A super easy PHP Framework for web development! https://github.com/exacti/phacil-framework
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

138 KiB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[3.1.44] - 2022-01-18

Fixed

  • Fixed illegal characters bug in math function security check #702

[3.1.43] - 2022-01-10

Security

  • Prevent evasion of the static_classes security policy. This addresses CVE-2021-21408

[3.1.42] - 2022-01-10

Security

  • Prevent arbitrary PHP code execution through maliciously crafted expression for the math function. This addresses CVE-2021-29454

[3.1.41] - 2022-01-09

Security

  • Rewrote the mailto function to not use eval when encoding with javascript

[3.1.40] - 2021-10-13

Changed

Security

[3.1.39] - 2021-02-17

Security

  • Prevent access to $smarty.template_object in sandbox mode. This addresses CVE-2021-26119.
  • Fixed code injection vulnerability by using illegal function names in {function name='blah'}{/function}. This addresses CVE-2021-26120.

[3.1.38] - 2021-01-08

Fixed

[3.1.37] - 2021-01-07

Changed

  • Changed error handlers and handling of undefined constants for php8-compatibility (set $errcontext argument optional) https://github.com/smarty-php/smarty/issues/605
  • Changed expected error levels in unit tests for php8-compatibility
  • Travis unit tests now run for all php versions >= 5.3, including php8
  • Travis runs on Xenial where possible

Fixed

  • PHP5.3 compatibility fixes
  • Brought lexer source functionally up-to-date with compiled version

[3.1.36] - 2020-04-14

Fixed

[3.1.35] - 2020-04-14

3.1.34 release - 05.11.2019

13.01.2020

  • fix typo in exception message (JercSi)
  • fix typehint warning with callable (bets4breakfast)
  • add travis badge and compatability info to readme (matks)
  • fix stdClass cast when compiling foreach (carpii)
  • fix wrong set/get methods for memcached (IT-Experte)
  • fix pborm assigning value to object variables in smarty_internal_compile_assign (Hunman)
  • exclude error_reporting.ini from git export (glensc)

3.1.34-dev-6 -

30.10.2018

29.10.2018

14.10.2018

11.10.2018

09.10.2018

18.09.2018

3.1.33 release - 12.09.2018

3.1.33-dev-12 -

03.09.2018

31.08.2018

26.08.2018

3.1.33-dev-6 -

19.08.2018

3.1.33-dev-4 -

17.05.2018

26.04.2018

  • bugfix regarding Security Vulnerability did not solve the problem under Linux. Security issue CVE-2018-16831

3.1.32 - (24.04.2018)

24.04.2018

  • bugfix possible Security Vulnerability in Smarty_Security class.

26.03.2018

26.03.2018

  • new feature {parent} = {$smarty.block.parent} {child} = {$smarty.block.child}

23.03.2018

21.03.2018

17.03.2018

16.03.2018

22.11.2017

20.11.2017

  • bugfix rework of newline spacing between tag code and template text. now again identical with Smarty2 (forum topic 26878)
  • replacement of " by '

05.11.2017

  • lexer/parser optimization
  • code cleanup and optimizations
  • bugfix {$smarty.section.name.loop} used together with {$smarty.section.name.total} could produce wrong results (forum topic 27041)

26.10.2017

  • bugfix Smarty version was not filled in header comment of compiled and cached files
  • optimization replace internal Smarty::$ds property by DIRECTORY_SEPARATOR
  • deprecate functions Smarty::muteExpectedErrors() and Smarty::unmuteExpectedErrors() as Smarty does no longer use error suppression like @filemtime(). for backward compatibility code is moved from Smarty class to an external class and still can be called.
  • correction of PHPDoc blocks
  • minor code cleanup

21.10.2017

18.10.2017

12.10.2017

07.10.2017

26.8.2017

09.8.2017

05.8.2017

  • bugfix wordwrap modifier could fail if used in nocache code. converted plugin file shared.mb_wordwrap.php into modifier.mb_wordwrap.php
  • cleanup of _getSmartyObj()

