Update of /cvsroot/phplib/php-lib/php/ext
In directory usw-pr-cvs1:/tmp/cvs-serv28494
Modified Files:
template.inc
Log Message:
sync with -stable tree
Bug #542612
new method of preventing '\' stripping instead of nasty &#(36|92); hack
(by Scott Lahteine)
Index: template.inc
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/ext/template.inc,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** template.inc 10 Aug 2001 05:31:49 -0000 1.5
--- template.inc 25 Apr 2002 10:47:59 -0000 1.6
***************
*** 33,36 ****
--- 33,37 ----
* '\n' was also being stripped. Fix by replacing with &#(36|92); in set_var and unreplacing in finish (rha)
* in get_undefined, only match non-whitespace in variable tags as in finish. (Layne Weathers & rha)
+ * new method of preventing '\' stripping instead of nasty &#(36|92); hack (Scott Lahteine)
*
*
***************
*** 352,356 ****
printf("<b>set_var:</b> (with scalar) <b>%s</b> = '%s'<br>\n", $varname, htmlentities($value));
}
- $value = preg_replace(array('/\$([0-9])/', '/\\\\([0-9])/'), array('$\1', '\\1'), $value);
$this->varkeys[$varname] = "/".$this->varname($varname)."/";
if ($append && isset($this->varvals[$varname])) {
--- 353,356 ----
***************
*** 367,371 ****
printf("<b>set_var:</b> (with array) <b>%s</b> = '%s'<br>\n", $k, htmlentities($v));
}
- $v = preg_replace(array('/\$([0-9])/', '/\\\\([0-9])/'), array('$\1', '\\1'), $v);
$this->varkeys[$k] = "/".$this->varname($k)."/";
if ($append && isset($this->varvals[$k])) {
--- 367,370 ----
***************
*** 396,399 ****
--- 395,399 ----
*/
function subst($varname) {
+ $varvals_quoted = array();
if ($this->debug & 4) {
echo "<p><b>subst:</b> varname = $varname</p>\n";
***************
*** 404,409 ****
}
$str = $this->get_var($varname);
! $str = preg_replace($this->varkeys, $this->varvals, $str);
return $str;
}
--- 404,414 ----
}
+ // quote the replacement strings to prevent bogus stripping of special chars
+ while(list($k, $v) = each($this->varvals)) {
+ $varvals_quoted[$k] = preg_quote($v);
+ }
+
$str = $this->get_var($varname);
! $str = preg_replace($this->varkeys, $varvals_quoted, $str);
return $str;
}
***************
*** 678,682 ****
}
- $str = preg_replace(array('/$([0-9])/', '/\([0-9])/'), array('$\1', '\\\1'), $str);
return $str;
}
--- 683,686 ----
|
