smarty/issues/152
27.01.2016 - revert bugfix compiling {section} did create warning - bugfix
{$smarty.section.customer.loop} did throw compiler error
https://github.com/smarty-php/smarty/issues/161 update of yesterdays fix -bugfix string resource could inject code at {block} or inline subtemplates
through PHP comments https://github.com/smarty-php/smarty/issues/157
- bugfix output filters did not observe nocache code
flhttps://github.com/smarty-php/smarty/issues/154g https://github.com/smarty-php/smarty/issues/160 - bugfix {extends} with relative file path did not work
https://github.com/smarty-php/smarty/issues/154 https://github.com/smarty-php/smarty/issues/158 - bugfix {capture} data could not been seen in other
templates with {$smarty.capture.name} https://github.com/smarty-php/smarty/issues/153 26.01.2016 - improvement observe Smarty::$_CHARSET in
debugging console https://github.com/smarty-php/smarty/issues/169 - bugfix
compiling {section} did create warning - bugfix
{$smarty.section.customer.loop} did throw compiler error
https://github.com/smarty-php/smarty/issues/161 02.01.2016 - update scope
handling - optimize block plugin compiler - improvement runtime checks if
registered block plugins are callable 01.01.2016 - remove
Smarty::$resource_cache_mode property 31.12.2015 - optimization of
{assign}, {if} and {while} compiled code 30.12.2015 - bugfix plugin names
starting with "php" did not compile https://github.com/smarty-php/smarty/issues/147 29.12.2015 - bugfix Smarty::error_reporting was not
observed when display() or fetch() was called on template objects
https://github.com/smarty-php/smarty/issues/145 28.12.2015 - optimization
of {foreach} code size and processing 27.12.2015 - improve inheritance code
- update external methods - code fixes - PHPdoc updates 25.12.2015 -compile {block} tag code and its processing into classes - optimization
replace hhvm extension by inline code - new feature If ACP is enabled force an
apc_compile_file() when compiled or cached template was updated 24.12.2015
- new feature Compiler does now observe the template_dir setting and will create
separate compiled files if required - bugfix post filter did fail on template
inheritance https://github.com/smarty-php/smarty/issues/144 23.12.2015 -optimization move internal method decodeProperties back into template object -optimization move subtemplate processing back into template object - new
feature Caching does now observe the template_dir setting and will create
separate cache files if required 22.12.2015 - change $xxx_dir properties
from private to protected in case Smarty class gets extended - code
optimizations 21.12.2015 - bugfix a filepath starting with '/' or '\' on
windows should normalize to the root dir of current working drive
https://github.com/smarty-php/smarty/issues/134 - optimization of filepath
normalization - bugfix {strip} must remove all blanks between html tags
https://github.com/smarty-php/smarty/issues/136 ===== 3.1.29 ====(21.12.2015) 21.12.2015 - optimization improve speed of filetime checks on
extends and extendsall resource 20.12.2015 - bugfix failure when the
default resource type was set to 'extendsall' https://github.com/smarty-php/smarty/issues/123 - update compilation of Smarty special variables -bugfix add addition check for OS type on normalization of file path
https://github.com/smarty-php/smarty/issues/134 - bugfix the source uid of the
extendsall resource must contain $template_dir settings
https://github.com/smarty-php/smarty/issues/123 19.12.2015 - bugfix using
$smarty.capture.foo in expressions could fail https://github.com/smarty-php/smarty/pull/138 - bugfix broken PHP 5.2 compatibility
https://github.com/smarty-php/smarty/issues/139 - remove no longer used code
- improvement make sure that compiled and cache templates never can contain a
trailing '?>? 18.12.2015 - bugfix regression when modifier parameter was
followed by math https://github.com/smarty-php/smarty/issues/132 17.12.2015
- bugfix {$smarty.capture.nameFail} did lowercase capture name
https://github.com/smarty-php/smarty/issues/135 - bugfix using {block
append/prepend} on same block in multiple levels of inheritance templates could
fail (forum topic 25827) - bugfix text content consisting of just a single '0'
like in {if true}0{/if} was suppressed (forum topic 25834) 16.12.2015 -bugfix {foreach} did fail if from atrribute is a Generator class
https://github.com/smarty-php/smarty/issues/128 - bugfix direct access
$smarty->template_dir = 'foo'; should call Smarty::setTemplateDir()
https://github.com/smarty-php/smarty/issues/121 15.12.2015 - bugfix
{$smarty.cookies.foo} did return the $_COOKIE array not the 'foo' value
https://github.com/smarty-php/smarty/issues/122 - bugfix a call to
clearAllCache() and other should clear all internal template object caches
(forum topic 25828) 14.12.2015 - bugfix {$smarty.config.foo} broken in
3.1.28 https://github.com/smarty-php/smarty/issues/120 - bugfix multiple
calls of {section} with same name droped E_NOTICE error
https://github.com/smarty-php/smarty/issues/118 ===== 3.1.28 ====(13.12.2015) 13.12.2015 - bugfix {foreach} and {section} with uppercase
characters in name attribute did not work (forum topic 25819) - bugfix
$smarty->debugging_ctrl = 'URL' did not work (forum topic 25811) - bugfix
Debug Console could display incorrect data when using subtemplates 09.12.2015
- bugfix Smarty did fail under PHP 7.0.0 with use_include_path = true;
09.12.2015 - bugfix {strip} should exclude some html tags from stripping,
related to fix for https://github.com/smarty-php/smarty/issues/111 08.12.2015
- bugfix internal template function data got stored in wrong compiled file
https://github.com/smarty-php/smarty/issues/114 05.12.2015 -bugfix {strip}
should insert a single space https://github.com/smarty-php/smarty/issues/111
25.11.2015 -bugfix a left delimter like '[%' did fail on
[%$var_[%$variable%]%] (forum topic 25798) 02.11.2015 - bugfix {include}
with variable file name like {include file="foo_`$bar`.tpl"} did fail in
3.1.28-dev https://github.com/smarty-php/smarty/issues/102 01.11.2015 -update config file processing 31.10.2015 - bugfix add missing $trusted_dir
property to SmartyBC class (forum topic 25751) 29.10.2015 - improve
template scope handling 24.10.2015 - more optimizations of template
processing - bugfix Error when using {include} within {capture}
https://github.com/smarty-php/smarty/issues/100 21.10.2015 - move some code
into runtime extensions 18.10.2015 - optimize filepath normalization -rework of template inheritance - speed and size optimizations - bugfix under
HHVM temporary cache file must only be created when caches template was updated
- fix compiled code for new {block} assign attribute - update code generated
by template function call handler 18.09.2015 - bugfix {if $foo instanceof
$bar} failed to compile if 2nd value is a variable https://github.com/smarty-php/smarty/issues/92 17.09.2015 - bugfix {foreach} first attribute was not
correctly reset since commit 05a8fa2 of 02.08.2015 https://github.com/smarty-php/smarty/issues/90 16.09.2015 - update compiler by moving no longer
needed properties, code optimizations and other 14.09.2015 - optimize
autoloader - optimize subtemplate handling - update template inheritance
processing - move code of {call} processing back into Smarty_Internal_Template
class - improvement invalidate OPCACHE for cleared compiled and cached
template files (forum topic 25557) - bugfix unintended multiple debug windows
(forum topic 25699) 30.08.2015 - size optimization move some runtime
functions into extension - optimize inline template processing -optimization merge inheritance child and parent templates into one compiled
template file 29.08.2015 - improvement convert template inheritance into
runtime processing - bugfix {$smarty.block.parent} did always reference the
root parent block https://github.com/smarty-php/smarty/issues/68 23.08.2015
- introduce Smarty::$resource_cache_mode and cache template object of {include}
inside loop - load seldom used Smarty API methods dynamically to reduce memory
footprint - cache template object of {include} if same template is included
several times - convert debug console processing to object - use output
buffers for better performance and less memory usage - optimize nocache hash
