FEDORA-2019-d248c5aa39 created by siwinski 10 months ago for Fedora 28
stable

===== 3.1.33 release ===== 12.09.2018

===== 3.1.33-dev-12 =====

03.09.2018

31.08.2018

26.08.2018

===== 3.1.33-dev-6 =====

19.08.2018

===== 3.1.33-dev-4 =====

17.05.2018

26.04.2018

  • bugfix regarding Security Vulnerability did not solve the problem under Linux. Security issue CVE-2018-16831

===== 3.1.32 ===== (24.04.2018)

24.04.2018

  • bugfix possible Security Vulnerability in Smarty_Security class.

26.03.2018

26.03.2018

  • new feature {parent} = {$smarty.block.parent} {child} = {$smarty.block.child}

23.03.2018

21.03.2018

17.03.2018

16.03.2018

22.11.2017

20.11.2017

  • bugfix rework of newline spacing between tag code and template text. now again identical with Smarty2 (forum topic 26878)
  • replacement of " by '

05.11.2017

  • lexer/parser optimization
  • code cleanup and optimizations
  • bugfix {$smarty.section.name.loop} used together with {$smarty.section.name.total} could produce wrong results (forum topic 27041)

26.10.2017

  • bugfix Smarty version was not filled in header comment of compiled and cached files
  • optimization replace internal Smarty::$ds property by DIRECTORY_SEPARATOR
  • deprecate functions Smarty::muteExpectedErrors() and Smarty::unmuteExpectedErrors() as Smarty does no longer use error suppression like @filemtime(). for backward compatibility code is moved from Smarty class to an external class and still can be called.
  • correction of PHPDoc blocks
  • minor code cleanup

21.10.2017

18.10.2017

12.10.2017

07.10.2017

26.8.2017

09.8.2017

05.8.2017

  • bugfix wordwrap modifier could fail if used in nocache code. converted plugin file shared.mb_wordwrap.php into modifier.mb_wordwrap.php
  • cleanup of _getSmartyObj()

31.7.2017

30.7.2017

21.7.2017

27.5.2017

21.5.2017

19.5.2017

24.4.2017

17.4.2017

14.4.2017

13.4.2017

===== 3.1.31 ===== (14.12.2016)

23.11.2016

  • move template object cache into static variables

19.11.2016

11.11.2016

08.11.2016

  • add bootstrap file to load and register Smarty_Autoloader. Change composer.json to make it known to composer

07.11.2016

27.10.2016

23.10.2016

  • improvement/bugfix when Smarty::fetch() is called on a template object the inheritance and tplFunctions property should be copied to the called template object

21.10.2016

20.10.2016

19.10.2016

12.10.2016

08.10.2016

  • optimization move runtime extension for template functions into Smarty objects

29.09.2016

28.09.2016

27.09.2016

20.09.2016

19.09.2016

  • optimization clear compiled and cached folder completely on detected version change
  • cleanup convert cache resource file method clear into runtime extension

15.09.2016

11.09.2016

  • improvement {math} misleading E_USER_WARNING messages when parameter value = null https://github.com/smarty-php/smarty/issues/288
  • improvement move often used code snippets into methods
  • performance Smarty::configLoad() did load unneeded template source object

09.09.2016

08.09.2016

07.09.2016

01.09.2016

26.08.2016

  • bugfix change of 23.08.2016 failed on linux when use_include_path = true

23.08.2016

20.08-2016

14.08.2016

===== 3.1.30 ===== (07.08.2016)

07.08.2016

  • bugfix update of 04.08.2016 was incomplete

05.08.2016

04.08.2016

  • improvement move template function source parameter into extension

26.07.2016

  • optimization unneeded loading of compiled resource

24.07.2016

23.07.2016

19.07.2016

18.07.2016

14.07.2016

13.07.2016

12.07.2016

27.05.2016

16.05.2016

  • optimization {foreach} compiler and processing
  • broken PHP 5.3 and 5.4 compatibility

15.05.2016

  • optimization and cleanup of resource code

10.05.2016

  • optimization of inheritance processing

07.05.2016

-bugfix Only variables should be assigned by reference https://github.com/smarty-php/smarty/issues/227

02.05.2016

01.05.2016

  • bugfix same relative filepath at {include} called from template in different folders could display wrong sub-template

29.04.2016

24.04.2016

14.04.2016

13.04.2016

27.03.2016

11.03.2016

  • optimization of capture and security handling
  • improvement $smarty->clearCompiledTemplate() should return on recompiled or uncompiled resources

