diff -Nru smarty-2.6.20/debian/changelog smarty-2.6.22/debian/changelog --- smarty-2.6.20/debian/changelog 2008-12-27 13:02:17.000000000 -0800 +++ smarty-2.6.22/debian/changelog 2008-12-27 13:02:18.000000000 -0800 @@ -1,3 +1,21 @@ +smarty (2.6.22-1ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes (LP: #311806): + - debian/Makefile: Modified so libs will be installed to correct directory. + + -- Nick Ellery Sat, 27 Dec 2008 12:57:51 -0800 + +smarty (2.6.22-1) unstable; urgency=low + + * New upstream release + * debian/control: + + Update debhelper to >= 6 + * debian/compat: + + Update debhelper compat level to 6. + * Acknowledged NMU. (Closes: #507316) + + -- Thierry Randrianiriana Tue, 23 Dec 2008 17:24:39 +0300 + smarty (2.6.20-1.1ubuntu1) jaunty; urgency=low * Merge from debian unstable, remaining changes (LP: #311037): diff -Nru smarty-2.6.20/debian/compat smarty-2.6.22/debian/compat --- smarty-2.6.20/debian/compat 2008-12-27 13:02:17.000000000 -0800 +++ smarty-2.6.22/debian/compat 2008-12-27 13:02:18.000000000 -0800 @@ -1 +1 @@ -5 +6 diff -Nru smarty-2.6.20/debian/control smarty-2.6.22/debian/control --- smarty-2.6.20/debian/control 2008-12-27 13:02:17.000000000 -0800 +++ smarty-2.6.22/debian/control 2008-12-27 13:02:18.000000000 -0800 @@ -5,7 +5,7 @@ XSBC-Original-Maintainer: Dimitri Fontaine Uploaders: Igor Genibel , Pierre Machard , Thierry Randrianiriana Standards-Version: 3.8.0 -Build-Depends: debhelper (>= 5) +Build-Depends: debhelper (>= 6) Homepage: http://www.smarty.net/ Package: smarty diff -Nru smarty-2.6.20/libs/Config_File.class.php smarty-2.6.22/libs/Config_File.class.php --- smarty-2.6.20/libs/Config_File.class.php 2008-08-15 12:43:02.000000000 -0700 +++ smarty-2.6.22/libs/Config_File.class.php 2008-12-17 11:53:38.000000000 -0800 @@ -17,15 +17,19 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * - * @link http://smarty.php.net/ - * @version 2.6.20 + * For questions, help, comments, discussion, etc., please join the + * Smarty mailing list. Send a blank e-mail to + * smarty-discussion-subscribe@googlegroups.com + * + * @link http://www.smarty.net/ + * @version 2.6.22 * @copyright Copyright: 2001-2005 New Digital Group, Inc. * @author Andrei Zmievski * @access public * @package Smarty */ -/* $Id: Config_File.class.php 2702 2007-03-08 19:11:22Z mohrt $ */ +/* $Id: Config_File.class.php 2786 2008-09-18 21:04:38Z Uwe.Tews $ */ /** * Config file reading class diff -Nru smarty-2.6.20/libs/internals/core.write_cache_file.php smarty-2.6.22/libs/internals/core.write_cache_file.php --- smarty-2.6.20/libs/internals/core.write_cache_file.php 2008-08-15 12:42:17.000000000 -0700 +++ smarty-2.6.22/libs/internals/core.write_cache_file.php 2008-12-17 11:52:59.000000000 -0800 @@ -68,7 +68,7 @@ if (!empty($smarty->cache_handler_func)) { // use cache_handler function call_user_func_array($smarty->cache_handler_func, - array('write', &$smarty, &$params['results'], $params['tpl_file'], $params['cache_id'], $params['compile_id'], null)); + array('write', &$smarty, &$params['results'], $params['tpl_file'], $params['cache_id'], $params['compile_id'], $smarty->_cache_info['expires'])); } else { // use local cache file diff -Nru smarty-2.6.20/libs/Smarty.class.php smarty-2.6.22/libs/Smarty.class.php --- smarty-2.6.20/libs/Smarty.class.php 2008-08-15 12:42:58.000000000 -0700 +++ smarty-2.6.22/libs/Smarty.class.php 2008-12-17 11:53:31.000000000 -0800 @@ -20,17 +20,17 @@ * * For questions, help, comments, discussion, etc., please join the * Smarty mailing list. Send a blank e-mail to - * smarty-general-subscribe@lists.php.net + * smarty-discussion-subscribe@googlegroups.com * - * @link http://smarty.php.net/ + * @link http://www.smarty.net/ * @copyright 2001-2005 New Digital Group, Inc. * @author Monte Ohrt * @author Andrei Zmievski * @package Smarty - * @version 2.6.20 + * @version 2.6.22 */ -/* $Id: Smarty.class.php 2722 2007-06-18 14:29:00Z danilo $ */ +/* $Id: Smarty.class.php 2785 2008-09-18 21:04:12Z Uwe.Tews $ */ /** * DIR_SEP isn't used anymore, but third party apps might @@ -464,7 +464,7 @@ * * @var string */ - var $_version = '2.6.20'; + var $_version = '2.6.22'; /** * current template inclusion depth diff -Nru smarty-2.6.20/libs/Smarty_Compiler.class.php smarty-2.6.22/libs/Smarty_Compiler.class.php --- smarty-2.6.20/libs/Smarty_Compiler.class.php 2008-08-15 12:43:09.000000000 -0700 +++ smarty-2.6.22/libs/Smarty_Compiler.class.php 2008-12-17 11:53:47.000000000 -0800 @@ -18,15 +18,15 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * - * @link http://smarty.php.net/ + * @link http://www.smarty.net/ * @author Monte Ohrt * @author Andrei Zmievski - * @version 2.6.20 + * @version 2.6.22 * @copyright 2001-2005 New Digital Group, Inc. * @package Smarty */ -/* $Id: Smarty_Compiler.class.php 2773 2008-08-12 18:17:51Z Uwe.Tews $ */ +/* $Id: Smarty_Compiler.class.php 2966 2008-12-08 15:10:03Z monte.ohrt $ */ /** * Template compiling class @@ -73,6 +73,9 @@ var $_strip_depth = 0; var $_additional_newline = "\n"; + + var $_phpversion = 0; + /**#@-*/ /** @@ -80,6 +83,8 @@ */ function Smarty_Compiler() { + $this->_phpversion = substr(phpversion(),0,1); + // matches double quoted strings: // "foobar" // "foo\"bar" @@ -152,16 +157,20 @@ // $foo->bar($foo->bar) // $foo->bar($foo->bar()) // $foo->bar($foo->bar($blah,$foo,44,"foo",$foo[0].bar)) + // $foo->getBar()->getFoo() + // $foo->getBar()->foo $this->_obj_ext_regexp = '\->(?:\$?' . $this->_dvar_guts_regexp . ')'; $this->_obj_restricted_param_regexp = '(?:' - . '(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')(?:' . $this->_obj_ext_regexp . '(?:\((?:(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')' - . '(?:\s*,\s*(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . '))*)?\))?)*)'; - $this->_obj_single_param_regexp = '(?:\w+|' . $this->_obj_restricted_param_regexp . '(?:\s*,\s*(?:(?:\w+|' + . '(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')(?:' . $this->_obj_ext_regexp . '(?:\((?:(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . ')' + . '(?:\s*,\s*(?:' . $this->_var_regexp . '|' . $this->_num_const_regexp . '))*)?\))?)