processing - remove not really needed properties - optimize rendering -move caching to Smarty::_cache - remove properties with redundant content -optimize Smarty::templateExists() - optimize use_include_path processing -relocate properties for size optimization - remove redundant code - bugfix
compiling super globals like {$smarty.get.foo} did fail in the master branch
https://github.com/smarty-php/smarty/issues/77 06.08.2015 - avoid possible
circular object references caused by parser/lexer objects - rewrite
compileAll... utility methods - commit several internal improvements -bugfix Smarty failed when compile_id did contain "|" 03.08.2015 - rework
clear cache methods - bugfix compileAllConfig() was broken since 3.1.22
because of the changes in config file processing - improve getIncludePath() to
return directory if no file was given 02.08.2015 - optimization and code
cleanup of {foreach} and {section} compiler - rework {capture} compiler
01.08.2015 - update DateTime object can be instance of DateTimeImmutable
since PHP5.5 https://github.com/smarty-php/smarty/pull/75 - improvement show
resource type and start of template source instead of uid on eval: and string:
resource (forum topic 25630) 31.07.2015 - optimize {foreach} and {section}
compiler 29.07.2015 - optimize {section} compiler for speed and size of
compiled code 28.07.2015 - update for PHP 7 compatibility 26.07.2015 -improvement impement workaround for HHVM PHP incompatibillity
https://github.com/facebook/hhvm/issues/4797 25.07.2015 - bugfix parser did
hang on text starting
20.07.2015 - bugfix config files got recompiled on each request -improvement invalidate PHP 5.5 opcache for recompiled and cached templates
https://github.com/smarty-php/smarty/issues/72 12.07.2015 - optimize
{extends} compilation 10.07.2015 - bugfix force file: resource in demo
resource.extendsall.php 08.07.2015 - bugfix convert each word of class
names to ucfirst in in compiler. (forum topic 25588) 07.07.2015 -improvement allow fetch() or display() called on a template object to get output
from other template like $template->fetch('foo.tpl')
https://github.com/smarty-php/smarty/issues/70 - improvement Added $limit
parameter to regex_replace modifier #71 - new feature multiple indices on
file: resource 06.07.2015 - optimize {block} compilation - optimization
get rid of __get and __set in source object 01.07.2015 - optimize compile
check handling - update {foreach} compiler - bugfix debugging console did
not display string values containing \n, \r or \t correctly
https://github.com/smarty-php/smarty/issues/66 - optimize source resources
28.06.2015 - move $smarty->enableSecurity() into Smarty_Security class -optimize security isTrustedResourceDir() - move auto load filter methods into
extension - move $smarty->getTemplateVars() into extension - move
getStreamVariable() into extension - move $smarty->append() and
$smarty->appendByRef() into extension - optimize autoloader - optimize file
path normalization - bugfix PATH_SEPARATOR was replaced by mistake in
autoloader - remove redundant code 27.06.2015 - bugfix resolve naming
conflict between custom Smarty delimiter '<%' and PHP ASP tags
https://github.com/smarty-php/smarty/issues/64 - update $smarty->_realpath for
relative path not starting with './' - update Smarty security with new
realpath handling - update {include_php} with new realpath handling - move
$smarty->loadPlugin() into extension - minor compiler optimizations - bugfix
allow function plugins with name ending with 'close' https://github.com/smarty-php/smarty/issues/52 - rework of $smarty->clearCompiledTemplate() and move it
to its own extension 19.06.2015 - improvement allow closures as callback at
$smarty->registerFilter() https://github.com/smarty-php/smarty/issues/59 ====3.1.27===== (18.06.2015) 18.06.2015 - bugfix another update on file path
normalization failed on path containing something like "/.foo/"
https://github.com/smarty-php/smarty/issues/56 ===== 3.1.26===== (18.06.2015)
18.06.2015 - bugfix file path normalization failed on path containing
something like "/.foo/" https://github.com/smarty-php/smarty/issues/56
17.06.2015 - bugfix calling a plugin with nocache option but no other
attributes like {foo nocache} caused call to undefined function
https://github.com/smarty-php/smarty/issues/55 ===== 3.1.25===== (15.06.2015)
15.06.2015 - optimization of smarty_cachereource_keyvaluestore.php code
14.06.2015 - bugfix a relative sub template path could fail if template_dir
path did contain /../ https://github.com/smarty-php/smarty/issues/50 -optimization rework of path normalization - bugfix an output tag with
variable, modifier followed by an operator like {$foo|modifier+1} did fail
https://github.com/smarty-php/smarty/issues/53 13.06.2015 - bugfix a custom
cache resource using smarty_cachereource_keyvaluestore.php did fail if php.ini
mbstring.func_overload = 2 (forum topic 25568) 11.06.2015 - bugfix the
lexer could hang on very large quoted strings (forum topic 25570) 08.06.2015
- bugfix using {$foo} as array index like $bar.{$foo} or in double quoted string
like "some {$foo} thing" failed https://github.com/smarty-php/smarty/issues/49
04.06.2015 - bugfix possible error message on unset() while compiling {block}
tags https://github.com/smarty-php/smarty/issues/46 01.06.2015 - bugfix
including template variables broken since 3.1.22
https://github.com/smarty-php/smarty/issues/47 27.05.2015 - bugfix
{include} with variable file name must not create by default individual cache
file (since 3.1.22) https://github.com/smarty-php/smarty/issues/43 24.05.2015
- bugfix if condition string 'neq' broken due to a typo
https://github.com/smarty-php/smarty/issues/42 ===== 3.1.24===== (23.05.2015)
23.05.2015 - improvement on php_handling to allow very large PHP sections,
better error handling - improvement allow extreme large comment sections
(forum 25538) 21.05.2015 - bugfix broken PHP 5.2 compatibility when
compiling
named {foreach} comparison like $smarty.foreach.foobar.index > 1 did compile
into wrong code https://github.com/smarty-php/smarty/issues/41 19.05.2015 -bugfix compiler did overwrite existing variable value when setting the nocache
attribute https://github.com/smarty-php/smarty/issues/39 - bugfix output
filter trimwhitespace could run into the pcre.backtrack_limit on large output
(code.google issue 220) - bugfix compiler could run into the
pcre.backtrack_limit on larger comment or {php} tag sections (forum 25538)
18.05.2015 - improvement introduce shortcuts in lexer/parser rules for most
frequent terms for higher compilation speed 16.05.2015 - bugfix
{php}{/php} did work just for single lines https://github.com/smarty-php/smarty/issues/33 - improvement remove not needed ?>
compiled code - improvement reduce number of lexer tokens on operators and if
conditions - improvement higher compilation speed by modified lexer/parser
generator at "smarty/smarty-lexer" 13.05.2015 - improvement remove not
needed ?>
- use fresh Smarty object to display the debug console because of possible
problems when the Smarty was extended or Smarty properties had been
modified in the class source - display Smarty version number -Truncate lenght of Origin display and extend strin value display to 80 character
- bugfix in Smarty_Security 'nl2br' should be a trusted modifier, not PHP
function (code.google issue 223) 12.05.2015 - bugfix
{$smarty.constant.TEST} did fail on undefined constant
https://github.com/smarty-php/smarty/issues/28 - bugfix access to undefined
config variable like {#undef#} did fail https://github.com/smarty-php/smarty/issues/29 - bugfix in nested {foreach} saved item attributes got
overwritten https://github.com/smarty-php/smarty/issues/33 ===== 3.1.23 ====(12.05.2015) 12.05.2015 - bugfix of smaller performance issue introduce in
3.1.22 when caching is enabled - bugfix missig entry for smarty-temmplate-config in autoloader ===== 3.1.22 ===== tag was deleted because 3.1.22 did
fail caused by the missing entry for smarty-temmplate-config in autoloader
10.05.2015 - bugfix custom cache resource did not observe compile_id and
cache_id when $cache_locking == true - bugfix cache lock was not handled
correctly after timeout when $cache_locking == true - improvement added
constants for $debugging 07.05.2015 - improvement of the debugging console.