31.7.2017

30.7.2017

21.7.2017

27.5.2017

21.5.2017

19.5.2017

24.4.2017

17.4.2017

14.4.2017

13.4.2017

3.1.31 - (14.12.2016)

23.11.2016

  • move template object cache into static variables

19.11.2016

11.11.2016

08.11.2016

  • add bootstrap file to load and register Smarty_Autoloader. Change composer.json to make it known to composer

07.11.2016

27.10.2016

23.10.2016

  • improvement/bugfix when Smarty::fetch() is called on a template object the inheritance and tplFunctions property should be copied to the called template object

21.10.2016

20.10.2016

19.10.2016

12.10.2016

08.10.2016

  • optimization move runtime extension for template functions into Smarty objects

29.09.2016

28.09.2016

27.09.2016

20.09.2016

19.09.2016

  • optimization clear compiled and cached folder completely on detected version change
  • cleanup convert cache resource file method clear into runtime extension

15.09.2016

11.09.2016

  • improvement {math} misleading E_USER_WARNING messages when parameter value = null https://github.com/smarty-php/smarty/issues/288
  • improvement move often used code snippets into methods
  • performance Smarty::configLoad() did load unneeded template source object

09.09.2016

08.09.2016

07.09.2016

01.09.2016

26.08.2016

  • bugfix change of 23.08.2016 failed on linux when use_include_path = true

23.08.2016

20.08-2016

14.08.2016

3.1.30 - (07.08.2016)

07.08.2016

  • bugfix update of 04.08.2016 was incomplete

05.08.2016

04.08.2016

  • improvement move template function source parameter into extension

26.07.2016

  • optimization unneeded loading of compiled resource

24.07.2016

23.07.2016

19.07.2016

18.07.2016

14.07.2016

13.07.2016

12.07.2016

27.05.2016

16.05.2016

  • optimization {foreach} compiler and processing
  • broken PHP 5.3 and 5.4 compatibility

15.05.2016

  • optimization and cleanup of resource code

10.05.2016

  • optimization of inheritance processing

07.05.2016 -bugfix Only variables should be assigned by reference https://github.com/smarty-php/smarty/issues/227

02.05.2016

01.05.2016

  • bugfix same relative filepath at {include} called from template in different folders could display wrong sub-template

29.04.2016

24.04.2016

14.04.2016

13.04.2016

27.03.2016

11.03.2016

  • optimization of capture and security handling
  • improvement $smarty->clearCompiledTemplate() should return on recompiled or uncompiled resources

10.03.2016

  • optimization of resource processing

09.03.2016

04.03.2016

  • bugfix change from 01.03.2016 will cause $smarty->isCached(..) failure if called multiple time for same template (forum topic 25935)

02.03.2016

01.03.2016

  • bugfix template objects must be cached on $smarty->fetch('foo.tpl) calls incase the template is fetched multiple times (forum topic 25909)

25.02.2016

20.02.2016

19.02.2016

14.02.2016

11.02.2016

10.02.2016

09.02.2016

  • move some code from parser into compiler
  • reformat all code for unique style
  • update/bugfix scope attribute handling reworked. Read the newfeatures.txt file

05.02.2016

  • improvement internal compiler changes

01.02.2016

  • bugfix {foreach} compilation failed when $smarty->merge_compiled_includes = true and pre-filters are used.

29.01.2016

28.01.2016

27.01.2016

26.01.2016

02.01.2016

  • update scope handling
  • optimize block plugin compiler
  • improvement runtime checks if registered block plugins are callable

01.01.2016

  • remove Smarty::$resource_cache_mode property

31.12.2015

  • optimization of {assign}, {if} and {while} compiled code

30.12.2015

29.12.2015

28.12.2015

  • optimization of {foreach} code size and processing

27.12.2015

  • improve inheritance code
  • update external methods
  • code fixes
  • PHPdoc updates

25.12.2015

  • compile {block} tag code and its processing into classes
  • optimization replace hhvm extension by inline code
  • new feature If ACP is enabled force an apc_compile_file() when compiled or cached template was updated

