FEDORA-EPEL-2019-ac11c6484b created by siwinski 9 months ago for Fedora EPEL 7
stable

===== 3.1.33 release ===== 12.09.2018

===== 3.1.33-dev-12 =====

03.09.2018

31.08.2018

26.08.2018

===== 3.1.33-dev-6 =====

19.08.2018

===== 3.1.33-dev-4 =====

17.05.2018

26.04.2018

  • bugfix regarding Security Vulnerability did not solve the problem under Linux. Security issue CVE-2018-16831

===== 3.1.32 ===== (24.04.2018)

24.04.2018

  • bugfix possible Security Vulnerability in Smarty_Security class.

26.03.2018

26.03.2018

  • new feature {parent} = {$smarty.block.parent} {child} = {$smarty.block.child}

23.03.2018

21.03.2018

17.03.2018

16.03.2018

22.11.2017

20.11.2017

  • bugfix rework of newline spacing between tag code and template text. now again identical with Smarty2 (forum topic 26878)
  • replacement of " by '

05.11.2017

  • lexer/parser optimization
  • code cleanup and optimizations
  • bugfix {$smarty.section.name.loop} used together with {$smarty.section.name.total} could produce wrong results (forum topic 27041)

26.10.2017

  • bugfix Smarty version was not filled in header comment of compiled and cached files
  • optimization replace internal Smarty::$ds property by DIRECTORY_SEPARATOR
  • deprecate functions Smarty::muteExpectedErrors() and Smarty::unmuteExpectedErrors() as Smarty does no longer use error suppression like @filemtime(). for backward compatibility code is moved from Smarty class to an external class and still can be called.
  • correction of PHPDoc blocks
  • minor code cleanup

21.10.2017

18.10.2017

12.10.2017

07.10.2017

26.8.2017

09.8.2017

05.8.2017

  • bugfix wordwrap modifier could fail if used in nocache code. converted plugin file shared.mb_wordwrap.php into modifier.mb_wordwrap.php
  • cleanup of _getSmartyObj()

31.7.2017

30.7.2017

21.7.2017

27.5.2017

21.5.2017

19.5.2017

24.4.2017

17.4.2017

14.4.2017

13.4.2017

===== 3.1.31 ===== (14.12.2016)

23.11.2016

  • move template object cache into static variables

19.11.2016

11.11.2016

08.11.2016

  • add bootstrap file to load and register Smarty_Autoloader. Change composer.json to make it known to composer

07.11.2016

27.10.2016

23.10.2016

  • improvement/bugfix when Smarty::fetch() is called on a template object the inheritance and tplFunctions property should be copied to the called template object

21.10.2016

20.10.2016

19.10.2016

12.10.2016

08.10.2016

  • optimization move runtime extension for template functions into Smarty objects

29.09.2016

28.09.2016

27.09.2016

20.09.2016

19.09.2016

  • optimization clear compiled and cached folder completely on detected version change
  • cleanup convert cache resource file method clear into runtime extension

15.09.2016

11.09.2016

  • improvement {math} misleading E_USER_WARNING messages when parameter value = null https://github.com/smarty-php/smarty/issues/288
  • improvement move often used code snippets into methods
  • performance Smarty::configLoad() did load unneeded template source object

09.09.2016

08.09.2016

07.09.2016

01.09.2016

26.08.2016

  • bugfix change of 23.08.2016 failed on linux when use_include_path = true

23.08.2016

20.08-2016

14.08.2016

===== 3.1.30 ===== (07.08.2016)

07.08.2016

  • bugfix update of 04.08.2016 was incomplete

05.08.2016

04.08.2016

  • improvement move template function source parameter into extension

26.07.2016

  • optimization unneeded loading of compiled resource

24.07.2016

23.07.2016

19.07.2016

18.07.2016

14.07.2016

13.07.2016

12.07.2016

27.05.2016

16.05.2016

  • optimization {foreach} compiler and processing
  • broken PHP 5.3 and 5.4 compatibility

15.05.2016

  • optimization and cleanup of resource code

10.05.2016

  • optimization of inheritance processing

07.05.2016

-bugfix Only variables should be assigned by reference https://github.com/smarty-php/smarty/issues/227

02.05.2016

01.05.2016

  • bugfix same relative filepath at {include} called from template in different folders could display wrong sub-template

29.04.2016

24.04.2016

14.04.2016

13.04.2016

27.03.2016

11.03.2016

  • optimization of capture and security handling
  • improvement $smarty->clearCompiledTemplate() should return on recompiled or uncompiled resources

10.03.2016

  • optimization of resource processing

09.03.2016

04.03.2016

  • bugfix change from 01.03.2016 will cause $smarty->isCached(..) failure if called multiple time for same template (forum topic 25935)

02.03.2016

01.03.2016

  • bugfix template objects must be cached on $smarty->fetch('foo.tpl) calls incase the template is fetched multiple times (forum topic 25909)

25.02.2016

20.02.2016

19.02.2016

14.02.2016

11.02.2016

10.02.2016

09.02.2016

  • move some code from parser into compiler
  • reformat all code for unique style
  • update/bugfix scope attribute handling reworked. Read the newfeatures.txt file

05.02.2016

  • improvement internal compiler changes

01.02.2016

  • bugfix {foreach} compilation failed when $smarty->merge_compiled_includes = true and pre-filters are used.

29.01.2016

28.01.2016

27.01.2016

26.01.2016

02.01.2016

  • update scope handling
  • optimize block plugin compiler
  • improvement runtime checks if registered block plugins are callable

01.01.2016

  • remove Smarty::$resource_cache_mode property

31.12.2015

  • optimization of {assign}, {if} and {while} compiled code

30.12.2015

29.12.2015

28.12.2015

  • optimization of {foreach} code size and processing

27.12.2015

  • improve inheritance code
  • update external methods
  • code fixes
  • PHPdoc updates

25.12.2015

  • compile {block} tag code and its processing into classes
  • optimization replace hhvm extension by inline code
  • new feature If ACP is enabled force an apc_compile_file() when compiled or cached template was updated

24.12.2015

23.12.2015

  • optimization move internal method decodeProperties back into template object
  • optimization move subtemplate processing back into template object
  • new feature Caching does now observe the template_dir setting and will create separate cache files if required

22.12.2015

  • change $xxx_dir properties from private to protected in case Smarty class gets extended
  • code optimizations

21.12.2015

===== 3.1.29 ===== (21.12.2015)

21.12.2015

  • optimization improve speed of filetime checks on extends and extendsall resource

20.12.2015

19.12.2015

18.12.2015

17.12.2015

  • bugfix {$smarty.capture.nameFail} did lowercase capture name https://github.com/smarty-php/smarty/issues/135
  • bugfix using {block append/prepend} on same block in multiple levels of inheritance templates could fail (forum topic 25827)
  • bugfix text content consisting of just a single '0' like in {if true}0{/if} was suppressed (forum topic 25834)

16.12.2015

15.12.2015

  • bugfix {$smarty.cookies.foo} did return the $_COOKIE array not the 'foo' value https://github.com/smarty-php/smarty/issues/122
  • bugfix a call to clearAllCache() and other should clear all internal template object caches (forum topic 25828)

14.12.2015

===== 3.1.28 ===== (13.12.2015)

13.12.2015

  • bugfix {foreach} and {section} with uppercase characters in name attribute did not work (forum topic 25819)
  • bugfix $smarty->debugging_ctrl = 'URL' did not work (forum topic 25811)
  • bugfix Debug Console could display incorrect data when using subtemplates

09.12.2015

  • bugfix Smarty did fail under PHP 7.0.0 with use_include_path = true;

09.12.2015

08.12.2015

05.12.2015

-bugfix {strip} should insert a single space https://github.com/smarty-php/smarty/issues/111

25.11.2015

-bugfix a left delimter like '[%' did fail on [%$var_[%$variable%]%] (forum topic 25798)

02.11.2015

01.11.2015

  • update config file processing

31.10.2015

  • bugfix add missing $trusted_dir property to SmartyBC class (forum topic 25751)

29.10.2015

  • improve template scope handling

24.10.2015

21.10.2015

  • move some code into runtime extensions

18.10.2015

  • optimize filepath normalization
  • rework of template inheritance
  • speed and size optimizations
  • bugfix under HHVM temporary cache file must only be created when caches template was updated
  • fix compiled code for new {block} assign attribute
  • update code generated by template function call handler

18.09.2015

17.09.2015

16.09.2015

  • update compiler by moving no longer needed properties, code optimizations and other

14.09.2015

  • optimize autoloader
  • optimize subtemplate handling
  • update template inheritance processing
  • move code of {call} processing back into Smarty_Internal_Template class
  • improvement invalidate OPCACHE for cleared compiled and cached template files (forum topic 25557)
  • bugfix unintended multiple debug windows (forum topic 25699)

