[Phplib-commit] CVS: php-lib-stable/php template.inc,1.8,1.9

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/phplib/php-lib-stable/php
In directory usw-pr-cvs1:/tmp/cvs-serv28308

Modified Files:
	template.inc 
Log Message:
Bug #542612
new method of preventing '\' stripping instead of nasty &#(36|92); hack
(by Scott Lahteine)

Index: template.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/template.inc,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** template.inc	10 Aug 2001 04:57:30 -0000	1.8
--- template.inc	25 Apr 2002 10:47:20 -0000	1.9
***************
*** 34,37 ****
--- 34,38 ----
   * '\n' was also being stripped. Fix by replacing with &#(36|92); in set_var and unreplacing in finish (rha)
   * in get_undefined, only match non-whitespace in variable tags as in finish. (Layne Weathers & rha)
+  * new method of preventing '\' stripping instead of nasty &#(36|92); hack (Scott Lahteine)
   *
   */
***************
*** 166,170 ****
        if (!empty($varname)) {
          if ($this->debug) print "scalar: set *$varname* to *$value*<br>\n";
-         $value = preg_replace(array('/\$([0-9])/', '/\\\\([0-9])/'), array('&#36;\1', '&#92;\1'), $value);
          $this->varkeys[$varname] = "/".$this->varname($varname)."/";
          $this->varvals[$varname] = $value;
--- 167,170 ----
***************
*** 175,179 ****
          if (!empty($k)) {
            if ($this->debug) print "array: set *$k* to *$v*<br>\n";
-           $v = preg_replace(array('/\$([0-9])/', '/\\\\([0-9])/'), array('&#36;\1', '&#92;\1'), $v);
            $this->varkeys[$k] = "/".$this->varname($k)."/";
            $this->varvals[$k] = $v;
--- 175,178 ----
***************
*** 189,192 ****
--- 188,192 ----
     */
    function subst($varname) {
+     $varvals_quoted = array();
      if (!$this->loadfile($varname)) {
        $this->halt("subst: unable to load $varname.");
***************
*** 194,199 ****
      }
  
      $str = $this->get_var($varname);
!     $str = preg_replace($this->varkeys, $this->varvals, $str);
      return $str;
    }
--- 194,204 ----
      }
  
+     // quote the replacement strings to prevent bogus stripping of special chars
+     while(list($k, $v) = each($this->varvals)) {
+       $varvals_quoted[$k] = preg_quote($v);
+     }
+ 
      $str = $this->get_var($varname);
!     $str = preg_replace($this->varkeys, $varvals_quoted, $str);
      return $str;
    }
***************
*** 337,341 ****
      }
  
-     $str = preg_replace(array('/&#36;([0-9])/', '/&#92;([0-9])/'), array('$\1', '\\\1'), $str);
      return $str;
    }
--- 342,345 ----