Read NEW_FEATURES.txt - optimization of resource class loading 06.05.2015
- bugfix in 3.1.22-dev cache resource must not be loaded for subtemplates -bugfix/improvement in 3.1.22-dev cache locking did not work as expected
05.05.2015 - optimization on cache update when main template is modified -optimization move handling from parser to new compiler module
05.05.2015 - bugfix code could be messed up when {tags} are used in multiple
attributes https://github.com/smarty-php/smarty/issues/23 04.05.2015 -bugfix Smarty_Resource::parseResourceName incompatible with Google AppEngine
(https://github.com/smarty-php/smarty/issues/22) - improvement use is_file()
checks to avoid errors suppressed by @ which could still cause problems
(https://github.com/smarty-php/smarty/issues/24) 28.04.2015 - bugfix
plugins of merged subtemplates not loaded in 3.1.22-dev (forum topic 25508) 2nd
fix 28.04.2015 - bugfix plugins of merged subtemplates not loaded in
3.1.22-dev (forum topic 25508) 23.04.2015 - bugfix a nocache template
variable used as parameter at {insert} was by mistake cached 20.04.2015 -bugfix at a template function containing nocache code a parmeter could overwrite
a template variable of same name 27.03.2015 - bugfix
Smarty_Security->allow_constants=false; did also disable true, false and null
(change of 16.03.2015) - improvement added a whitelist for trusted constants
to security Smarty_Security::$trusted_constants (forum topic 25471) 20.03.2015
- bugfix make sure that function properties get saved only in compiled files
containing the fuction definition {forum topic 25452} - bugfix correct update
of global variable values on exit of template functions. (reported under Smarty
Developers) 16.03.2015 - bugfix problems with {function}{/function} and
{call} tags in different subtemplate cache files {forum topic 25452} - bugfix
Smarty_Security->allow_constants=false; did not disallow direct usage of defined
constants like {SMARTY_DIR} {forum topic 25457} - bugfix {block}{/block} tags
did not work inside double quoted strings https://github.com/smarty-php/smarty/issues/18 15.03.2015 - bugfix $smarty->compile_check must be
restored before rendering of a just updated cache file {forum 25452}
14.03.2015 - bugfix {nocache} {/nocache} tags corrupted code when used
within a nocache section caused by a nocache template variable. - bugfix
template functions defined with {function} in an included subtemplate could not
be called in nocache mode with {call... nocache} if the subtemplate
had it's own cache file {forum 25452} 10.03.2015 - bugfix {include ...
nocache} whith variable file or compile_id attribute was not executed in nocache
mode. 12.02.2015 - bugfix multiple Smarty::fetch() of same template when
$smarty->merge_compiled_includes = true; could cause function already defined
error 11.02.2015 - bugfix recursive {includes} did create E_NOTICE message
when $smarty->merge_compiled_includes = true; (github issue #16) 22.01.2015
- new feature security can now control access to static methods and properties
see also NEW_FEATURES.txt 21.01.2015 - bugfix clearCompiledTemplates(),
clearAll() and clear() could try to delete whole drive at wrong path permissions
because realpath() fail (forum 25397) - bugfix 'self::' and 'parent::' was
interpreted in template syntax as static class 04.01.2015 - push last weeks
changes to github - different optimizations - improvement automatically create
different versions of compiled templates and config files depending on
property settings. - optimization restructure template processing by moving
code into classes it better belongs to - optimization restructure config file
processing 31.12.2014 - bugfix use function_exists('mb_get_info') for setting
Smarty::$_MBSTRING. Function mb_split could be overloaded depending on
php.ini mbstring.func_overload 29.12.2014 - new feature security can now
limit the template nesting level by property $max_template_nesting
see also NEW_FEATURES.txt (forum 25370) 29.12.2014 - new feature security
can now disable special $smarty variables listed in property
$disabled_special_smarty_vars see also NEW_FEATURES.txt (forum
25370) 27.12.2014 - bugfix clear internal _is_file_cache when plugins_dir
was modified 13.12.2014 - improvement optimization of lexer and parser
resulting in a up to 30% higher compiling speed 11.12.2014 - bugfix resolve
parser ambiguity between constant print tag {CONST} and other smarty tags after
change of 09.12.2014 09.12.2014 - bugfix variables $null, $true and $false
did not work after the change of 12.11.2014 (forum 25342) - bugfix call of
template function by a variable name did not work after latest changes (forum
25342) 23.11.2014 - bugfix a plugin with attached modifier could fail if
the tag was immediately followed by another Smarty tag (since 3.1.21) (forum
25326) 13.11.2014 - improvement move autoload code into Autoloader.php. Use
Composer autoloader when possible 12.11.2014 - new feature added support of
namespaces to template code 08.11.2014 - 10.11.2014 - bugfix subtemplate
called in nocache mode could be called with wrong compile_id when it did change
on one of the calling templates - improvement add code of template functions
called in nocache mode dynamically to cache file (related to bugfix of
01.11.2014) - bugfix Debug Console did not include all data from merged
compiled subtemplates 04.11.2014 - new feature $smarty->debugging = true; =>
overwrite existing Debug Console window (old behaviour)
$smarty->debugging = 2; => individual Debug Console window by template name
03.11.2014 - bugfix Debug Console did not show included subtemplates since
3.1.17 (forum 25301) - bugfix Modifier debug_print_var did not limit recursion
or prevent recursive object display at Debug Console (ATTENTION: parameter
order has changed to be able to specify maximum recursion) - bugfix Debug
consol did not include subtemplate information with
$smarty->merge_compiled_includes = true - improvement The template variables
are no longer displayed as objects on the Debug Console - improvement
$smarty->createData($parent = null, $name = null) new optional name parameter
for display at Debug Console - addition of some hooks for future extension of
Debug Console 01.11.2014 - bugfix and enhancement on subtemplate {include}
and template {function} tags. * Calling a template which has a nocache
section could fail if it was called from a cached and a not cached subtemplate.