30.08.2015

  • size optimization move some runtime functions into extension
  • optimize inline template processing
  • optimization merge inheritance child and parent templates into one compiled template file

29.08.2015

23.08.2015

  • introduce Smarty::$resource_cache_mode and cache template object of {include} inside loop
  • load seldom used Smarty API methods dynamically to reduce memory footprint
  • cache template object of {include} if same template is included several times
  • convert debug console processing to object
  • use output buffers for better performance and less memory usage
  • optimize nocache hash processing
  • remove not really needed properties
  • optimize rendering
  • move caching to Smarty::_cache
  • remove properties with redundant content
  • optimize Smarty::templateExists()
  • optimize use_include_path processing
  • relocate properties for size optimization
  • remove redundant code
  • bugfix compiling super globals like {$smarty.get.foo} did fail in the master branch https://github.com/smarty-php/smarty/issues/77

06.08.2015

  • avoid possible circular object references caused by parser/lexer objects
  • rewrite compileAll... utility methods
  • commit several internal improvements
  • bugfix Smarty failed when compile_id did contain "|"

03.08.2015

  • rework clear cache methods
  • bugfix compileAllConfig() was broken since 3.1.22 because of the changes in config file processing
  • improve getIncludePath() to return directory if no file was given

02.08.2015

  • optimization and code cleanup of {foreach} and {section} compiler
  • rework {capture} compiler

01.08.2015

  • update DateTime object can be instance of DateTimeImmutable since PHP5.5 https://github.com/smarty-php/smarty/pull/75
  • improvement show resource type and start of template source instead of uid on eval: and string: resource (forum topic 25630)

31.07.2015

  • optimize {foreach} and {section} compiler

29.07.2015

  • optimize {section} compiler for speed and size of compiled code

28.07.2015

  • update for PHP 7 compatibility

26.07.2015

25.07.2015

20.07.2015

12.07.2015

  • optimize {extends} compilation

10.07.2015

  • bugfix force file: resource in demo resource.extendsall.php

08.07.2015

  • bugfix convert each word of class names to ucfirst in in compiler. (forum topic 25588)

07.07.2015

  • improvement allow fetch() or display() called on a template object to get output from other template like $template->fetch('foo.tpl') https://github.com/smarty-php/smarty/issues/70
  • improvement Added $limit parameter to regex_replace modifier #71
  • new feature multiple indices on file: resource

06.07.2015

  • optimize {block} compilation
  • optimization get rid of get and set in source object

01.07.2015

28.06.2015

  • move $smarty->enableSecurity() into Smarty_Security class
  • optimize security isTrustedResourceDir()
  • move auto load filter methods into extension
  • move $smarty->getTemplateVars() into extension
  • move getStreamVariable() into extension
  • move $smarty->append() and $smarty->appendByRef() into extension
  • optimize autoloader
  • optimize file path normalization
  • bugfix PATH_SEPARATOR was replaced by mistake in autoloader
  • remove redundant code

27.06.2015

  • bugfix resolve naming conflict between custom Smarty delimiter '<%' and PHP ASP tags https://github.com/smarty-php/smarty/issues/64
  • update $smarty->_realpath for relative path not starting with './'
  • update Smarty security with new realpath handling
  • update {include_php} with new realpath handling
  • move $smarty->loadPlugin() into extension
  • minor compiler optimizations
  • bugfix allow function plugins with name ending with 'close' https://github.com/smarty-php/smarty/issues/52
  • rework of $smarty->clearCompiledTemplate() and move it to its own extension

19.06.2015

===== 3.1.27===== (18.06.2015)

18.06.2015

===== 3.1.26===== (18.06.2015)

18.06.2015

17.06.2015

===== 3.1.25===== (15.06.2015)

15.06.2015

  • optimization of smarty_cachereource_keyvaluestore.php code

14.06.2015

13.06.2015

  • bugfix a custom cache resource using smarty_cachereource_keyvaluestore.php did fail if php.ini mbstring.func_overload = 2 (forum topic 25568)

11.06.2015

  • bugfix the lexer could hang on very large quoted strings (forum topic 25570)

08.06.2015

04.06.2015

01.06.2015

27.05.2015

24.05.2015

===== 3.1.24===== (23.05.2015)

23.05.2015

  • improvement on php_handling to allow very large PHP sections, better error handling
  • improvement allow extreme large comment sections (forum 25538)