24.12.2015

23.12.2015

  • optimization move internal method decodeProperties back into template object
  • optimization move subtemplate processing back into template object
  • new feature Caching does now observe the template_dir setting and will create separate cache files if required

22.12.2015

  • change $xxx_dir properties from private to protected in case Smarty class gets extended
  • code optimizations

21.12.2015

20.12.2015

19.12.2015

18.12.2015

17.12.2015

  • bugfix {$smarty.capture.nameFail} did lowercase capture name https://github.com/smarty-php/smarty/issues/135
  • bugfix using {block append/prepend} on same block in multiple levels of inheritance templates could fail (forum topic 25827)
  • bugfix text content consisting of just a single '0' like in {if true}0{/if} was suppressed (forum topic 25834)

16.12.2015

15.12.2015

  • bugfix {$smarty.cookies.foo} did return the $_COOKIE array not the 'foo' value https://github.com/smarty-php/smarty/issues/122
  • bugfix a call to clearAllCache() and other should clear all internal template object caches (forum topic 25828)

14.12.2015

  • bugfix {$smarty.config.foo} broken in 3.1.28 https://github.com/smarty-php/smarty/issues/120

  • bugfix multiple calls of {section} with same name droped E_NOTICE error https://github.com/smarty-php/smarty/issues/118

  • 3.1.28 - (13.12.2015) 13.12.2015

  • bugfix {foreach} and {section} with uppercase characters in name attribute did not work (forum topic 25819)

  • bugfix $smarty->debugging_ctrl = 'URL' did not work (forum topic 25811)

  • bugfix Debug Console could display incorrect data when using subtemplates

09.12.2015

  • bugfix Smarty did fail under PHP 7.0.0 with use_include_path = true;

09.12.2015

08.12.2015

05.12.2015 -bugfix {strip} should insert a single space https://github.com/smarty-php/smarty/issues/111

25.11.2015 -bugfix a left delimter like '[%' did fail on [%$var_[%$variable%]%] (forum topic 25798)

02.11.2015

01.11.2015

  • update config file processing

31.10.2015

  • bugfix add missing $trusted_dir property to SmartyBC class (forum topic 25751)

29.10.2015

  • improve template scope handling

24.10.2015

21.10.2015

  • move some code into runtime extensions

18.10.2015

  • optimize filepath normalization
  • rework of template inheritance
  • speed and size optimizations
  • bugfix under HHVM temporary cache file must only be created when caches template was updated
  • fix compiled code for new {block} assign attribute
  • update code generated by template function call handler

18.09.2015

17.09.2015

16.09.2015

  • update compiler by moving no longer needed properties, code optimizations and other

14.09.2015

  • optimize autoloader
  • optimize subtemplate handling
  • update template inheritance processing
  • move code of {call} processing back into Smarty_Internal_Template class
  • improvement invalidate OPCACHE for cleared compiled and cached template files (forum topic 25557)
  • bugfix unintended multiple debug windows (forum topic 25699)

30.08.2015

  • size optimization move some runtime functions into extension
  • optimize inline template processing
  • optimization merge inheritance child and parent templates into one compiled template file

29.08.2015

23.08.2015

  • introduce Smarty::$resource_cache_mode and cache template object of {include} inside loop
  • load seldom used Smarty API methods dynamically to reduce memory footprint
  • cache template object of {include} if same template is included several times
  • convert debug console processing to object
  • use output buffers for better performance and less memory usage
  • optimize nocache hash processing
  • remove not really needed properties
  • optimize rendering
  • move caching to Smarty::_cache
  • remove properties with redundant content
  • optimize Smarty::templateExists()
  • optimize use_include_path processing
  • relocate properties for size optimization
  • remove redundant code
  • bugfix compiling super globals like {$smarty.get.foo} did fail in the master branch https://github.com/smarty-php/smarty/issues/77

06.08.2015

  • avoid possible circular object references caused by parser/lexer objects
  • rewrite compileAll... utility methods
  • commit several internal improvements
  • bugfix Smarty failed when compile_id did contain "|"