* Calling the same subtemplate cached and not cached with the
$smarty->merge_compiled_includes enabled could cause problems * Many smaller
related changes 30.10.2014 - bugfix access to class constant by object like
{$object::CONST} or variable class name {$class::CONST} did not work (forum
25301) 26.10.2014 - bugfix E_NOTICE message was created during compilation
when ASP tags '<%' or '%>' are in template source text - bugfix
merge_compiled_includes option failed when caching enables and same subtemplate
was included cached and not cached
* Fri Feb 22 2019 Shawn Iwinski
- Update to 3.1.33
- RHBZ #s: 1532492, 1532493, 1532494, 1628739, 1628740, 1628741, 1631095, 1631096, 1631098
- CVEs: CVE-2017-1000480, CVE-2018-13982, CVE-2018-16831
- License LGPLv2+ => LGPLv3
* Sat Feb 2 2019 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
[ 1 ] Bug #1631098 - CVE-2018-13982 php-Smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1631098
[ 2 ] Bug #1628740 - CVE-2018-16831 php-Smarty: trusted_dir protection mechanism bypass [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1628740
[ 3 ] Bug #1532493 - CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1532493
[ 4 ] Bug #1631096 - CVE-2018-13982 php-Smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1631096
[ 5 ] Bug #1628741 - CVE-2018-16831 php-Smarty: trusted_dir protection mechanism bypass [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1628741
[ 6 ] Bug #1532494 - CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1532494
su -c 'dnf upgrade --advisory FEDORA-2019-d248c5aa39' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
FEDORA-2019-d248c5aa39 2019-03-06 15:27:20.805844 Product : Fedora 28 Version : 3.1.33 Release : 1.fc28 URL : https://www.smarty.net/ Summary : Smarty - the compiling PHP template engine Description : Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. This implies that PHP code is application logic, and is separated from the presentation. Autoloader: /usr/share/php/Smarty/autoload.php ===== 3.1.33 release ===== 12.09.2018 ===== 3.1.33-dev-12 ===== 03.09.2018 - bugfix {foreach} using new style property access like {$item@property} on Smarty 2 style named foreach loop could produce errors https://github.com/smarty-php/smarty/issues/484 31.08.2018 - bugfix some custom left and right delimiters like '{^' '^}' did not work https://github.com/smarty-php/smarty/issues/450 https://github.com/smarty-php/smarty/pull/482 - reformating for PSR-2 coding standards https://github.com/smarty-php/smarty/pull/483 - bugfix on Windows absolute filepathes did fail if the drive letter was followed by a linux DIRECTORY_SEPARATOR like C:/ at Smarty > 3.1.33-dev-5 https://github.com/smarty-php/smarty/issues/451 - PSR-2 code style fixes for config and template file Lexer/Parser generated with the Smarty Lexer/Parser generator from https://github.com/smarty-php/smarty-lexer https://github.com/smarty-php/smarty/pull/483 26.08.2018 -bugfix/enhancement {capture} allow variable as capture block name in Smarty special variable like $smarty.capture.$foo https://github.com/smarty-php/smarty/issues/478 https://github.com/smarty-php/smarty/pull/481 ====3.1.33-dev-6 ===== 19.08.2018 - fix PSR-2 coding standards and PHPDoc blocks https://github.com/smarty-php/smarty/pull/452 https://github.com/smarty-php/smarty/pull/475 https://github.com/smarty-php/smarty/pull/473 - bugfix PHP5.2 compatibility https://github.com/smarty-php/smarty/pull/472 ====3.1.33-dev-4 ===== 17.05.2018 - bugfix strip-block produces different output in Smarty v3.1.32 https://github.com/smarty-php/smarty/issues/436 - bugfix Smarty::compileAllTemplates ignores `$extension` parameter https://github.com/smarty-php/smarty/issues/437 https://github.com/smarty-php/smarty/pull/438 - improvement do not compute total property in {foreach} if not needed https://github.com/smarty-php/smarty/issues/443 - bugfix plugins may not be loaded when setMergeCompiledIncludes is true https://github.com/smarty-php/smarty/issues/435 26.04.2018 - bugfix regarding Security Vulnerability did not solve the problem under Linux. Security issue CVE-2018-16831 ===== 3.1.32 ===== (24.04.2018) 24.04.2018 -bugfix possible Security Vulnerability in Smarty_Security class. 26.03.2018 - bugfix plugins may not be loaded if {function} or {block} tags are executed in nocache mode https://github.com/smarty-php/smarty/issues/371 26.03.2018 -new feature {parent} = {$smarty.block.parent} {child} = {$smarty.block.child} 23.03.2018 - bugfix preg_replace could fail on large content resulting in a blank page https://github.com/smarty-php/smarty/issues/417 21.03.2018 -bugfix {$smarty.section...} used outside {section}{/section} showed incorrect values if {section}{/section} was called inside another loop https://github.com/smarty-php/smarty/issues/422 - bugfix short form of {section} attributes did not work https://github.com/smarty-php/smarty/issues/428 17.03.2018 - improvement Smarty::compileAllTemplates() exit with a non-zero status code if max errors is reached https://github.com/smarty-php/smarty/pull/402 16.03.2018 - bugfix extends resource did not work with user defined left/right delimiter https://github.com/smarty-php/smarty/issues/419 22.11.2017 - bugfix {break} and {continue} could fail if {foreach}{/foreach} did contain other looping tags like {for}, {section} and {while} https://github.com/smarty-php/smarty/issues/323 20.11.2017 - bugfix rework of newline spacing between tag code and template text. now again identical with Smarty2 (forum topic 26878) - replacement of " by ' 05.11.2017 - lexer/parser optimization -code cleanup and optimizations - bugfix {$smarty.section.name.loop} used together with {$smarty.section.name.total} could produce wrong results (forum topic 27041) 26.10.2017 - bugfix Smarty version was not filled in header comment of compiled and cached files - optimization replace internal Smarty::$ds property by DIRECTORY_SEPARATOR - deprecate functions Smarty::muteExpectedErrors() and Smarty::unmuteExpectedErrors() as Smarty does no longer use error suppression like @filemtime(). for backward compatibility code is moved from Smarty class to an external class and still can be called. - correction of PHPDoc blocks - minor code cleanup 21.10.2017 - bugfix custom delimiters could fail since modification of version 3.1.32-dev-23 https://github.com/smarty-php/smarty/issues/394 18.10.2017 - bugfix fix implementation of unclosed block tag in double quoted string of 12.10.2017 https://github.com/smarty-php/smarty/issues/396 https://github.com/smarty-php/smarty/issues/397 https://github.com/smarty-php/smarty/issues/391 https://github.com/smarty-php/smarty/issues/392 12.10.2017 - bugfix $smarty.block.child and $smarty.block.parent could not be used like any $smarty special variable https://github.com/smarty-php/smarty/issues/393 - unclosed block tag in double quoted string must throw compiler exception. https://github.com/smarty-php/smarty/issues/391 https://github.com/smarty-php/smarty/issues/392 07.10.2017 - bugfix modification of 9.8.2017 did fail on some recursive tag nesting. https://github.com/smarty-php/smarty/issues/389 26.8.2017 - bugfix chained modifier failed when last modifier parameter is a signed value https://github.com/smarty-php/smarty/issues/327 - bugfix templates filepath with multibyte characters did not work https://github.com/smarty-php/smarty/issues/385 - bugfix {make_nocache} did display code if the template did not contain other nocache code https://github.com/smarty-php/smarty/issues/369 09.8.2017 - improvement repeated delimiter like {{ and }} will be treated as literal https://groups.google.com/forum/#!topic/smarty-developers/h9r82Bx4KZw 05.8.2017 - bugfix wordwrap modifier could fail if used in nocache code. converted plugin file shared.mb_wordwrap.php into modifier.mb_wordwrap.php - cleanup of _getSmartyObj() 31.7.2017 - Call clearstatcache() after mkdir() failure https://github.com/smarty-php/smarty/pull/379 30.7.2017 - rewrite mkdir() bugfix to retry automatically see https://github.com/smarty-php/smarty/pull/377 https://github.com/smarty-php/smarty/pull/379 21.7.2017 - security possible PHP code injection on custom resources at display() or fetch() calls if the resource does not sanitize the template name - bugfix fix 'mkdir(): File exists' error on create directory from parallel processes https://github.com/smarty-php/smarty/pull/377 - bugfix solve preg_match() hhvm parameter problem https://github.com/smarty-php/smarty/pull/372 27.5.2017 -bugfix change compiled code for registered function and modifiers to called as callable to allow closures https://github.com/smarty-php/smarty/pull/368, https://github.com/smarty-php/smarty/issues/273 - bugfix https://github.com/smarty-php/smarty/pull/368 did break the default plugin handler - improvement replace phpversion() by PHP_VERSION constant. https://github.com/smarty-php/smarty/pull/363 21.5.2017 - performance store flag for already required shared plugin functions in static variable or Smarty's $_cache to improve performance when plugins are often called https://github.com/smarty-php/smarty/commit/51e0d5cd405d764a4ea257d1bac1fb1205f7 4528#commitcomment-22280086 - bugfix remove special treatment of classes implementing ArrayAccess in {foreach} https://github.com/smarty-php/smarty/issues/332 - bugfix remove deleted files by clear_cache() and clear_compiled_template() from ACP cache if present, add some is_file() checks to avoid possible warnings on filemtime() caused by above functions. https://github.com/smarty-php/smarty/issues/341 - bugfix version 3.1.31 did fail under PHP 5.2 https://github.com/smarty-php/smarty/issues/365 19.5.2017 - change properties $accessMap and $obsoleteProperties from private to protected https://github.com/smarty-php/smarty/issues/351 - new feature The named capture buffers can now be accessed also as array See NEWS_FEATURES.txt https://github.com/smarty-php/smarty/issues/366 -improvement check if ini_get() and ini_set() not disabled https://github.com/smarty-php/smarty/pull/362 24.4.2017 - fix spelling https://github.com/smarty-php/smarty/commit/e3eda8a5f5653d8abb960eb1bc47e3eca679 b1b4#commitcomment-21803095 17.4.2017 - correct generated code on empty() and isset() call, observe change PHP behaviour since PHP 5.5 https://github.com/smarty-php/smarty/issues/347 14.4.2017 - merge pull requests https://github.com/smarty-php/smarty/pull/349, https://github.com/smarty-php/smarty/pull/322 and https://github.com/smarty-php/smarty/pull/337 to fix spelling and annotation 13.4.2017 - bugfix array_merge() parameter should be checked https://github.com/smarty-php/smarty/issues/350 ===== 3.1.31 ===== (14.12.2016) 23.11.2016 - move template object cache into static variables 19.11.2016 - bugfix inheritance root child templates containing nested {block}{/block} could call sub-bock content from parent template https://github.com/smarty-php/smarty/issues/317 - change version checking 11.11.2016 - bugfix when Smarty is using a cached template object on Smarty::fetch() or Smarty::isCached() the inheritance data must be removed https://github.com/smarty-php/smarty/issues/312 - smaller speed optimization 08.11.2016 - add bootstrap file to load and register Smarty_Autoloader. Change composer.json to make it known to composer 07.11.2016 - optimization of lexer speed https://github.com/smarty-php/smarty/issues/311 27.10.2016 -bugfix template function definitions array has not been cached between Smarty::fetch() and Smarty::display() calls https://github.com/smarty-php/smarty/issues/301 23.10.2016 - improvement/bugfix when Smarty::fetch() is called on a template object the inheritance and tplFunctions property should be copied to the called template object 21.10.2016 - bugfix for compile locking touched timestamp of old compiled file was not restored on compilation error https://github.com/smarty-php/smarty/issues/308 20.10.2016 - bugfix nocache code was not removed in cache file when subtemplate did contain PHP short tags in text but no other nocache code https://github.com/smarty-php/smarty/issues/300 19.10.2016 - bugfix {make_nocache $var} did fail when variable value did contain '\' https://github.com/smarty-php/smarty/issues/305 - bugfix {make_nocache $var} remove spaces from variable value https://github.com/smarty-php/smarty/issues/304 12.10.2016 - bugfix {include} with template names including variable or constants could fail after bugfix from 28.09.2016 https://github.com/smarty-php/smarty/issues/302 08.10.2016 - optimization move runtime extension for template functions into Smarty objects 29.09.2016 - improvement new Smarty::$extends_recursion property to disable execution of {extends} in templates called by extends resource https://github.com/smarty-php/smarty/issues/296 28.09.2016 -bugfix the generated code for calling a subtemplate must pass the template resource name in single quotes https://github.com/smarty-php/smarty/issues/299 - bugfix nocache hash was not removed for tags in subtemplates https://github.com/smarty-php/smarty/issues/300 27.09.2016 - bugfix when Smarty does use an internally cached template object on Smarty::fetch() calls the template and config variables must be cleared https://github.com/smarty-php/smarty/issues/297 20.09.2016 - bugfix some $smarty special template variables are no longer accessed as real variable. using them on calls like {if isset($smarty.foo)} or {if empty($smarty.foo)} will fail https://www.smarty.net//forums/viewtopic.php?t=26222 - temporary fix for https://github.com/smarty-php/smarty/issues/293 main reason still under investigation - improvement new tags {block_parent} {block_child} in template inheritance 19.09.2016 - optimization clear compiled and cached folder completely on detected version change - cleanup convert cache resource file method clear into runtime extension 15.09.2016 - bugfix assigning a variable in if condition by function like {if $value = array_shift($array)} the function got called twice https://github.com/smarty-php/smarty/issues/291 -bugfix function plugins called with assign attribute like {foo assign='bar'} did not output returned content because because assumption was made that it was assigned to a variable https://github.com/smarty-php/smarty/issues/292 - bugfix calling $smarty->isCached() on a not existing cache file with $smarty->cache_locking = true; could cause a 10 second delay https://www.smarty.net/forums/viewtopic.php - improvement make Smarty::clearCompiledTemplate() on custom resource independent from changes of templateId computation 11.09.2016 - improvement {math} misleading E_USER_WARNING messages when parameter value = null https://github.com/smarty-php/smarty/issues/288 - improvement move often used code snippets into methods - performance Smarty::configLoad() did load unneeded template source object 09.09.2016 - bugfix/optimization {foreach} did not execute the {foreachelse} when iterating empty objects https://github.com/smarty-php/smarty/pull/287 -bugfix {foreach} must keep the @properties when restoring a saved $item variable as the properties might be used outside {foreach} https://github.com/smarty-php/smarty/issues/267 - improvement {foreach} observe {break n} and {continue n} nesting levels when restoring saved $item and $key variables 08.09.2016 - bugfix implement wrapper for removed method getConfigVariable() https://github.com/smarty-php/smarty/issues/286 07.09.2016 - bugfix using nocache like attribute with value true like {plugin nocache=true} did not work https://github.com/smarty-php/smarty/issues/285 - bugfix uppercase TRUE, FALSE and NULL did not work when security was enabled https://github.com/smarty-php/smarty/issues/282 - bugfix when {foreach} was looping over an object the total property like {$item@total} did always return 1 https://github.com/smarty-php/smarty/issues/281 - bugfix {capture}{/capture} did add in 3.1.30 unintended additional blank lines https://github.com/smarty-php/smarty/issues/268 01.09.2016 - performance require_once should be called only once for shared plugins https://github.com/smarty-php/smarty/issues/280 26.08.2016 - bugfix change of 23.08.2016 failed on linux when use_include_path = true 23.08.2016 - bugfix remove constant DS as shortcut for DIRECTORY_SEPARATOR as the user may have defined it to something else https://github.com/smarty-php/smarty/issues/277 20.08-2016 - bugfix {config_load ... scope="global"} shall not throw an arror but fallback to scope="smarty" https://github.com/smarty-php/smarty/issues/274 - bugfix {make_nocache} failed when using composer autoloader https://github.com/smarty-php/smarty/issues/275 14.08.2016 - bugfix $smarty_>debugging = true; did E_NOTICE messages when {eval} tag was used https://github.com/smarty-php/smarty/issues/266 - bugfix Class 'Smarty_Internal_Runtime_ValidateCompiled' not found when upgrading from some older Smarty versions with existing compiled or cached template files https://github.com/smarty-php/smarty/issues/269 - optimization remove unneeded call to update acopes when {assign} scope and template scope was local (default) ===== 3.1.30 ===== (07.08.2016) 07.08.2016 - bugfix update of 04.08.2016 was incomplete 05.08.2016 - bugfix compiling of templates failed when the Smarty delimiter did contain '/' https://github.com/smarty-php/smarty/issues/264 - updated error checking at template and config default handler 04.08.2016 - improvement move template function source parameter into extension 26.07.2016 - optimization unneeded loading of compiled resource 24.07.2016 - regression this->addPluginsDir('/abs/path/to/dir') adding absolute path without trailing '/' did fail https://github.com/smarty-php/smarty/issues/260 23.07.2016 - bugfix setTemplateDir('/') and setTemplateDir('') did create wrong absolute filepath https://github.com/smarty-php/smarty/issues/245 -optimization of filepath normalization - improvement remove double function declaration in plugin shared.escape_special_cars.php https://github.com/smarty-php/smarty/issues/229 19.07.2016 - bugfix multiple {include} with relative filepath within {block}{/block} could fail https://github.com/smarty-php/smarty/issues/246 - bugfix {math} shell injection vulnerability patch provided by Tim Weber 18.07.2016 - bugfix {foreach} if key variable and item@key attribute have been used both the key variable was not updated https://github.com/smarty-php/smarty/issues/254 - bugfix modifier on plugins like {plugin|modifier ... } did fail when the plugin does return an array https://github.com/smarty-php/smarty/issues/228 - bugfix avoid opcache_invalidate to result in ErrorException when opcache.restrict_api is not empty https://github.com/smarty-php/smarty/pull/244 - bugfix multiple {include} with relative filepath within {block}{/block} could fail https://github.com/smarty-php/smarty/issues/246 14.07.2016 - bugfix wrong parameter on compileAllTemplates() and compileAllConfig() https://github.com/smarty-php/smarty/issues/231 13.07.2016 - bugfix PHP 7 compatibility on registered compiler plugins https://github.com/smarty-php/smarty/issues/241 - update testInstall() - bugfix enable debugging could fail when template objects did already exists https://github.com/smarty-php/smarty/issues/237 - bugfix template function data should be merged when loading subtemplate https://github.com/smarty-php/smarty/issues/240 - bugfix wrong parameter on compileAllTemplates() https://github.com/smarty-php/smarty/issues/231 12.07.2016 - bugfix {foreach} item variable must be created also on empty from array https://github.com/smarty-php/smarty/issues/238 and https://github.com/smarty-php/smarty/issues/239 - bugfix enableSecurity() must init cache flags https://github.com/smarty-php/smarty/issues/247 27.05.2016 -bugfix/improvement of compileAlltemplates() follow symlinks in template folder (PHP >= 5.3.1) https://github.com/smarty-php/smarty/issues/224 clear internal cache and expension handler for each template to avoid possible conflicts https://github.com/smarty-php/smarty/issues/231 16.05.2016 -optimization {foreach} compiler and processing - broken PHP 5.3 and 5.4 compatibility 15.05.2016 - optimization and cleanup of resource code 10.05.2016 - optimization of inheritance processing 07.05.2016 -bugfix Only variables should be assigned by reference https://github.com/smarty-php/smarty/issues/227 02.05.2016 - enhancement {block} tag names can now be variable https://github.com/smarty-php/smarty/issues/221 01.05.2016 -bugfix same relative filepath at {include} called from template in different folders could display wrong sub-template 29.04.2016 - bugfix {strip} remove space on linebreak between html tags https://github.com/smarty-php/smarty/issues/213 24.04.2016 - bugfix nested {include} with relative file path could fail when called in {block} ... {/block} https://github.com/smarty-php/smarty/issues/218 14.04.2016 - bugfix special variable {$smarty.capture.name} was not case sensitive on name https://github.com/smarty-php/smarty/issues/210 - bugfix the default template handler must calculate the source uid https://github.com/smarty-php/smarty/issues/205 13.04.2016 - bugfix template inheritance status must be saved when calling sub-templates https://github.com/smarty-php/smarty/issues/215 27.03.2016 - bugfix change of 11.03.2016 cause again {capture} data could not been seen in other templates with {$smarty.capture.name} https://github.com/smarty-php/smarty/issues/153 11.03.2016 - optimization of capture and security handling - improvement $smarty->clearCompiledTemplate() should return on recompiled or uncompiled resources 10.03.2016 - optimization of resource processing 09.03.2016 - improvement rework of 'scope' attribute handling see see NEW_FEATURES.txt https://github.com/smarty-php/smarty/issues/194 https://github.com/smarty-php/smarty/issues/186 https://github.com/smarty-php/smarty/issues/179 - bugfix correct Autoloader update of 2.3.2014 https://github.com/smarty-php/smarty/issues/199 04.03.2016 - bugfix change from 01.03.2016 will cause $smarty->isCached(..) failure if called multiple time for same template (forum topic 25935) 02.03.2016 - revert autoloader optimizations because of unexplainable warning when using plugins https://github.com/smarty-php/smarty/issues/199 01.03.2016 - bugfix template objects must be cached on $smarty->fetch('foo.tpl) calls incase the template is fetched multiple times (forum topic 25909) 25.02.2016 - bugfix wrong _realpath with 4 or more parent-directories https://github.com/smarty-php/smarty/issues/190 -optimization of _realpath - bugfix instanceof expression in template code must be treated as value https://github.com/smarty-php/smarty/issues/191 20.02.2016 - bugfix {strip} must keep space between hmtl tags. Broken by changes of 10.2.2016 https://github.com/smarty-php/smarty/issues/184 - new feature/bugfix {foreach}{section} add 'properties' attribute to force compilation of loop properties see NEW_FEATURES.txt https://github.com/smarty-php/smarty/issues/189 19.02.2016 - revert output buffer flushing on display, echo content again because possible problems when PHP files had characters (newline} after ?> at file end https://github.com/smarty-php/smarty/issues/187 14.02.2016 - new tag {make_nocache} read NEW_FEATURES.txt https://github.com/smarty-php/smarty/issues/110 -optimization of sub-template processing - bugfix using extendsall as default resource and {include} inside {block} tags could produce unexpected results https://github.com/smarty-php/smarty/issues/183 - optimization of tag attribute compiling - optimization make compiler tag object cache static for higher compilation speed 11.02.2016 - improvement added KnockoutJS comments to trimwhitespace outputfilter https://github.com/smarty-php/smarty/issues/82 https://github.com/smarty-php/smarty/pull/181 10.02.2016 - bugfix {strip} must keep space on output creating smarty tags within html tags https://github.com/smarty-php/smarty/issues/177 - bugfix wrong precedence on special if conditions like '$foo is ... by $bar' could cause wrong code https://github.com/smarty-php/smarty/issues/178 - improvement because of ambiguities the inline constant support has been removed from the $foo.bar syntax https://github.com/smarty-php/smarty/issues/149 - bugfix other {strip} error with output tags between hmtl https://github.com/smarty-php/smarty/issues/180 09.02.2016 - move some code from parser into compiler - reformat all code for unique style - update/bugfix scope attribute handling reworked. Read the newfeatures.txt file 05.02.2016 - improvement internal compiler changes 01.02.2016 - bugfix {foreach} compilation failed when $smarty->merge_compiled_includes = true and pre-filters are used. 29.01.2016 - bugfix implement replacement code for _tag_stack property https://github.com/smarty-php/smarty/issues/151 28.01.2016 - bugfix allow windows network filepath or wrapper (forum topic 25876) https://github.com/smarty-php/smarty/issues/170 - bugfix if fetch('foo.tpl') is called on a template object the $parent parameter should default to the calling template object https://github.com/smarty-php/smarty/issues/152 27.01.2016 - revert bugfix compiling {section} did create warning - bugfix {$smarty.section.customer.loop} did throw compiler error https://github.com/smarty-php/smarty/issues/161 update of yesterdays fix -bugfix string resource could inject code at {block} or inline subtemplates through PHP comments https://github.com/smarty-php/smarty/issues/157 - bugfix output filters did not observe nocache code flhttps://github.com/smarty-php/smarty/issues/154g https://github.com/smarty-php/smarty/issues/160 - bugfix {extends} with relative file path did not work https://github.com/smarty-php/smarty/issues/154 https://github.com/smarty-php/smarty/issues/158 - bugfix {capture} data could not been seen in other templates with {$smarty.capture.name} https://github.com/smarty-php/smarty/issues/153 26.01.2016 - improvement observe Smarty::$_CHARSET in debugging console https://github.com/smarty-php/smarty/issues/169 - bugfix compiling {section} did create warning - bugfix {$smarty.section.customer.loop} did throw compiler error https://github.com/smarty-php/smarty/issues/161 02.01.2016 - update scope handling - optimize block plugin compiler - improvement runtime checks if registered block plugins are callable 01.01.2016 - remove Smarty::$resource_cache_mode property 31.12.2015 - optimization of {assign}, {if} and {while} compiled code 30.12.2015 - bugfix plugin names starting with "php" did not compile https://github.com/smarty-php/smarty/issues/147 29.12.2015 - bugfix Smarty::error_reporting was not observed when display() or fetch() was called on template objects https://github.com/smarty-php/smarty/issues/145 28.12.2015 - optimization of {foreach} code size and processing 27.12.2015 - improve inheritance code - update external methods - code fixes - PHPdoc updates 25.12.2015 -compile {block} tag code and its processing into classes - optimization replace hhvm extension by inline code - new feature If ACP is enabled force an apc_compile_file() when compiled or cached template was updated 24.12.2015 - new feature Compiler does now observe the template_dir setting and will create separate compiled files if required - bugfix post filter did fail on template inheritance https://github.com/smarty-php/smarty/issues/144 23.12.2015 -optimization move internal method decodeProperties back into template object -optimization move subtemplate processing back into template object - new feature Caching does now observe the template_dir setting and will create separate cache files if required 22.12.2015 - change $xxx_dir properties from private to protected in case Smarty class gets extended - code optimizations 21.12.2015 - bugfix a filepath starting with '/' or '\' on windows should normalize to the root dir of current working drive https://github.com/smarty-php/smarty/issues/134 - optimization of filepath normalization - bugfix {strip} must remove all blanks between html tags https://github.com/smarty-php/smarty/issues/136 ===== 3.1.29 ====(21.12.2015) 21.12.2015 - optimization improve speed of filetime checks on extends and extendsall resource 20.12.2015 - bugfix failure when the default resource type was set to 'extendsall' https://github.com/smarty-php/smarty/issues/123 - update compilation of Smarty special variables -bugfix add addition check for OS type on normalization of file path https://github.com/smarty-php/smarty/issues/134 - bugfix the source uid of the extendsall resource must contain $template_dir settings https://github.com/smarty-php/smarty/issues/123 19.12.2015 - bugfix using $smarty.capture.foo in expressions could fail https://github.com/smarty-php/smarty/pull/138 - bugfix broken PHP 5.2 compatibility https://github.com/smarty-php/smarty/issues/139 - remove no longer used code - improvement make sure that compiled and cache templates never can contain a trailing '?>? 18.12.2015 - bugfix regression when modifier parameter was followed by math https://github.com/smarty-php/smarty/issues/132 17.12.2015 - bugfix {$smarty.capture.nameFail} did lowercase capture name https://github.com/smarty-php/smarty/issues/135 - bugfix using {block append/prepend} on same block in multiple levels of inheritance templates could fail (forum topic 25827) - bugfix text content consisting of just a single '0' like in {if true}0{/if} was suppressed (forum topic 25834) 16.12.2015 -bugfix {foreach} did fail if from atrribute is a Generator class https://github.com/smarty-php/smarty/issues/128 - bugfix direct access $smarty->template_dir = 'foo'; should call Smarty::setTemplateDir() https://github.com/smarty-php/smarty/issues/121 15.12.2015 - bugfix {$smarty.cookies.foo} did return the $_COOKIE array not the 'foo' value https://github.com/smarty-php/smarty/issues/122 - bugfix a call to clearAllCache() and other should clear all internal template object caches (forum topic 25828) 14.12.2015 - bugfix {$smarty.config.foo} broken in 3.1.28 https://github.com/smarty-php/smarty/issues/120 - bugfix multiple calls of {section} with same name droped E_NOTICE error https://github.com/smarty-php/smarty/issues/118 ===== 3.1.28 ====(13.12.2015) 13.12.2015 - bugfix {foreach} and {section} with uppercase characters in name attribute did not work (forum topic 25819) - bugfix $smarty->debugging_ctrl = 'URL' did not work (forum topic 25811) - bugfix Debug Console could display incorrect data when using subtemplates 09.12.2015 - bugfix Smarty did fail under PHP 7.0.0 with use_include_path = true; 09.12.2015 - bugfix {strip} should exclude some html tags from stripping, related to fix for https://github.com/smarty-php/smarty/issues/111 08.12.2015 - bugfix internal template function data got stored in wrong compiled file https://github.com/smarty-php/smarty/issues/114 05.12.2015 -bugfix {strip} should insert a single space https://github.com/smarty-php/smarty/issues/111 25.11.2015 -bugfix a left delimter like '[%' did fail on [%$var_[%$variable%]%] (forum topic 25798) 02.11.2015 - bugfix {include} with variable file name like {include file="foo_`$bar`.tpl"} did fail in 3.1.28-dev https://github.com/smarty-php/smarty/issues/102 01.11.2015 -update config file processing 31.10.2015 - bugfix add missing $trusted_dir property to SmartyBC class (forum topic 25751) 29.10.2015 - improve template scope handling 24.10.2015 - more optimizations of template processing - bugfix Error when using {include} within {capture} https://github.com/smarty-php/smarty/issues/100 21.10.2015 - move some code into runtime extensions 18.10.2015 - optimize filepath normalization -rework of template inheritance - speed and size optimizations - bugfix under HHVM temporary cache file must only be created when caches template was updated - fix compiled code for new {block} assign attribute - update code generated by template function call handler 18.09.2015 - bugfix {if $foo instanceof $bar} failed to compile if 2nd value is a variable https://github.com/smarty-php/smarty/issues/92 17.09.2015 - bugfix {foreach} first attribute was not correctly reset since commit 05a8fa2 of 02.08.2015 https://github.com/smarty-php/smarty/issues/90 16.09.2015 - update compiler by moving no longer needed properties, code optimizations and other 14.09.2015 - optimize autoloader - optimize subtemplate handling - update template inheritance processing - move code of {call} processing back into Smarty_Internal_Template class - improvement invalidate OPCACHE for cleared compiled and cached template files (forum topic 25557) - bugfix unintended multiple debug windows (forum topic 25699) 30.08.2015 - size optimization move some runtime functions into extension - optimize inline template processing -optimization merge inheritance child and parent templates into one compiled template file 29.08.2015 - improvement convert template inheritance into runtime processing - bugfix {$smarty.block.parent} did always reference the root parent block https://github.com/smarty-php/smarty/issues/68 23.08.2015 - introduce Smarty::$resource_cache_mode and cache template object of {include} inside loop - load seldom used Smarty API methods dynamically to reduce memory footprint - cache template object of {include} if same template is included several times - convert debug console processing to object - use output buffers for better performance and less memory usage - optimize nocache hash processing - remove not really needed properties - optimize rendering -move caching to Smarty::_cache - remove properties with redundant content -optimize Smarty::templateExists() - optimize use_include_path processing -relocate properties for size optimization - remove redundant code - bugfix compiling super globals like {$smarty.get.foo} did fail in the master branch https://github.com/smarty-php/smarty/issues/77 06.08.2015 - avoid possible circular object references caused by parser/lexer objects - rewrite compileAll... utility methods - commit several internal improvements -bugfix Smarty failed when compile_id did contain "|" 03.08.2015 - rework clear cache methods - bugfix compileAllConfig() was broken since 3.1.22 because of the changes in config file processing - improve getIncludePath() to return directory if no file was given 02.08.2015 - optimization and code cleanup of {foreach} and {section} compiler - rework {capture} compiler 01.08.2015 - update DateTime object can be instance of DateTimeImmutable since PHP5.5 https://github.com/smarty-php/smarty/pull/75 - improvement show resource type and start of template source instead of uid on eval: and string: resource (forum topic 25630) 31.07.2015 - optimize {foreach} and {section} compiler 29.07.2015 - optimize {section} compiler for speed and size of compiled code 28.07.2015 - update for PHP 7 compatibility 