21.05.2015

19.05.2015

  • bugfix compiler did overwrite existing variable value when setting the nocache attribute https://github.com/smarty-php/smarty/issues/39
  • bugfix output filter trimwhitespace could run into the pcre.backtrack_limit on large output (code.google issue 220)
  • bugfix compiler could run into the pcre.backtrack_limit on larger comment or {php} tag sections (forum 25538)

18.05.2015

  • improvement introduce shortcuts in lexer/parser rules for most frequent terms for higher compilation speed

16.05.2015

  • bugfix {php}{/php} did work just for single lines https://github.com/smarty-php/smarty/issues/33
  • improvement remove not needed ?><?php transitions from compiled code
  • improvement reduce number of lexer tokens on operators and if conditions
  • improvement higher compilation speed by modified lexer/parser generator at "smarty/smarty-lexer"

13.05.2015

  • improvement remove not needed ?><?php transitions from compiled code
  • improvement of debugging:
    • use fresh Smarty object to display the debug console because of possible problems when the Smarty was extended or Smarty properties had been modified in the class source
    • display Smarty version number
    • Truncate lenght of Origin display and extend strin value display to 80 character
  • bugfix in Smarty_Security 'nl2br' should be a trusted modifier, not PHP function (code.google issue 223)

12.05.2015

===== 3.1.23 ===== (12.05.2015)

12.05.2015

  • bugfix of smaller performance issue introduce in 3.1.22 when caching is enabled
  • bugfix missig entry for smarty-temmplate-config in autoloader

===== 3.1.22 ===== tag was deleted because 3.1.22 did fail caused by the missing entry for smarty-temmplate-config in autoloader

10.05.2015

  • bugfix custom cache resource did not observe compile_id and cache_id when $cache_locking == true
  • bugfix cache lock was not handled correctly after timeout when $cache_locking == true
  • improvement added constants for $debugging

07.05.2015

  • improvement of the debugging console. Read NEW_FEATURES.txt
  • optimization of resource class loading

06.05.2015

  • bugfix in 3.1.22-dev cache resource must not be loaded for subtemplates
  • bugfix/improvement in 3.1.22-dev cache locking did not work as expected

05.05.2015

  • optimization on cache update when main template is modified
  • optimization move <?php ?> handling from parser to new compiler module

05.05.2015

04.05.2015

28.04.2015

  • bugfix plugins of merged subtemplates not loaded in 3.1.22-dev (forum topic 25508) 2nd fix

28.04.2015

  • bugfix plugins of merged subtemplates not loaded in 3.1.22-dev (forum topic 25508)

23.04.2015

  • bugfix a nocache template variable used as parameter at {insert} was by mistake cached

20.04.2015

  • bugfix at a template function containing nocache code a parmeter could overwrite a template variable of same name

27.03.2015

  • bugfix Smarty_Security->allow_constants=false; did also disable true, false and null (change of 16.03.2015)
  • improvement added a whitelist for trusted constants to security Smarty_Security::$trusted_constants (forum topic 25471)

20.03.2015

  • bugfix make sure that function properties get saved only in compiled files containing the fuction definition {forum topic 25452}
  • bugfix correct update of global variable values on exit of template functions. (reported under Smarty Developers)

16.03.2015

  • bugfix problems with {function}{/function} and {call} tags in different subtemplate cache files {forum topic 25452}
  • bugfix Smarty_Security->allow_constants=false; did not disallow direct usage of defined constants like {SMARTY_DIR} {forum topic 25457}
  • bugfix {block}{/block} tags did not work inside double quoted strings https://github.com/smarty-php/smarty/issues/18

15.03.2015

  • bugfix $smarty->compile_check must be restored before rendering of a just updated cache file {forum 25452}

14.03.2015

  • bugfix {nocache} {/nocache} tags corrupted code when used within a nocache section caused by a nocache template variable.

  • bugfix template functions defined with {function} in an included subtemplate could not be called in nocache mode with {call... nocache} if the subtemplate had it's own cache file {forum 25452}

10.03.2015

  • bugfix {include ... nocache} whith variable file or compile_id attribute was not executed in nocache mode.