03.08.2015

  • rework clear cache methods
  • bugfix compileAllConfig() was broken since 3.1.22 because of the changes in config file processing
  • improve getIncludePath() to return directory if no file was given

02.08.2015

  • optimization and code cleanup of {foreach} and {section} compiler
  • rework {capture} compiler

01.08.2015

  • update DateTime object can be instance of DateTimeImmutable since PHP5.5 https://github.com/smarty-php/smarty/pull/75
  • improvement show resource type and start of template source instead of uid on eval: and string: resource (forum topic 25630)

31.07.2015

  • optimize {foreach} and {section} compiler

29.07.2015

  • optimize {section} compiler for speed and size of compiled code

28.07.2015

  • update for PHP 7 compatibility

26.07.2015

25.07.2015

20.07.2015

12.07.2015

  • optimize {extends} compilation

10.07.2015

  • bugfix force file: resource in demo resource.extendsall.php

08.07.2015

  • bugfix convert each word of class names to ucfirst in in compiler. (forum topic 25588)

07.07.2015

  • improvement allow fetch() or display() called on a template object to get output from other template like $template->fetch('foo.tpl') https://github.com/smarty-php/smarty/issues/70
  • improvement Added $limit parameter to regex_replace modifier #71
  • new feature multiple indices on file: resource

06.07.2015

  • optimize {block} compilation
  • optimization get rid of __get and __set in source object

01.07.2015

28.06.2015

  • move $smarty->enableSecurity() into Smarty_Security class
  • optimize security isTrustedResourceDir()
  • move auto load filter methods into extension
  • move $smarty->getTemplateVars() into extension
  • move getStreamVariable() into extension
  • move $smarty->append() and $smarty->appendByRef() into extension
  • optimize autoloader
  • optimize file path normalization
  • bugfix PATH_SEPARATOR was replaced by mistake in autoloader
  • remove redundant code

27.06.2015

  • bugfix resolve naming conflict between custom Smarty delimiter '<%' and PHP ASP tags https://github.com/smarty-php/smarty/issues/64
  • update $smarty->_realpath for relative path not starting with './'
  • update Smarty security with new realpath handling
  • update {include_php} with new realpath handling
  • move $smarty->loadPlugin() into extension
  • minor compiler optimizations
  • bugfix allow function plugins with name ending with 'close' https://github.com/smarty-php/smarty/issues/52
  • rework of $smarty->clearCompiledTemplate() and move it to its own extension

19.06.2015

17.06.2015

  • bugfix calling a plugin with nocache option but no other attributes like {foo nocache} caused call to undefined function https://github.com/smarty-php/smarty/issues/55

  • 3.1.25- (15.06.2015) 15.06.2015

  • optimization of smarty_cachereource_keyvaluestore.php code

14.06.2015

13.06.2015

  • bugfix a custom cache resource using smarty_cachereource_keyvaluestore.php did fail if php.ini mbstring.func_overload = 2 (forum topic 25568)

11.06.2015

  • bugfix the lexer could hang on very large quoted strings (forum topic 25570)

08.06.2015

04.06.2015

01.06.2015

27.05.2015

24.05.2015

  • bugfix if condition string 'neq' broken due to a typo https://github.com/smarty-php/smarty/issues/42

  • 3.1.24- (23.05.2015) 23.05.2015

  • improvement on php_handling to allow very large PHP sections, better error handling

  • improvement allow extreme large comment sections (forum 25538)

21.05.2015

19.05.2015

  • bugfix compiler did overwrite existing variable value when setting the nocache attribute https://github.com/smarty-php/smarty/issues/39
  • bugfix output filter trimwhitespace could run into the pcre.backtrack_limit on large output (code.google issue 220)
  • bugfix compiler could run into the pcre.backtrack_limit on larger comment or {php} tag sections (forum 25538)

18.05.2015

  • improvement introduce shortcuts in lexer/parser rules for most frequent terms for higher compilation speed

16.05.2015

  • bugfix {php}{/php} did work just for single lines https://github.com/smarty-php/smarty/issues/33
  • improvement remove not needed ?><?php transitions from compiled code
  • improvement reduce number of lexer tokens on operators and if conditions
  • improvement higher compilation speed by modified lexer/parser generator at "smarty/smarty-lexer"