10.03.2016

  • optimization of resource processing

09.03.2016

04.03.2016

  • bugfix change from 01.03.2016 will cause $smarty->isCached(..) failure if called multiple time for same template (forum topic 25935)

02.03.2016

01.03.2016

  • bugfix template objects must be cached on $smarty->fetch('foo.tpl) calls incase the template is fetched multiple times (forum topic 25909)

25.02.2016

20.02.2016

19.02.2016

14.02.2016

11.02.2016

10.02.2016

09.02.2016

  • move some code from parser into compiler
  • reformat all code for unique style
  • update/bugfix scope attribute handling reworked. Read the newfeatures.txt file

05.02.2016

  • improvement internal compiler changes

01.02.2016

  • bugfix {foreach} compilation failed when $smarty->merge_compiled_includes = true and pre-filters are used.

29.01.2016

28.01.2016

27.01.2016

26.01.2016

02.01.2016

  • update scope handling
  • optimize block plugin compiler
  • improvement runtime checks if registered block plugins are callable

01.01.2016

  • remove Smarty::$resource_cache_mode property

31.12.2015

  • optimization of {assign}, {if} and {while} compiled code

30.12.2015

29.12.2015

28.12.2015

  • optimization of {foreach} code size and processing

27.12.2015

  • improve inheritance code
  • update external methods
  • code fixes
  • PHPdoc updates

25.12.2015

  • compile {block} tag code and its processing into classes
  • optimization replace hhvm extension by inline code
  • new feature If ACP is enabled force an apc_compile_file() when compiled or cached template was updated

24.12.2015

23.12.2015

  • optimization move internal method decodeProperties back into template object
  • optimization move subtemplate processing back into template object
  • new feature Caching does now observe the template_dir setting and will create separate cache files if required

22.12.2015

  • change $xxx_dir properties from private to protected in case Smarty class gets extended
  • code optimizations

21.12.2015

===== 3.1.29 ===== (21.12.2015)

21.12.2015

  • optimization improve speed of filetime checks on extends and extendsall resource

20.12.2015

19.12.2015

18.12.2015

17.12.2015

  • bugfix {$smarty.capture.nameFail} did lowercase capture name https://github.com/smarty-php/smarty/issues/135
  • bugfix using {block append/prepend} on same block in multiple levels of inheritance templates could fail (forum topic 25827)
  • bugfix text content consisting of just a single '0' like in {if true}0{/if} was suppressed (forum topic 25834)

16.12.2015

15.12.2015

  • bugfix {$smarty.cookies.foo} did return the $_COOKIE array not the 'foo' value https://github.com/smarty-php/smarty/issues/122
  • bugfix a call to clearAllCache() and other should clear all internal template object caches (forum topic 25828)

14.12.2015

===== 3.1.28 ===== (13.12.2015)

13.12.2015

  • bugfix {foreach} and {section} with uppercase characters in name attribute did not work (forum topic 25819)
  • bugfix $smarty->debugging_ctrl = 'URL' did not work (forum topic 25811)
  • bugfix Debug Console could display incorrect data when using subtemplates

09.12.2015

  • bugfix Smarty did fail under PHP 7.0.0 with use_include_path = true;

09.12.2015

08.12.2015

05.12.2015

-bugfix {strip} should insert a single space https://github.com/smarty-php/smarty/issues/111

25.11.2015

-bugfix a left delimter like '[%' did fail on [%$var_[%$variable%]%] (forum topic 25798)

02.11.2015

01.11.2015

  • update config file processing

31.10.2015

  • bugfix add missing $trusted_dir property to SmartyBC class (forum topic 25751)

29.10.2015

  • improve template scope handling

24.10.2015

21.10.2015

  • move some code into runtime extensions

18.10.2015

  • optimize filepath normalization
  • rework of template inheritance
  • speed and size optimizations
  • bugfix under HHVM temporary cache file must only be created when caches template was updated
  • fix compiled code for new {block} assign attribute
  • update code generated by template function call handler

18.09.2015

17.09.2015

16.09.2015

  • update compiler by moving no longer needed properties, code optimizations and other

14.09.2015

  • optimize autoloader
  • optimize subtemplate handling
  • update template inheritance processing
  • move code of {call} processing back into Smarty_Internal_Template class
  • improvement invalidate OPCACHE for cleared compiled and cached template files (forum topic 25557)
  • bugfix unintended multiple debug windows (forum topic 25699)