26.07.2015 -improvement impement workaround for HHVM PHP incompatibillity https://github.com/facebook/hhvm/issues/4797 25.07.2015 - bugfix parser did hang on text starting including template variables broken since 3.1.22 https://github.com/smarty-php/smarty/issues/47 27.05.2015 - bugfix {include} with variable file name must not create by default individual cache file (since 3.1.22) https://github.com/smarty-php/smarty/issues/43 24.05.2015 - bugfix if condition string 'neq' broken due to a typo https://github.com/smarty-php/smarty/issues/42 ===== 3.1.24===== (23.05.2015) 23.05.2015 - improvement on php_handling to allow very large PHP sections, better error handling - improvement allow extreme large comment sections (forum 25538) 21.05.2015 - bugfix broken PHP 5.2 compatibility when compiling handling from parser to new compiler module 05.05.2015 - bugfix code could be messed up when {tags} are used in multiple attributes https://github.com/smarty-php/smarty/issues/23 04.05.2015 -bugfix Smarty_Resource::parseResourceName incompatible with Google AppEngine (https://github.com/smarty-php/smarty/issues/22) - improvement use is_file() checks to avoid errors suppressed by @ which could still cause problems (https://github.com/smarty-php/smarty/issues/24) 28.04.2015 - bugfix plugins of merged subtemplates not loaded in 3.1.22-dev (forum topic 25508) 2nd fix 28.04.2015 - bugfix plugins of merged subtemplates not loaded in 3.1.22-dev (forum topic 25508) 23.04.2015 - bugfix a nocache template variable used as parameter at {insert} was by mistake cached 20.04.2015 -bugfix at a template function containing nocache code a parmeter could overwrite a template variable of same name 27.03.2015 - bugfix Smarty_Security->allow_constants=false; did also disable true, false and null (change of 16.03.2015) - improvement added a whitelist for trusted constants to security Smarty_Security::$trusted_constants (forum topic 25471) 20.03.2015 - bugfix make sure that function properties get saved only in compiled files containing the fuction definition {forum topic 25452} - bugfix correct update of global variable values on exit of template functions. (reported under Smarty Developers) 16.03.2015 - bugfix problems with {function}{/function} and {call} tags in different subtemplate cache files {forum topic 25452} - bugfix Smarty_Security->allow_constants=false; did not disallow direct usage of defined constants like {SMARTY_DIR} {forum topic 25457} - bugfix {block}{/block} tags did not work inside double quoted strings https://github.com/smarty-php/smarty/issues/18 15.03.2015 - bugfix $smarty->compile_check must be restored before rendering of a just updated cache file {forum 25452} 14.03.2015 - bugfix {nocache} {/nocache} tags corrupted code when used within a nocache section caused by a nocache template variable. - bugfix template functions defined with {function} in an included subtemplate could not be called in nocache mode with {call... nocache} if the subtemplate had it's own cache file {forum 25452} 10.03.2015 - bugfix {include ... nocache} whith variable file or compile_id attribute was not executed in nocache mode. 12.02.2015 - bugfix multiple Smarty::fetch() of same template when $smarty->merge_compiled_includes = true; could cause function already defined error 11.02.2015 - bugfix recursive {includes} did create E_NOTICE message when $smarty->merge_compiled_includes = true; (github issue #16) 22.01.2015 - new feature security can now control access to static methods and properties see also NEW_FEATURES.txt 21.01.2015 - bugfix clearCompiledTemplates(), clearAll() and clear() could try to delete whole drive at wrong path permissions because realpath() fail (forum 25397) - bugfix 'self::' and 'parent::' was interpreted in template syntax as static class 04.01.2015 - push last weeks changes to github - different optimizations - improvement automatically create different versions of compiled templates and config files depending on property settings. - optimization restructure template processing by moving code into classes it better belongs to - optimization restructure config file processing 31.12.2014 - bugfix use function_exists('mb_get_info') for setting Smarty::$_MBSTRING. Function mb_split could be overloaded depending on php.ini mbstring.func_overload 29.12.2014 - new feature security can now limit the template nesting level by property $max_template_nesting see also NEW_FEATURES.txt (forum 25370) 29.12.2014 - new feature security can now disable special $smarty variables listed in property $disabled_special_smarty_vars see also NEW_FEATURES.txt (forum 25370) 27.12.2014 - bugfix clear internal _is_file_cache when plugins_dir was modified 13.12.2014 - improvement optimization of lexer and parser resulting in a up to 30% higher compiling speed 11.12.2014 - bugfix resolve parser ambiguity between constant print tag {CONST} and other smarty tags after change of 09.12.2014 09.12.2014 - bugfix variables $null, $true and $false did not work after the change of 12.11.2014 (forum 25342) - bugfix call of template function by a variable name did not work after latest changes (forum 25342) 23.11.2014 - bugfix a plugin with attached modifier could fail if the tag was immediately followed by another Smarty tag (since 3.1.21) (forum 25326) 13.11.2014 - improvement move autoload code into Autoloader.php. Use Composer autoloader when possible 12.11.2014 - new feature added support of namespaces to template code 08.11.2014 - 10.11.2014 - bugfix subtemplate called in nocache mode could be called with wrong compile_id when it did change on one of the calling templates - improvement add code of template functions called in nocache mode dynamically to cache file (related to bugfix of 01.11.2014) - bugfix Debug Console did not include all data from merged compiled subtemplates 04.11.2014 - new feature $smarty->debugging = true; => overwrite existing Debug Console window (old behaviour) $smarty->debugging = 2; => individual Debug Console window by template name 03.11.2014 - bugfix Debug Console did not show included subtemplates since 3.1.17 (forum 25301) - bugfix Modifier debug_print_var did not limit recursion or prevent recursive object display at Debug Console (ATTENTION: parameter order has changed to be able to specify maximum recursion) - bugfix Debug consol did not include subtemplate information with $smarty->merge_compiled_includes = true - improvement The template variables are no longer displayed as objects on the Debug Console - improvement $smarty->createData($parent = null, $name = null) new optional name parameter for display at Debug Console - addition of some hooks for future extension of Debug Console 01.11.2014 - bugfix and enhancement on subtemplate {include} and template {function} tags. * Calling a template which has a nocache section could fail if it was called from a cached and a not cached subtemplate. * Calling the same subtemplate cached and not cached with the $smarty->merge_compiled_includes enabled could cause problems * Many smaller related changes 30.10.2014 - bugfix access to class constant by object like {$object::CONST} or variable class name {$class::CONST} did not work (forum 25301) 26.10.2014 - bugfix E_NOTICE message was created during compilation when ASP tags '<%' or '%>' are in template source text - bugfix merge_compiled_includes option failed when caching enables and same subtemplate was included cached and not cached * Fri Feb 22 2019 Shawn Iwinski - 3.1.33-1 - Update to 3.1.33 - RHBZ #s: 1532492, 1532493, 1532494, 1628739, 1628740, 1628741, 1631095, 1631096, 1631098 - CVEs: CVE-2017-1000480, CVE-2018-13982, CVE-2018-16831 - License LGPLv2+ => LGPLv3 * Sat Feb 2 2019 Fedora Release Engineering - 3.1.21-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 13 2018 Fedora Release Engineering - 3.1.21-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild [ 1 ] Bug #1631098 - CVE-2018-13982 php-Smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1631098 [ 2 ] Bug #1628740 - CVE-2018-16831 php-Smarty: trusted_dir protection mechanism bypass [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1628740 [ 3 ] Bug #1532493 - CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1532493 [ 4 ] Bug #1631096 - CVE-2018-13982 php-Smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1631096 [ 5 ] Bug #1628741 - CVE-2018-16831 php-Smarty: trusted_dir protection mechanism bypass [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1628741 [ 6 ] Bug #1532494 - CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1532494 su -c 'dnf upgrade --advisory FEDORA-2019-d248c5aa39' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Change Log
References