13.05.2015

  • improvement remove not needed ?><?php transitions from compiled code
  • improvement of debugging:
    • use fresh Smarty object to display the debug console because of possible problems when the Smarty was extended or Smarty properties had been modified in the class source
    • display Smarty version number
    • Truncate lenght of Origin display and extend strin value display to 80 character
  • bugfix in Smarty_Security 'nl2br' should be a trusted modifier, not PHP function (code.google issue 223)

12.05.2015

  • bugfix {$smarty.constant.TEST} did fail on undefined constant https://github.com/smarty-php/smarty/issues/28

  • bugfix access to undefined config variable like {#undef#} did fail https://github.com/smarty-php/smarty/issues/29

  • bugfix in nested {foreach} saved item attributes got overwritten https://github.com/smarty-php/smarty/issues/33

  • 3.1.23 - (12.05.2015) 12.05.2015

  • bugfix of smaller performance issue introduce in 3.1.22 when caching is enabled

  • bugfix missig entry for smarty-temmplate-config in autoloader

  • 3.1.22 - tag was deleted because 3.1.22 did fail caused by the missing entry for smarty-temmplate-config in autoloader 10.05.2015

  • bugfix custom cache resource did not observe compile_id and cache_id when $cache_locking == true

  • bugfix cache lock was not handled correctly after timeout when $cache_locking == true

  • improvement added constants for $debugging

07.05.2015

  • improvement of the debugging console. Read NEW_FEATURES.txt
  • optimization of resource class loading

06.05.2015

  • bugfix in 3.1.22-dev cache resource must not be loaded for subtemplates
  • bugfix/improvement in 3.1.22-dev cache locking did not work as expected

05.05.2015

  • optimization on cache update when main template is modified
  • optimization move handling from parser to new compiler module

05.05.2015

04.05.2015

28.04.2015

  • bugfix plugins of merged subtemplates not loaded in 3.1.22-dev (forum topic 25508) 2nd fix

28.04.2015

  • bugfix plugins of merged subtemplates not loaded in 3.1.22-dev (forum topic 25508)

23.04.2015

  • bugfix a nocache template variable used as parameter at {insert} was by mistake cached

20.04.2015

  • bugfix at a template function containing nocache code a parmeter could overwrite a template variable of same name

27.03.2015

  • bugfix Smarty_Security->allow_constants=false; did also disable true, false and null (change of 16.03.2015)
  • improvement added a whitelist for trusted constants to security Smarty_Security::$trusted_constants (forum topic 25471)

20.03.2015

  • bugfix make sure that function properties get saved only in compiled files containing the fuction definition {forum topic 25452}
  • bugfix correct update of global variable values on exit of template functions. (reported under Smarty Developers)

16.03.2015

  • bugfix problems with {function}{/function} and {call} tags in different subtemplate cache files {forum topic 25452}
  • bugfix Smarty_Security->allow_constants=false; did not disallow direct usage of defined constants like {SMARTY_DIR} {forum topic 25457}
  • bugfix {block}{/block} tags did not work inside double quoted strings https://github.com/smarty-php/smarty/issues/18

15.03.2015

  • bugfix $smarty->compile_check must be restored before rendering of a just updated cache file {forum 25452}

14.03.2015

  • bugfix {nocache} {/nocache} tags corrupted code when used within a nocache section caused by a nocache template variable.

  • bugfix template functions defined with {function} in an included subtemplate could not be called in nocache mode with {call... nocache} if the subtemplate had it's own cache file {forum 25452}

10.03.2015

  • bugfix {include ... nocache} whith variable file or compile_id attribute was not executed in nocache mode.