30.08.2015

  • size optimization move some runtime functions into extension
  • optimize inline template processing
  • optimization merge inheritance child and parent templates into one compiled template file

29.08.2015

23.08.2015

  • introduce Smarty::$resource_cache_mode and cache template object of {include} inside loop
  • load seldom used Smarty API methods dynamically to reduce memory footprint
  • cache template object of {include} if same template is included several times
  • convert debug console processing to object
  • use output buffers for better performance and less memory usage
  • optimize nocache hash processing
  • remove not really needed properties
  • optimize rendering
  • move caching to Smarty::_cache
  • remove properties with redundant content
  • optimize Smarty::templateExists()
  • optimize use_include_path processing
  • relocate properties for size optimization
  • remove redundant code
  • bugfix compiling super globals like {$smarty.get.foo} did fail in the master branch https://github.com/smarty-php/smarty/issues/77

06.08.2015

  • avoid possible circular object references caused by parser/lexer objects
  • rewrite compileAll... utility methods
  • commit several internal improvements
  • bugfix Smarty failed when compile_id did contain "|"

03.08.2015

  • rework clear cache methods
  • bugfix compileAllConfig() was broken since 3.1.22 because of the changes in config file processing
  • improve getIncludePath() to return directory if no file was given

02.08.2015

  • optimization and code cleanup of {foreach} and {section} compiler
  • rework {capture} compiler

01.08.2015

  • update DateTime object can be instance of DateTimeImmutable since PHP5.5 https://github.com/smarty-php/smarty/pull/75
  • improvement show resource type and start of template source instead of uid on eval: and string: resource (forum topic 25630)

31.07.2015

  • optimize {foreach} and {section} compiler

29.07.2015

  • optimize {section} compiler for speed and size of compiled code

28.07.2015

  • update for PHP 7 compatibility

26.07.2015

25.07.2015

20.07.2015

12.07.2015

  • optimize {extends} compilation

10.07.2015

  • bugfix force file: resource in demo resource.extendsall.php

08.07.2015

  • bugfix convert each word of class names to ucfirst in in compiler. (forum topic 25588)

07.07.2015

  • improvement allow fetch() or display() called on a template object to get output from other template like $template->fetch('foo.tpl') https://github.com/smarty-php/smarty/issues/70
  • improvement Added $limit parameter to regex_replace modifier #71
  • new feature multiple indices on file: resource

06.07.2015

  • optimize {block} compilation
  • optimization get rid of get and set in source object

01.07.2015

28.06.2015

  • move $smarty->enableSecurity() into Smarty_Security class
  • optimize security isTrustedResourceDir()
  • move auto load filter methods into extension
  • move $smarty->getTemplateVars() into extension
  • move getStreamVariable() into extension
  • move $smarty->append() and $smarty->appendByRef() into extension
  • optimize autoloader
  • optimize file path normalization
  • bugfix PATH_SEPARATOR was replaced by mistake in autoloader
  • remove redundant code

27.06.2015

  • bugfix resolve naming conflict between custom Smarty delimiter '<%' and PHP ASP tags https://github.com/smarty-php/smarty/issues/64
  • update $smarty->_realpath for relative path not starting with './'
  • update Smarty security with new realpath handling
  • update {include_php} with new realpath handling
  • move $smarty->loadPlugin() into extension
  • minor compiler optimizations
  • bugfix allow function plugins with name ending with 'close' https://github.com/smarty-php/smarty/issues/52
  • rework of $smarty->clearCompiledTemplate() and move it to its own extension

19.06.2015

===== 3.1.27===== (18.06.2015)

18.06.2015

===== 3.1.26===== (18.06.2015)

18.06.2015

17.06.2015

===== 3.1.25===== (15.06.2015)

15.06.2015

  • optimization of smarty_cachereource_keyvaluestore.php code

14.06.2015

13.06.2015

  • bugfix a custom cache resource using smarty_cachereource_keyvaluestore.php did fail if php.ini mbstring.func_overload = 2 (forum topic 25568)

11.06.2015

  • bugfix the lexer could hang on very large quoted strings (forum topic 25570)

08.06.2015

04.06.2015

01.06.2015

27.05.2015

24.05.2015

===== 3.1.24===== (23.05.2015)

23.05.2015

  • improvement on php_handling to allow very large PHP sections, better error handling
  • improvement allow extreme large comment sections (forum 25538)