12.02.2015

  • bugfix multiple Smarty::fetch() of same template when $smarty->merge_compiled_includes = true; could cause function already defined error

11.02.2015

  • bugfix recursive {includes} did create E_NOTICE message when $smarty->merge_compiled_includes = true; (github issue #16)

22.01.2015

  • new feature security can now control access to static methods and properties see also NEW_FEATURES.txt

21.01.2015

  • bugfix clearCompiledTemplates(), clearAll() and clear() could try to delete whole drive at wrong path permissions because realpath() fail (forum 25397)
  • bugfix 'self::' and 'parent::' was interpreted in template syntax as static class

04.01.2015

  • push last weeks changes to github
  • different optimizations
  • improvement automatically create different versions of compiled templates and config files depending on property settings.
  • optimization restructure template processing by moving code into classes it better belongs to
  • optimization restructure config file processing

31.12.2014 - bugfix use function_exists('mb_get_info') for setting Smarty::$_MBSTRING. Function mb_split could be overloaded depending on php.ini mbstring.func_overload

29.12.2014

  • new feature security can now limit the template nesting level by property $max_template_nesting see also NEW_FEATURES.txt (forum 25370)

29.12.2014

  • new feature security can now disable special $smarty variables listed in property $disabled_special_smarty_vars see also NEW_FEATURES.txt (forum 25370)

27.12.2014

  • bugfix clear internal _is_file_cache when plugins_dir was modified

13.12.2014

  • improvement optimization of lexer and parser resulting in a up to 30% higher compiling speed

11.12.2014

  • bugfix resolve parser ambiguity between constant print tag {CONST} and other smarty tags after change of 09.12.2014

09.12.2014

  • bugfix variables $null, $true and $false did not work after the change of 12.11.2014 (forum 25342)
  • bugfix call of template function by a variable name did not work after latest changes (forum 25342)

23.11.2014

  • bugfix a plugin with attached modifier could fail if the tag was immediately followed by another Smarty tag (since 3.1.21) (forum 25326)

13.11.2014

  • improvement move autoload code into Autoloader.php. Use Composer autoloader when possible

12.11.2014

  • new feature added support of namespaces to template code

08.11.2014 - 10.11.2014

  • bugfix subtemplate called in nocache mode could be called with wrong compile_id when it did change on one of the calling templates
  • improvement add code of template functions called in nocache mode dynamically to cache file (related to bugfix of 01.11.2014)
  • bugfix Debug Console did not include all data from merged compiled subtemplates

04.11.2014

  • new feature $smarty->debugging = true; => overwrite existing Debug Console window (old behaviour) $smarty->debugging = 2; => individual Debug Console window by template name

03.11.2014

  • bugfix Debug Console did not show included subtemplates since 3.1.17 (forum 25301)
  • bugfix Modifier debug_print_var did not limit recursion or prevent recursive object display at Debug Console (ATTENTION: parameter order has changed to be able to specify maximum recursion)
  • bugfix Debug consol did not include subtemplate information with $smarty->merge_compiled_includes = true
  • improvement The template variables are no longer displayed as objects on the Debug Console
  • improvement $smarty->createData($parent = null, $name = null) new optional name parameter for display at Debug Console
  • addition of some hooks for future extension of Debug Console

01.11.2014

  • bugfix and enhancement on subtemplate {include} and template {function} tags.
  • Calling a template which has a nocache section could fail if it was called from a cached and a not cached subtemplate.
  • Calling the same subtemplate cached and not cached with the $smarty->merge_compiled_includes enabled could cause problems
  • Many smaller related changes

30.10.2014

  • bugfix access to class constant by object like {$object::CONST} or variable class name {$class::CONST} did not work (forum 25301)

26.10.2014

  • bugfix E_NOTICE message was created during compilation when ASP tags '<%' or '%>' are in template source text
  • bugfix merge_compiled_includes option failed when caching enables and same subtemplate was included cached and not cached
This update has been submitted for testing by siwinski. 9 months ago
siwinski edited this update. 9 months ago
This update has been pushed to testing. 9 months ago
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes 8 months ago
This update has been submitted for batched by siwinski. 8 months ago
This update has been submitted for stable by bodhi. 8 months ago
This update has been pushed to stable. 8 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
9 months ago
in testing
9 months ago
in stable
8 months ago
modified
9 months ago
BZ#1532493 CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names [epel-all]
0
0
BZ#1532494 CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names [fedora-all]
0
0
BZ#1628740 CVE-2018-16831 php-Smarty: trusted_dir protection mechanism bypass [epel-all]
0
0
BZ#1628741 CVE-2018-16831 php-Smarty: trusted_dir protection mechanism bypass [fedora-all]
0
0
BZ#1631096 CVE-2018-13982 php-Smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [fedora-all]
0
0
BZ#1631098 CVE-2018-13982 php-Smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [epel-all]
0
0

Automated Test Results