12.02.2015

  • bugfix multiple Smarty::fetch() of same template when $smarty->merge_compiled_includes = true; could cause function already defined error

11.02.2015

  • bugfix recursive {includes} did create E_NOTICE message when $smarty->merge_compiled_includes = true; (github issue #16)

22.01.2015

  • new feature security can now control access to static methods and properties see also NEW_FEATURES.txt

21.01.2015

  • bugfix clearCompiledTemplates(), clearAll() and clear() could try to delete whole drive at wrong path permissions because realpath() fail (forum 25397)
  • bugfix 'self::' and 'parent::' was interpreted in template syntax as static class

04.01.2015

  • push last weeks changes to github

  • different optimizations

  • improvement automatically create different versions of compiled templates and config files depending on property settings.

  • optimization restructure template processing by moving code into classes it better belongs to

  • optimization restructure config file processing

31.12.2014

  • bugfix use function_exists('mb_get_info') for setting Smarty::$_MBSTRING. Function mb_split could be overloaded depending on php.ini mbstring.func_overload

29.12.2014

  • new feature security can now limit the template nesting level by property $max_template_nesting see also NEW_FEATURES.txt (forum 25370)

29.12.2014

  • new feature security can now disable special $smarty variables listed in property $disabled_special_smarty_vars see also NEW_FEATURES.txt (forum 25370)

27.12.2014

  • bugfix clear internal _is_file_cache when plugins_dir was modified

13.12.2014

  • improvement optimization of lexer and parser resulting in a up to 30% higher compiling speed

11.12.2014

  • bugfix resolve parser ambiguity between constant print tag {CONST} and other smarty tags after change of 09.12.2014

09.12.2014

  • bugfix variables $null, $true and $false did not work after the change of 12.11.2014 (forum 25342)
  • bugfix call of template function by a variable name did not work after latest changes (forum 25342)

23.11.2014

  • bugfix a plugin with attached modifier could fail if the tag was immediately followed by another Smarty tag (since 3.1.21) (forum 25326)

13.11.2014

  • improvement move autoload code into Autoloader.php. Use Composer autoloader when possible

12.11.2014

  • new feature added support of namespaces to template code

08.11.2014 - 10.11.2014

  • bugfix subtemplate called in nocache mode could be called with wrong compile_id when it did change on one of the calling templates
  • improvement add code of template functions called in nocache mode dynamically to cache file (related to bugfix of 01.11.2014)
  • bugfix Debug Console did not include all data from merged compiled subtemplates

04.11.2014

  • new feature $smarty->debugging = true; => overwrite existing Debug Console window (old behaviour) $smarty->debugging = 2; => individual Debug Console window by template name

03.11.2014

  • bugfix Debug Console did not show included subtemplates since 3.1.17 (forum 25301)
  • bugfix Modifier debug_print_var did not limit recursion or prevent recursive object display at Debug Console (ATTENTION: parameter order has changed to be able to specify maximum recursion)
  • bugfix Debug consol did not include subtemplate information with $smarty->merge_compiled_includes = true
  • improvement The template variables are no longer displayed as objects on the Debug Console
  • improvement $smarty->createData($parent = null, $name = null) new optional name parameter for display at Debug Console
  • addition of some hooks for future extension of Debug Console

01.11.2014

  • bugfix and enhancement on subtemplate {include} and template {function} tags.
    • Calling a template which has a nocache section could fail if it was called from a cached and a not cached subtemplate.
    • Calling the same subtemplate cached and not cached with the $smarty->merge_compiled_includes enabled could cause problems
    • Many smaller related changes

30.10.2014

  • bugfix access to class constant by object like {$object::CONST} or variable class name {$class::CONST} did not work (forum 25301)

26.10.2014

  • bugfix E_NOTICE message was created during compilation when ASP tags '<%' or '%>' are in template source text

  • bugfix merge_compiled_includes option failed when caching enables and same subtemplate was included cached and not cached

  • 3.1.21 - (18.10.2014) 18.10.2014

  • composer moved to github

17.10.2014

  • bugfix on $php_handling security and optimization of smarty_internal_parsetree (Thue Kristensen)

16.10.2014

  • bugfix composer.json update

15.10.2014

  • bugfix calling a new created cache file with fetch() and Smarty::CACHING_LIFETIME_SAVED multiple times did fail (forum 22350)

14.10.2014

  • bugfix any tag placed within "