21.05.2015

19.05.2015

  • bugfix compiler did overwrite existing variable value when setting the nocache attribute https://github.com/smarty-php/smarty/issues/39
  • bugfix output filter trimwhitespace could run into the pcre.backtrack_limit on large output (code.google issue 220)
  • bugfix compiler could run into the pcre.backtrack_limit on larger comment or {php} tag sections (forum 25538)

18.05.2015

  • improvement introduce shortcuts in lexer/parser rules for most frequent terms for higher compilation speed

16.05.2015

  • bugfix {php}{/php} did work just for single lines https://github.com/smarty-php/smarty/issues/33
  • improvement remove not needed ?><?php transitions from compiled code
  • improvement reduce number of lexer tokens on operators and if conditions
  • improvement higher compilation speed by modified lexer/parser generator at "smarty/smarty-lexer"

13.05.2015

  • improvement remove not needed ?><?php transitions from compiled code
  • improvement of debugging:
    • use fresh Smarty object to display the debug console because of possible problems when the Smarty was extended or Smarty properties had been modified in the class source
    • display Smarty version number
    • Truncate lenght of Origin display and extend strin value display to 80 character
  • bugfix in Smarty_Security 'nl2br' should be a trusted modifier, not PHP function (code.google issue 223)

12.05.2015

===== 3.1.23 ===== (12.05.2015)

12.05.2015

  • bugfix of smaller performance issue introduce in 3.1.22 when caching is enabled
  • bugfix missig entry for smarty-temmplate-config in autoloader

===== 3.1.22 ===== tag was deleted because 3.1.22 did fail caused by the missing entry for smarty-temmplate-config in autoloader

10.05.2015

  • bugfix custom cache resource did not observe compile_id and cache_id when $cache_locking == true
  • bugfix cache lock was not handled correctly after timeout when $cache_locking == true
  • improvement added constants for $debugging

07.05.2015

  • improvement of the debugging console. Read NEW_FEATURES.txt
  • optimization of resource class loading

06.05.2015

  • bugfix in 3.1.22-dev cache resource must not be loaded for subtemplates
  • bugfix/improvement in 3.1.22-dev cache locking did not work as expected

05.05.2015

  • optimization on cache update when main template is modified
  • optimization move <?php ?> handling from parser to new compiler module

05.05.2015

04.05.2015

28.04.2015

  • bugfix plugins of merged subtemplates not loaded in 3.1.22-dev (forum topic 25508) 2nd fix

28.04.2015

  • bugfix plugins of merged subtemplates not loaded in 3.1.22-dev (forum topic 25508)

23.04.2015

  • bugfix a nocache template variable used as parameter at {insert} was by mistake cached

20.04.2015

  • bugfix at a template function containing nocache code a parmeter could overwrite a template variable of same name

27.03.2015

  • bugfix Smarty_Security->allow_constants=false; did also disable true, false and null (change of 16.03.2015)
  • improvement added a whitelist for trusted constants to security Smarty_Security::$trusted_constants (forum topic 25471)

20.03.2015

  • bugfix make sure that function properties get saved only in compiled files containing the fuction definition {forum topic 25452}
  • bugfix correct update of global variable values on exit of template functions. (reported under Smarty Developers)

16.03.2015

  • bugfix problems with {function}{/function} and {call} tags in different subtemplate cache files {forum topic 25452}
  • bugfix Smarty_Security->allow_constants=false; did not disallow direct usage of defined constants like {SMARTY_DIR} {forum topic 25457}
  • bugfix {block}{/block} tags did not work inside double quoted strings https://github.com/smarty-php/smarty/issues/18

15.03.2015

  • bugfix $smarty->compile_check must be restored before rendering of a just updated cache file {forum 25452}

14.03.2015

  • bugfix {nocache} {/nocache} tags corrupted code when used within a nocache section caused by a nocache template variable.

  • bugfix template functions defined with {function} in an included subtemplate could not be called in nocache mode with {call... nocache} if the subtemplate had it's own cache file {forum 25452}

10.03.2015

  • bugfix {include ... nocache} whith variable file or compile_id attribute was not executed in nocache mode.

12.02.2015

  • bugfix multiple Smarty::fetch() of same template when $smarty->merge_compiled_includes = true; could cause function already defined error

11.02.2015

  • bugfix recursive {includes} did create E_NOTICE message when $smarty->merge_compiled_includes = true; (github issue #16)

22.01.2015

  • new feature security can now control access to static methods and properties see also NEW_FEATURES.txt

21.01.2015

  • bugfix clearCompiledTemplates(), clearAll() and clear() could try to delete whole drive at wrong path permissions because realpath() fail (forum 25397)
  • bugfix 'self::' and 'parent::' was interpreted in template syntax as static class

04.01.2015

  • push last weeks changes to github
  • different optimizations
  • improvement automatically create different versions of compiled templates and config files depending on property settings.
  • optimization restructure template processing by moving code into classes it better belongs to
  • optimization restructure config file processing

31.12.2014 - bugfix use function_exists('mb_get_info') for setting Smarty::$_MBSTRING. Function mb_split could be overloaded depending on php.ini mbstring.func_overload

29.12.2014

  • new feature security can now limit the template nesting level by property $max_template_nesting see also NEW_FEATURES.txt (forum 25370)

29.12.2014

  • new feature security can now disable special $smarty variables listed in property $disabled_special_smarty_vars see also NEW_FEATURES.txt (forum 25370)

27.12.2014

  • bugfix clear internal _is_file_cache when plugins_dir was modified

13.12.2014

  • improvement optimization of lexer and parser resulting in a up to 30% higher compiling speed

11.12.2014

  • bugfix resolve parser ambiguity between constant print tag {CONST} and other smarty tags after change of 09.12.2014

09.12.2014

  • bugfix variables $null, $true and $false did not work after the change of 12.11.2014 (forum 25342)
  • bugfix call of template function by a variable name did not work after latest changes (forum 25342)

23.11.2014

  • bugfix a plugin with attached modifier could fail if the tag was immediately followed by another Smarty tag (since 3.1.21) (forum 25326)

13.11.2014

  • improvement move autoload code into Autoloader.php. Use Composer autoloader when possible

12.11.2014

  • new feature added support of namespaces to template code

08.11.2014 - 10.11.2014

  • bugfix subtemplate called in nocache mode could be called with wrong compile_id when it did change on one of the calling templates
  • improvement add code of template functions called in nocache mode dynamically to cache file (related to bugfix of 01.11.2014)
  • bugfix Debug Console did not include all data from merged compiled subtemplates

04.11.2014

  • new feature $smarty->debugging = true; => overwrite existing Debug Console window (old behaviour) $smarty->debugging = 2; => individual Debug Console window by template name

03.11.2014

  • bugfix Debug Console did not show included subtemplates since 3.1.17 (forum 25301)
  • bugfix Modifier debug_print_var did not limit recursion or prevent recursive object display at Debug Console (ATTENTION: parameter order has changed to be able to specify maximum recursion)
  • bugfix Debug consol did not include subtemplate information with $smarty->merge_compiled_includes = true
  • improvement The template variables are no longer displayed as objects on the Debug Console
  • improvement $smarty->createData($parent = null, $name = null) new optional name parameter for display at Debug Console
  • addition of some hooks for future extension of Debug Console

01.11.2014

  • bugfix and enhancement on subtemplate {include} and template {function} tags.
  • Calling a template which has a nocache section could fail if it was called from a cached and a not cached subtemplate.
  • Calling the same subtemplate cached and not cached with the $smarty->merge_compiled_includes enabled could cause problems
  • Many smaller related changes

30.10.2014

  • bugfix access to class constant by object like {$object::CONST} or variable class name {$class::CONST} did not work (forum 25301)

26.10.2014

  • bugfix E_NOTICE message was created during compilation when ASP tags '<%' or '%>' are in template source text
  • bugfix merge_compiled_includes option failed when caching enables and same subtemplate was included cached and not cached

How to install

sudo dnf upgrade --advisory=FEDORA-2019-d248c5aa39

This update has been submitted for testing by siwinski.

10 months ago

siwinski edited this update.

10 months ago

This update has been pushed to testing.

10 months ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

9 months ago

This update has been submitted for batched by siwinski.

9 months ago

This update has been submitted for stable by bodhi.

9 months ago

This update has been pushed to stable.

9 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
10 months ago
in testing
10 months ago
in stable
9 months ago
modified
10 months ago
BZ#1532493 CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names [epel-all]
0
0
BZ#1532494 CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names [fedora-all]
0
0
BZ#1628740 CVE-2018-16831 php-Smarty: trusted_dir protection mechanism bypass [epel-all]
0
0
BZ#1628741 CVE-2018-16831 php-Smarty: trusted_dir protection mechanism bypass [fedora-all]
0
0
BZ#1631096 CVE-2018-13982 php-Smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [fedora-all]
0
0
BZ#1631098 CVE-2018-13982 php-Smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [epel-all]
0
0

Automated Test Results