Update of /cvsroot/phplib/php-lib-stable/php
In directory usw-pr-cvs1:/tmp/cvs-serv28308
Modified Files:
template.inc
Log Message:
Bug #542612
new method of preventing '\' stripping instead of nasty &#(36|92); hack
(by Scott Lahteine)
Index: template.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib-stable/php/template.inc,v
retrieving revision 1.8
retrieving revision 1.9
diff -C2 -d -r1.8 -r1.9
*** template.inc 10 Aug 2001 04:57:30 -0000 1.8
--- template.inc 25 Apr 2002 10:47:20 -0000 1.9
***************
*** 34,37 ****
--- 34,38 ----
* '\n' was also being stripped. Fix by replacing with &#(36|92); in set_var and unreplacing in finish (rha)
* in get_undefined, only match non-whitespace in variable tags as in finish. (Layne Weathers & rha)
+ * new method of preventing '\' stripping instead of nasty &#(36|92); hack (Scott Lahteine)
*
*/
***************
*** 166,170 ****
if (!empty($varname)) {
if ($this->debug) print "scalar: set *$varname* to *$value*<br>\n";
- $value = preg_replace(array('/\$([0-9])/', '/\\\\([0-9])/'), array('$\1', '\\1'), $value);
$this->varkeys[$varname] = "/".$this->varname($varname)."/";
$this->varvals[$varname] = $value;
--- 167,170 ----
***************
*** 175,179 ****
if (!empty($k)) {
if ($this->debug) print "array: set *$k* to *$v*<br>\n";
- $v = preg_replace(array('/\$([0-9])/', '/\\\\([0-9])/'), array('$\1', '\\1'), $v);
$this->varkeys[$k] = "/".$this->varname($k)."/";
$this->varvals[$k] = $v;
--- 175,178 ----
***************
*** 189,192 ****
--- 188,192 ----
*/
function subst($varname) {
+ $varvals_quoted = array();
if (!$this->loadfile($varname)) {
$this->halt("subst: unable to load $varname.");
***************
*** 194,199 ****
}
$str = $this->get_var($varname);
! $str = preg_replace($this->varkeys, $this->varvals, $str);
return $str;
}
--- 194,204 ----
}
+ // quote the replacement strings to prevent bogus stripping of special chars
+ while(list($k, $v) = each($this->varvals)) {
+ $varvals_quoted[$k] = preg_quote($v);
+ }
+
$str = $this->get_var($varname);
! $str = preg_replace($this->varkeys, $varvals_quoted, $str);
return $str;
}
***************
*** 337,341 ****
}
- $str = preg_replace(array('/$([0-9])/', '/\([0-9])/'), array('$\1', '\\\1'), $str);
return $str;
}
--- 342,345 ----
|