*)'; + + $this->_obj_single_param_regexp = '(?:\w+|' . $this->_obj_restricted_param_regexp . '(?:\s*,\s*(?:(?:\w+|' . $this->_var_regexp . $this->_obj_restricted_param_regexp . ')))*)'; - $this->_obj_params_regexp = '\((?:' . $this->_obj_single_param_regexp + + $this->_obj_params_regexp = '\((?:' . $this->_obj_single_param_regexp . '(?:\s*,\s*' . $this->_obj_single_param_regexp . ')*)?\)'; - $this->_obj_start_regexp = '(?:' . $this->_dvar_regexp . '(?:' . $this->_obj_ext_regexp . ')+)'; - $this->_obj_call_regexp = '(?:' . $this->_obj_start_regexp . '(?:' . $this->_obj_params_regexp . ')?(?:' . $this->_dvar_math_regexp . '(?:' . $this->_num_const_regexp . '|' . $this->_dvar_math_var_regexp . ')*)?)'; + $this->_obj_start_regexp = '(?:' . $this->_dvar_regexp . '(?:' . $this->_obj_ext_regexp . ')+)'; + $this->_obj_call_regexp = '(?:' . $this->_obj_start_regexp . '(?:' . $this->_obj_params_regexp . ')?(?:' . $this->_dvar_math_regexp . '(?:' . $this->_num_const_regexp . '|' . $this->_dvar_math_var_regexp . ')*)?)'; // matches valid modifier syntax: // |foo @@ -1696,6 +1705,8 @@ } // replace double quoted literal string with single quotes $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return); + // escape dollar sign if not printing a var + $_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return); return $_return; } @@ -1709,6 +1720,7 @@ function _parse_var($var_expr) { $_has_math = false; + $_has_php4_method_chaining = false; $_math_vars = preg_split('~('.$this->_dvar_math_regexp.'|'.$this->_qstr_regexp.')~', $var_expr, -1, PREG_SPLIT_DELIM_CAPTURE); if(count($_math_vars) > 1) { @@ -1821,6 +1833,10 @@ $_output .= '->{(($_var=$this->_tpl_vars[\''.substr($_index,3).'\']) && substr($_var,0,2)!=\'__\') ? $_var : $this->trigger_error("cannot access property \\"$_var\\"")}'; } } else { + if ($this->_phpversion < 5) { + $_has_php4_method_chaining = true; + $_output .= "; \$_foo = \$_foo"; + } $_output .= $_index; } } elseif (substr($_index, 0, 1) == '(') { @@ -1832,7 +1848,12 @@ } } - return $_output; + if ($_has_php4_method_chaining) { + $_tmp = str_replace("'","\'",'$_foo = '.$_output.'; return $_foo;'); + return "eval('".$_tmp."')"; + } else { + return $_output; + } } /** diff -Nru smarty-2.6.20/NEWS smarty-2.6.22/NEWS --- smarty-2.6.20/NEWS 2008-08-15 12:42:43.000000000 -0700 +++ smarty-2.6.22/NEWS 2008-12-17 11:53:15.000000000 -0800 @@ -1,4 +1,16 @@ -Version 2.6.20 (Aug 15th, 2008) +Version 2.6.22 (Dec 17th, 2008) +------------------------------- + +- back out method chaining, bug in some versions of PCRE causes errors (mohrt) + +Version 2.6.21 (Dec 2nd, 2008) +------------------------------ + +- fix function injection security hole closed (U.Tews) +- fix pass expiration time at cache_handler_fuc call in core.write_cache_file.php (U.Tews) +- Update of compiler.class.php to allow method chaining for PHP4 and PHP5 (U.Tews) + +Version 2.6.20 (Feb 15th, 2008) ------------------------------- - fix cache tag bug when multiple cache tags on a page (mankyd, diff -Nru smarty-2.6.20/README smarty-2.6.22/README --- smarty-2.6.20/README 2008-08-15 12:42:50.000000000 -0700 +++ smarty-2.6.22/README 2008-12-17 11:53:21.000000000 -0800 @@ -1,8 +1,9 @@ + NAME: Smarty - the PHP compiling template engine -VERSION: 2.6.20 +VERSION: 2.6.22 AUTHORS: