——————————————————————————–
Fedora Update Notification
FEDORA-2019-d248c5aa39
2019-03-06 15:27:20.805844
——————————————————————————–
Name : php-Smarty
Product : Fedora 28
Version : 3.1.33
Release : 1.fc28
URL : http://www.smarty.net
Summary : Smarty – the compiling PHP template engine
Description :
Smarty is a template engine for PHP, facilitating the separation of
presentation (HTML/CSS) from application logic. This implies that PHP
code is application logic, and is separated from the presentation.
Autoloader: /usr/share/php/Smarty/autoload.php
——————————————————————————–
Update Information:
===== 3.1.33 release ===== 12.09.2018 ===== 3.1.33-dev-12 ===== 03.09.2018
– bugfix {foreach} using new style property access like {$item@property} on
Smarty 2 style named foreach loop could produce errors
https://github.com/smarty-php/smarty/issues/484 31.08.2018 – bugfix some
custom left and right delimiters like ‘{^’ ‘^}’ did not work
https://github.com/smarty-php/smarty/issues/450 https://github.com/smarty-
php/smarty/pull/482 – reformating for PSR-2 coding standards
https://github.com/smarty-php/smarty/pull/483 – bugfix on Windows absolute
filepathes did fail if the drive letter was followed by a linux
DIRECTORY_SEPARATOR like C:/ at Smarty > 3.1.33-dev-5
https://github.com/smarty-php/smarty/issues/451 – PSR-2 code style fixes for
config and template file Lexer/Parser generated with the Smarty Lexer/Parser
generator from https://github.com/smarty-php/smarty-lexer
https://github.com/smarty-php/smarty/pull/483 26.08.2018 –
bugfix/enhancement {capture} allow variable as capture block name in Smarty
special variable like $smarty.capture.$foo https://github.com/smarty-
php/smarty/issues/478 https://github.com/smarty-php/smarty/pull/481 =====
3.1.33-dev-6 ===== 19.08.2018 – fix PSR-2 coding standards and PHPDoc blocks
https://github.com/smarty-php/smarty/pull/452 https://github.com/smarty-
php/smarty/pull/475 https://github.com/smarty-php/smarty/pull/473 – bugfix
PHP5.2 compatibility https://github.com/smarty-php/smarty/pull/472 =====
3.1.33-dev-4 ===== 17.05.2018 – bugfix strip-block produces different output
in Smarty v3.1.32 https://github.com/smarty-php/smarty/issues/436 – bugfix
Smarty::compileAllTemplates ignores `$extension` parameter
https://github.com/smarty-php/smarty/issues/437 https://github.com/smarty-
php/smarty/pull/438 – improvement do not compute total property in {foreach} if
not needed https://github.com/smarty-php/smarty/issues/443 – bugfix plugins
may not be loaded when setMergeCompiledIncludes is true
https://github.com/smarty-php/smarty/issues/435 26.04.2018 – bugfix
regarding Security Vulnerability did not solve the problem under Linux.
Security issue CVE-2018-16831 ===== 3.1.32 ===== (24.04.2018) 24.04.2018 –
bugfix possible Security Vulnerability in Smarty_Security class. 26.03.2018
– bugfix plugins may not be loaded if {function} or {block} tags are executed in
nocache mode https://github.com/smarty-php/smarty/issues/371 26.03.2018 –
new feature {parent} = {$smarty.block.parent} {child} = {$smarty.block.child}
23.03.2018 – bugfix preg_replace could fail on large content resulting in a
blank page https://github.com/smarty-php/smarty/issues/417 21.03.2018 –
bugfix {$smarty.section…} used outside {section}{/section} showed incorrect
values if {section}{/section} was called inside another loop
https://github.com/smarty-php/smarty/issues/422 – bugfix short form of
{section} attributes did not work https://github.com/smarty-
php/smarty/issues/428 17.03.2018 – improvement Smarty::compileAllTemplates()
exit with a non-zero status code if max errors is reached
https://github.com/smarty-php/smarty/pull/402 16.03.2018 – bugfix extends
resource did not work with user defined left/right delimiter
https://github.com/smarty-php/smarty/issues/419 22.11.2017 – bugfix {break}
and {continue} could fail if {foreach}{/foreach} did contain other looping
tags like {for}, {section} and {while} https://github.com/smarty-
php/smarty/issues/323 20.11.2017 – bugfix rework of newline spacing between
tag code and template text. now again identical with Smarty2 (forum topic
26878) – replacement of ” by ‘ 05.11.2017 – lexer/parser optimization –
code cleanup and optimizations – bugfix {$smarty.section.name.loop} used
together with {$smarty.section.name.total} could produce wrong results
(forum topic 27041) 26.10.2017 – bugfix Smarty version was not filled in
header comment of compiled and cached files – optimization replace internal
Smarty::$ds property by DIRECTORY_SEPARATOR – deprecate functions
Smarty::muteExpectedErrors() and Smarty::unmuteExpectedErrors() as Smarty
does no longer use error suppression like @filemtime(). for backward
compatibility code is moved from Smarty class to an external class and still can
be called. – correction of PHPDoc blocks – minor code cleanup
21.10.2017 – bugfix custom delimiters could fail since modification of
version 3.1.32-dev-23 https://github.com/smarty-php/smarty/issues/394
18.10.2017 – bugfix fix implementation of unclosed block tag in double quoted
string of 12.10.2017 https://github.com/smarty-php/smarty/issues/396
https://github.com/smarty-php/smarty/issues/397 https://github.com/smarty-
php/smarty/issues/391 https://github.com/smarty-php/smarty/issues/392
12.10.2017 – bugfix $smarty.block.child and $smarty.block.parent could not be
used like any $smarty special variable https://github.com/smarty-
php/smarty/issues/393 – unclosed block tag in double quoted string must throw
compiler exception. https://github.com/smarty-php/smarty/issues/391
https://github.com/smarty-php/smarty/issues/392 07.10.2017 – bugfix
modification of 9.8.2017 did fail on some recursive tag nesting.
https://github.com/smarty-php/smarty/issues/389 26.8.2017 – bugfix chained
modifier failed when last modifier parameter is a signed value
https://github.com/smarty-php/smarty/issues/327 – bugfix templates filepath
with multibyte characters did not work https://github.com/smarty-
php/smarty/issues/385 – bugfix {make_nocache} did display code if the template
did not contain other nocache code https://github.com/smarty-
php/smarty/issues/369 09.8.2017 – improvement repeated delimiter like {{ and
}} will be treated as literal
https://groups.google.com/forum/#!topic/smarty-developers/h9r82Bx4KZw 05.8.2017
– bugfix wordwrap modifier could fail if used in nocache code. converted
plugin file shared.mb_wordwrap.php into modifier.mb_wordwrap.php – cleanup of
_getSmartyObj() 31.7.2017 – Call clearstatcache() after mkdir() failure
https://github.com/smarty-php/smarty/pull/379 30.7.2017 – rewrite mkdir()
bugfix to retry automatically see https://github.com/smarty-php/smarty/pull/377
https://github.com/smarty-php/smarty/pull/379 21.7.2017 – security possible
PHP code injection on custom resources at display() or fetch() calls if the
resource does not sanitize the template name – bugfix fix ‘mkdir(): File
exists’ error on create directory from parallel processes
https://github.com/smarty-php/smarty/pull/377 – bugfix solve preg_match() hhvm
parameter problem https://github.com/smarty-php/smarty/pull/372 27.5.2017 –
bugfix change compiled code for registered function and modifiers to called as
callable to allow closures https://github.com/smarty-php/smarty/pull/368,
https://github.com/smarty-php/smarty/issues/273 – bugfix
https://github.com/smarty-php/smarty/pull/368 did break the default plugin
handler – improvement replace phpversion() by PHP_VERSION constant.
https://github.com/smarty-php/smarty/pull/363 21.5.2017 – performance store
flag for already required shared plugin functions in static variable or
Smarty’s $_cache to improve performance when plugins are often called
https://github.com/smarty-php/smarty/commit/51e0d5cd405d764a4ea257d1bac1fb1205f7
4528#commitcomment-22280086 – bugfix remove special treatment of classes
implementing ArrayAccess in {foreach} https://github.com/smarty-
php/smarty/issues/332 – bugfix remove deleted files by clear_cache() and
clear_compiled_template() from ACP cache if present, add some is_file()
checks to avoid possible warnings on filemtime() caused by above functions.
https://github.com/smarty-php/smarty/issues/341 – bugfix version 3.1.31 did
fail under PHP 5.2 https://github.com/smarty-php/smarty/issues/365
19.5.2017 – change properties $accessMap and $obsoleteProperties from private
to protected https://github.com/smarty-php/smarty/issues/351 – new feature
The named capture buffers can now be accessed also as array See
NEWS_FEATURES.txt https://github.com/smarty-php/smarty/issues/366 –
improvement check if ini_get() and ini_set() not disabled
https://github.com/smarty-php/smarty/pull/362 24.4.2017 – fix spelling
https://github.com/smarty-php/smarty/commit/e3eda8a5f5653d8abb960eb1bc47e3eca679
b1b4#commitcomment-21803095 17.4.2017 – correct generated code on empty()
and isset() call, observe change PHP behaviour since PHP 5.5
https://github.com/smarty-php/smarty/issues/347 14.4.2017 – merge pull
requests https://github.com/smarty-php/smarty/pull/349,
https://github.com/smarty-php/smarty/pull/322 and https://github.com/smarty-
php/smarty/pull/337 to fix spelling and annotation 13.4.2017 – bugfix
array_merge() parameter should be checked https://github.com/smarty-
php/smarty/issues/350 ===== 3.1.31 ===== (14.12.2016) 23.11.2016 – move
template object cache into static variables 19.11.2016 – bugfix
inheritance root child templates containing nested {block}{/block} could call
sub-bock content from parent template https://github.com/smarty-
php/smarty/issues/317 – change version checking 11.11.2016 – bugfix when
Smarty is using a cached template object on Smarty::fetch() or
Smarty::isCached() the inheritance data must be removed
https://github.com/smarty-php/smarty/issues/312 – smaller speed optimization
08.11.2016 – add bootstrap file to load and register Smarty_Autoloader.
Change composer.json to make it known to composer 07.11.2016 – optimization
of lexer speed https://github.com/smarty-php/smarty/issues/311 27.10.2016 –
bugfix template function definitions array has not been cached between
Smarty::fetch() and Smarty::display() calls https://github.com/smarty-
php/smarty/issues/301 23.10.2016 – improvement/bugfix when Smarty::fetch()
is called on a template object the inheritance and tplFunctions property
should be copied to the called template object 21.10.2016 – bugfix for
compile locking touched timestamp of old compiled file was not restored on
compilation error https://github.com/smarty-php/smarty/issues/308 20.10.2016
– bugfix nocache code was not removed in cache file when subtemplate did contain
PHP short tags in text but no other nocache code https://github.com/smarty-
php/smarty/issues/300 19.10.2016 – bugfix {make_nocache $var} did fail when
variable value did contain ‘\’ https://github.com/smarty-php/smarty/issues/305
– bugfix {make_nocache $var} remove spaces from variable value
https://github.com/smarty-php/smarty/issues/304 12.10.2016 – bugfix
{include} with template names including variable or constants could fail after
bugfix from 28.09.2016 https://github.com/smarty-php/smarty/issues/302
08.10.2016 – optimization move runtime extension for template functions into
Smarty objects 29.09.2016 – improvement new Smarty::$extends_recursion
property to disable execution of {extends} in templates called by extends
resource https://github.com/smarty-php/smarty/issues/296 28.09.2016 –
bugfix the generated code for calling a subtemplate must pass the template
resource name in single quotes https://github.com/smarty-php/smarty/issues/299
– bugfix nocache hash was not removed for <?xml ?> tags in subtemplates
https://github.com/smarty-php/smarty/issues/300 27.09.2016 – bugfix when
Smarty does use an internally cached template object on Smarty::fetch() calls
the template and config variables must be cleared https://github.com/smarty-
php/smarty/issues/297 20.09.2016 – bugfix some $smarty special template
variables are no longer accessed as real variable. using them on calls like
{if isset($smarty.foo)} or {if empty($smarty.foo)} will fail
http://www.smarty.net/forums/viewtopic.php?t=26222 – temporary fix for
https://github.com/smarty-php/smarty/issues/293 main reason still under
investigation – improvement new tags {block_parent} {block_child} in template
inheritance 19.09.2016 – optimization clear compiled and cached folder
completely on detected version change – cleanup convert cache resource file
method clear into runtime extension 15.09.2016 – bugfix assigning a
variable in if condition by function like {if $value = array_shift($array)} the
function got called twice https://github.com/smarty-php/smarty/issues/291 –
bugfix function plugins called with assign attribute like {foo assign=’bar’} did
not output returned content because because assumption was made that
it was assigned to a variable https://github.com/smarty-php/smarty/issues/292
– bugfix calling $smarty->isCached() on a not existing cache file with
$smarty->cache_locking = true; could cause a 10 second delay
http://www.smarty.net/forums/viewtopic.php?t=26282 – improvement make
Smarty::clearCompiledTemplate() on custom resource independent from changes of
templateId computation 11.09.2016 – improvement {math} misleading
E_USER_WARNING messages when parameter value = null https://github.com/smarty-
php/smarty/issues/288 – improvement move often used code snippets into methods
– performance Smarty::configLoad() did load unneeded template source object
09.09.2016 – bugfix/optimization {foreach} did not execute the {foreachelse}
when iterating empty objects https://github.com/smarty-php/smarty/pull/287 –
bugfix {foreach} must keep the @properties when restoring a saved $item variable
as the properties might be used outside {foreach} https://github.com/smarty-
php/smarty/issues/267 – improvement {foreach} observe {break n} and {continue
n} nesting levels when restoring saved $item and $key variables 08.09.2016
– bugfix implement wrapper for removed method getConfigVariable()
https://github.com/smarty-php/smarty/issues/286 07.09.2016 – bugfix using
nocache like attribute with value true like {plugin nocache=true} did not work
https://github.com/smarty-php/smarty/issues/285 – bugfix uppercase TRUE, FALSE
and NULL did not work when security was enabled https://github.com/smarty-
php/smarty/issues/282 – bugfix when {foreach} was looping over an object the
total property like {$item@total} did always return 1 https://github.com/smarty-
php/smarty/issues/281 – bugfix {capture}{/capture} did add in 3.1.30
unintended additional blank lines https://github.com/smarty-
php/smarty/issues/268 01.09.2016 – performance require_once should be
called only once for shared plugins https://github.com/smarty-
php/smarty/issues/280 26.08.2016 – bugfix change of 23.08.2016 failed on
linux when use_include_path = true 23.08.2016 – bugfix remove constant DS
as shortcut for DIRECTORY_SEPARATOR as the user may have defined it to something
else https://github.com/smarty-php/smarty/issues/277 20.08-2016 – bugfix
{config_load … scope=”global”} shall not throw an arror but fallback to
scope=”smarty” https://github.com/smarty-php/smarty/issues/274 – bugfix
{make_nocache} failed when using composer autoloader https://github.com/smarty-
php/smarty/issues/275 14.08.2016 – bugfix $smarty_>debugging = true; did
E_NOTICE messages when {eval} tag was used https://github.com/smarty-
php/smarty/issues/266 – bugfix Class
‘Smarty_Internal_Runtime_ValidateCompiled’ not found when upgrading from some
older Smarty versions with existing compiled or cached template files
https://github.com/smarty-php/smarty/issues/269 – optimization remove unneeded
call to update acopes when {assign} scope and template scope was local (default)
===== 3.1.30 ===== (07.08.2016) 07.08.2016 – bugfix update of 04.08.2016
was incomplete 05.08.2016 – bugfix compiling of templates failed when the
Smarty delimiter did contain ‘/’ https://github.com/smarty-php/smarty/issues/264
– updated error checking at template and config default handler 04.08.2016
– improvement move template function source parameter into extension
26.07.2016 – optimization unneeded loading of compiled resource 24.07.2016
– regression this->addPluginsDir(‘/abs/path/to/dir’) adding absolute path
without trailing ‘/’ did fail https://github.com/smarty-php/smarty/issues/260
23.07.2016 – bugfix setTemplateDir(‘/’) and setTemplateDir(”) did create
wrong absolute filepath https://github.com/smarty-php/smarty/issues/245 –
optimization of filepath normalization – improvement remove double function
declaration in plugin shared.escape_special_cars.php https://github.com/smarty-
php/smarty/issues/229 19.07.2016 – bugfix multiple {include} with relative
filepath within {block}{/block} could fail https://github.com/smarty-
php/smarty/issues/246 – bugfix {math} shell injection vulnerability patch
provided by Tim Weber 18.07.2016 – bugfix {foreach} if key variable and
item@key attribute have been used both the key variable was not updated
https://github.com/smarty-php/smarty/issues/254 – bugfix modifier on plugins
like {plugin|modifier … } did fail when the plugin does return an array
https://github.com/smarty-php/smarty/issues/228 – bugfix avoid
opcache_invalidate to result in ErrorException when opcache.restrict_api is not
empty https://github.com/smarty-php/smarty/pull/244 – bugfix multiple
{include} with relative filepath within {block}{/block} could fail
https://github.com/smarty-php/smarty/issues/246 14.07.2016 – bugfix wrong
parameter on compileAllTemplates() and compileAllConfig()
https://github.com/smarty-php/smarty/issues/231 13.07.2016 – bugfix PHP 7
compatibility on registered compiler plugins https://github.com/smarty-
php/smarty/issues/241 – update testInstall() https://github.com/smarty-
php/smarty/issues/248https://github.com/smarty-php/smarty/issues/248 – bugfix
enable debugging could fail when template objects did already exists
https://github.com/smarty-php/smarty/issues/237 – bugfix template function
data should be merged when loading subtemplate https://github.com/smarty-
php/smarty/issues/240 – bugfix wrong parameter on compileAllTemplates()
https://github.com/smarty-php/smarty/issues/231 12.07.2016 – bugfix
{foreach} item variable must be created also on empty from array
https://github.com/smarty-php/smarty/issues/238 and https://github.com/smarty-
php/smarty/issues/239 – bugfix enableSecurity() must init cache flags
https://github.com/smarty-php/smarty/issues/247 27.05.2016 –
bugfix/improvement of compileAlltemplates() follow symlinks in template folder
(PHP >= 5.3.1) https://github.com/smarty-php/smarty/issues/224 clear
internal cache and expension handler for each template to avoid possible
conflicts https://github.com/smarty-php/smarty/issues/231 16.05.2016 –
optimization {foreach} compiler and processing – broken PHP 5.3 and 5.4
compatibility 15.05.2016 – optimization and cleanup of resource code
10.05.2016 – optimization of inheritance processing 07.05.2016 -bugfix
Only variables should be assigned by reference https://github.com/smarty-
php/smarty/issues/227 02.05.2016 – enhancement {block} tag names can now be
variable https://github.com/smarty-php/smarty/issues/221 01.05.2016 –
bugfix same relative filepath at {include} called from template in different
folders could display wrong sub-template 29.04.2016 – bugfix {strip} remove
space on linebreak between html tags https://github.com/smarty-
php/smarty/issues/213 24.04.2016 – bugfix nested {include} with relative
file path could fail when called in {block} … {/block}
https://github.com/smarty-php/smarty/issues/218 14.04.2016 – bugfix special
variable {$smarty.capture.name} was not case sensitive on name
https://github.com/smarty-php/smarty/issues/210 – bugfix the default template
handler must calculate the source uid https://github.com/smarty-
php/smarty/issues/205 13.04.2016 – bugfix template inheritance status must
be saved when calling sub-templates https://github.com/smarty-
php/smarty/issues/215 27.03.2016 – bugfix change of 11.03.2016 cause again
{capture} data could not been seen in other templates with
{$smarty.capture.name} https://github.com/smarty-php/smarty/issues/153
11.03.2016 – optimization of capture and security handling – improvement
$smarty->clearCompiledTemplate() should return on recompiled or uncompiled
resources 10.03.2016 – optimization of resource processing 09.03.2016
– improvement rework of ‘scope’ attribute handling see see NEW_FEATURES.txt
https://github.com/smarty-php/smarty/issues/194 https://github.com/smarty-
php/smarty/issues/186 https://github.com/smarty-php/smarty/issues/179 – bugfix
correct Autoloader update of 2.3.2014 https://github.com/smarty-
php/smarty/issues/199 04.03.2016 – bugfix change from 01.03.2016 will cause
$smarty->isCached(..) failure if called multiple time for same template
(forum topic 25935) 02.03.2016 – revert autoloader optimizations because of
unexplainable warning when using plugins https://github.com/smarty-
php/smarty/issues/199 01.03.2016 – bugfix template objects must be cached
on $smarty->fetch(‘foo.tpl) calls incase the template is fetched multiple
times (forum topic 25909) 25.02.2016 – bugfix wrong _realpath with 4 or
more parent-directories https://github.com/smarty-php/smarty/issues/190 –
optimization of _realpath – bugfix instanceof expression in template code must
be treated as value https://github.com/smarty-php/smarty/issues/191 20.02.2016
– bugfix {strip} must keep space between hmtl tags. Broken by changes of
10.2.2016 https://github.com/smarty-php/smarty/issues/184 – new feature/bugfix
{foreach}{section} add ‘properties’ attribute to force compilation of loop
properties see NEW_FEATURES.txt https://github.com/smarty-
php/smarty/issues/189 19.02.2016 – revert output buffer flushing on
display, echo content again because possible problems when PHP files had
characters (newline} after ?> at file end https://github.com/smarty-
php/smarty/issues/187 14.02.2016 – new tag {make_nocache} read
NEW_FEATURES.txt https://github.com/smarty-php/smarty/issues/110 –
optimization of sub-template processing – bugfix using extendsall as default
resource and {include} inside {block} tags could produce unexpected results
https://github.com/smarty-php/smarty/issues/183 – optimization of tag
attribute compiling – optimization make compiler tag object cache static for
higher compilation speed 11.02.2016 – improvement added KnockoutJS comments
to trimwhitespace outputfilter https://github.com/smarty-php/smarty/issues/82
https://github.com/smarty-php/smarty/pull/181 10.02.2016 – bugfix {strip}
must keep space on output creating smarty tags within html tags
https://github.com/smarty-php/smarty/issues/177 – bugfix wrong precedence on
special if conditions like ‘$foo is … by $bar’ could cause wrong code
https://github.com/smarty-php/smarty/issues/178 – improvement because of
ambiguities the inline constant support has been removed from the $foo.bar
syntax https://github.com/smarty-php/smarty/issues/149 – bugfix other {strip}
error with output tags between hmtl https://github.com/smarty-
php/smarty/issues/180 09.02.2016 – move some code from parser into compiler
– reformat all code for unique style – update/bugfix scope attribute handling
reworked. Read the newfeatures.txt file 05.02.2016 – improvement internal
compiler changes 01.02.2016 – bugfix {foreach} compilation failed when
$smarty->merge_compiled_includes = true and pre-filters are used. 29.01.2016
– bugfix implement replacement code for _tag_stack property
https://github.com/smarty-php/smarty/issues/151 28.01.2016 – bugfix allow
windows network filepath or wrapper (forum topic 25876)
https://github.com/smarty-php/smarty/issues/170 – bugfix if fetch(‘foo.tpl’)
is called on a template object the $parent parameter should default to the
calling template object https://github.com/smarty-php/smarty/issues/152
27.01.2016 – revert bugfix compiling {section} did create warning – bugfix
{$smarty.section.customer.loop} did throw compiler error
https://github.com/smarty-php/smarty/issues/161 update of yesterdays fix –
bugfix string resource could inject code at {block} or inline subtemplates
through PHP comments https://github.com/smarty-php/smarty/issues/157
– bugfix output filters did not observe nocache code
flhttps://github.com/smarty-php/smarty/issues/154g https://github.com/smarty-
php/smarty/issues/160 – bugfix {extends} with relative file path did not work
https://github.com/smarty-php/smarty/issues/154 https://github.com/smarty-
php/smarty/issues/158 – bugfix {capture} data could not been seen in other
templates with {$smarty.capture.name} https://github.com/smarty-
php/smarty/issues/153 26.01.2016 – improvement observe Smarty::$_CHARSET in
debugging console https://github.com/smarty-php/smarty/issues/169 – bugfix
compiling {section} did create warning – bugfix
{$smarty.section.customer.loop} did throw compiler error
https://github.com/smarty-php/smarty/issues/161 02.01.2016 – update scope
handling – optimize block plugin compiler – improvement runtime checks if
registered block plugins are callable 01.01.2016 – remove
Smarty::$resource_cache_mode property 31.12.2015 – optimization of
{assign}, {if} and {while} compiled code 30.12.2015 – bugfix plugin names
starting with “php” did not compile https://github.com/smarty-
php/smarty/issues/147 29.12.2015 – bugfix Smarty::error_reporting was not
observed when display() or fetch() was called on template objects
https://github.com/smarty-php/smarty/issues/145 28.12.2015 – optimization
of {foreach} code size and processing 27.12.2015 – improve inheritance code
– update external methods – code fixes – PHPdoc updates 25.12.2015 –
compile {block} tag code and its processing into classes – optimization
replace hhvm extension by inline code – new feature If ACP is enabled force an
apc_compile_file() when compiled or cached template was updated 24.12.2015
– new feature Compiler does now observe the template_dir setting and will create
separate compiled files if required – bugfix post filter did fail on template
inheritance https://github.com/smarty-php/smarty/issues/144 23.12.2015 –
optimization move internal method decodeProperties back into template object –
optimization move subtemplate processing back into template object – new
feature Caching does now observe the template_dir setting and will create
separate cache files if required 22.12.2015 – change $xxx_dir properties
from private to protected in case Smarty class gets extended – code
optimizations 21.12.2015 – bugfix a filepath starting with ‘/’ or ‘\’ on
windows should normalize to the root dir of current working drive
https://github.com/smarty-php/smarty/issues/134 – optimization of filepath
normalization – bugfix {strip} must remove all blanks between html tags
https://github.com/smarty-php/smarty/issues/136 ===== 3.1.29 =====
(21.12.2015) 21.12.2015 – optimization improve speed of filetime checks on
extends and extendsall resource 20.12.2015 – bugfix failure when the
default resource type was set to ‘extendsall’ https://github.com/smarty-
php/smarty/issues/123 – update compilation of Smarty special variables –
bugfix add addition check for OS type on normalization of file path
https://github.com/smarty-php/smarty/issues/134 – bugfix the source uid of the
extendsall resource must contain $template_dir settings
https://github.com/smarty-php/smarty/issues/123 19.12.2015 – bugfix using
$smarty.capture.foo in expressions could fail https://github.com/smarty-
php/smarty/pull/138 – bugfix broken PHP 5.2 compatibility
https://github.com/smarty-php/smarty/issues/139 – remove no longer used code
– improvement make sure that compiled and cache templates never can contain a
trailing ‘?>? 18.12.2015 – bugfix regression when modifier parameter was
followed by math https://github.com/smarty-php/smarty/issues/132 17.12.2015
– bugfix {$smarty.capture.nameFail} did lowercase capture name
https://github.com/smarty-php/smarty/issues/135 – bugfix using {block
append/prepend} on same block in multiple levels of inheritance templates could
fail (forum topic 25827) – bugfix text content consisting of just a single ‘0’
like in {if true}0{/if} was suppressed (forum topic 25834) 16.12.2015 –
bugfix {foreach} did fail if from atrribute is a Generator class
https://github.com/smarty-php/smarty/issues/128 – bugfix direct access
$smarty->template_dir = ‘foo’; should call Smarty::setTemplateDir()
https://github.com/smarty-php/smarty/issues/121 15.12.2015 – bugfix
{$smarty.cookies.foo} did return the $_COOKIE array not the ‘foo’ value
https://github.com/smarty-php/smarty/issues/122 – bugfix a call to
clearAllCache() and other should clear all internal template object caches
(forum topic 25828) 14.12.2015 – bugfix {$smarty.config.foo} broken in
3.1.28 https://github.com/smarty-php/smarty/issues/120 – bugfix multiple
calls of {section} with same name droped E_NOTICE error
https://github.com/smarty-php/smarty/issues/118 ===== 3.1.28 =====
(13.12.2015) 13.12.2015 – bugfix {foreach} and {section} with uppercase
characters in name attribute did not work (forum topic 25819) – bugfix
$smarty->debugging_ctrl = ‘URL’ did not work (forum topic 25811) – bugfix
Debug Console could display incorrect data when using subtemplates 09.12.2015
– bugfix Smarty did fail under PHP 7.0.0 with use_include_path = true;
09.12.2015 – bugfix {strip} should exclude some html tags from stripping,
related to fix for https://github.com/smarty-php/smarty/issues/111 08.12.2015
– bugfix internal template function data got stored in wrong compiled file
https://github.com/smarty-php/smarty/issues/114 05.12.2015 -bugfix {strip}
should insert a single space https://github.com/smarty-php/smarty/issues/111
25.11.2015 -bugfix a left delimter like ‘[%’ did fail on
[%$var_[%$variable%]%] (forum topic 25798) 02.11.2015 – bugfix {include}
with variable file name like {include file=”foo_`$bar`.tpl”} did fail in
3.1.28-dev https://github.com/smarty-php/smarty/issues/102 01.11.2015 –
update config file processing 31.10.2015 – bugfix add missing $trusted_dir
property to SmartyBC class (forum topic 25751) 29.10.2015 – improve
template scope handling 24.10.2015 – more optimizations of template
processing – bugfix Error when using {include} within {capture}
https://github.com/smarty-php/smarty/issues/100 21.10.2015 – move some code
into runtime extensions 18.10.2015 – optimize filepath normalization –
rework of template inheritance – speed and size optimizations – bugfix under
HHVM temporary cache file must only be created when caches template was updated
– fix compiled code for new {block} assign attribute – update code generated
by template function call handler 18.09.2015 – bugfix {if $foo instanceof
$bar} failed to compile if 2nd value is a variable https://github.com/smarty-
php/smarty/issues/92 17.09.2015 – bugfix {foreach} first attribute was not
correctly reset since commit 05a8fa2 of 02.08.2015 https://github.com/smarty-
php/smarty/issues/90 16.09.2015 – update compiler by moving no longer
needed properties, code optimizations and other 14.09.2015 – optimize
autoloader – optimize subtemplate handling – update template inheritance
processing – move code of {call} processing back into Smarty_Internal_Template
class – improvement invalidate OPCACHE for cleared compiled and cached
template files (forum topic 25557) – bugfix unintended multiple debug windows
(forum topic 25699) 30.08.2015 – size optimization move some runtime
functions into extension – optimize inline template processing –
optimization merge inheritance child and parent templates into one compiled
template file 29.08.2015 – improvement convert template inheritance into
runtime processing – bugfix {$smarty.block.parent} did always reference the
root parent block https://github.com/smarty-php/smarty/issues/68 23.08.2015
– introduce Smarty::$resource_cache_mode and cache template object of {include}
inside loop – load seldom used Smarty API methods dynamically to reduce memory
footprint – cache template object of {include} if same template is included
several times – convert debug console processing to object – use output
buffers for better performance and less memory usage – optimize nocache hash
processing – remove not really needed properties – optimize rendering –
move caching to Smarty::_cache – remove properties with redundant content –
optimize Smarty::templateExists() – optimize use_include_path processing –
relocate properties for size optimization – remove redundant code – bugfix
compiling super globals like {$smarty.get.foo} did fail in the master branch
https://github.com/smarty-php/smarty/issues/77 06.08.2015 – avoid possible
circular object references caused by parser/lexer objects – rewrite
compileAll… utility methods – commit several internal improvements –
bugfix Smarty failed when compile_id did contain “|” 03.08.2015 – rework
clear cache methods – bugfix compileAllConfig() was broken since 3.1.22
because of the changes in config file processing – improve getIncludePath() to
return directory if no file was given 02.08.2015 – optimization and code
cleanup of {foreach} and {section} compiler – rework {capture} compiler
01.08.2015 – update DateTime object can be instance of DateTimeImmutable
since PHP5.5 https://github.com/smarty-php/smarty/pull/75 – improvement show
resource type and start of template source instead of uid on eval: and string:
resource (forum topic 25630) 31.07.2015 – optimize {foreach} and {section}
compiler 29.07.2015 – optimize {section} compiler for speed and size of
compiled code 28.07.2015 – update for PHP 7 compatibility 26.07.2015 –
improvement impement workaround for HHVM PHP incompatibillity
https://github.com/facebook/hhvm/issues/4797 25.07.2015 – bugfix parser did
hang on text starting <?something https://github.com/smarty-php/smarty/issues/74
20.07.2015 – bugfix config files got recompiled on each request –
improvement invalidate PHP 5.5 opcache for recompiled and cached templates
https://github.com/smarty-php/smarty/issues/72 12.07.2015 – optimize
{extends} compilation 10.07.2015 – bugfix force file: resource in demo
resource.extendsall.php 08.07.2015 – bugfix convert each word of class
names to ucfirst in in compiler. (forum topic 25588) 07.07.2015 –
improvement allow fetch() or display() called on a template object to get output
from other template like $template->fetch(‘foo.tpl’)
https://github.com/smarty-php/smarty/issues/70 – improvement Added $limit
parameter to regex_replace modifier #71 – new feature multiple indices on
file: resource 06.07.2015 – optimize {block} compilation – optimization
get rid of __get and __set in source object 01.07.2015 – optimize compile
check handling – update {foreach} compiler – bugfix debugging console did
not display string values containing \n, \r or \t correctly
https://github.com/smarty-php/smarty/issues/66 – optimize source resources
28.06.2015 – move $smarty->enableSecurity() into Smarty_Security class –
optimize security isTrustedResourceDir() – move auto load filter methods into
extension – move $smarty->getTemplateVars() into extension – move
getStreamVariable() into extension – move $smarty->append() and
$smarty->appendByRef() into extension – optimize autoloader – optimize file
path normalization – bugfix PATH_SEPARATOR was replaced by mistake in
autoloader – remove redundant code 27.06.2015 – bugfix resolve naming
conflict between custom Smarty delimiter ‘<%’ and PHP ASP tags
https://github.com/smarty-php/smarty/issues/64 – update $smarty->_realpath for
relative path not starting with ‘./’ – update Smarty security with new
realpath handling – update {include_php} with new realpath handling – move
$smarty->loadPlugin() into extension – minor compiler optimizations – bugfix
allow function plugins with name ending with ‘close’ https://github.com/smarty-
php/smarty/issues/52 – rework of $smarty->clearCompiledTemplate() and move it
to its own extension 19.06.2015 – improvement allow closures as callback at
$smarty->registerFilter() https://github.com/smarty-php/smarty/issues/59 =====
3.1.27===== (18.06.2015) 18.06.2015 – bugfix another update on file path
normalization failed on path containing something like “/.foo/”
https://github.com/smarty-php/smarty/issues/56 ===== 3.1.26===== (18.06.2015)
18.06.2015 – bugfix file path normalization failed on path containing
something like “/.foo/” https://github.com/smarty-php/smarty/issues/56
17.06.2015 – bugfix calling a plugin with nocache option but no other
attributes like {foo nocache} caused call to undefined function
https://github.com/smarty-php/smarty/issues/55 ===== 3.1.25===== (15.06.2015)
15.06.2015 – optimization of smarty_cachereource_keyvaluestore.php code
14.06.2015 – bugfix a relative sub template path could fail if template_dir
path did contain /../ https://github.com/smarty-php/smarty/issues/50 –
optimization rework of path normalization – bugfix an output tag with
variable, modifier followed by an operator like {$foo|modifier+1} did fail
https://github.com/smarty-php/smarty/issues/53 13.06.2015 – bugfix a custom
cache resource using smarty_cachereource_keyvaluestore.php did fail if php.ini
mbstring.func_overload = 2 (forum topic 25568) 11.06.2015 – bugfix the
lexer could hang on very large quoted strings (forum topic 25570) 08.06.2015
– bugfix using {$foo} as array index like $bar.{$foo} or in double quoted string
like “some {$foo} thing” failed https://github.com/smarty-php/smarty/issues/49
04.06.2015 – bugfix possible error message on unset() while compiling {block}
tags https://github.com/smarty-php/smarty/issues/46 01.06.2015 – bugfix
<?xml … ?> including template variables broken since 3.1.22
https://github.com/smarty-php/smarty/issues/47 27.05.2015 – bugfix
{include} with variable file name must not create by default individual cache
file (since 3.1.22) https://github.com/smarty-php/smarty/issues/43 24.05.2015
– bugfix if condition string ‘neq’ broken due to a typo
https://github.com/smarty-php/smarty/issues/42 ===== 3.1.24===== (23.05.2015)
23.05.2015 – improvement on php_handling to allow very large PHP sections,
better error handling – improvement allow extreme large comment sections
(forum 25538) 21.05.2015 – bugfix broken PHP 5.2 compatibility when
compiling <?php tags https://github.com/smarty-php/smarty/issues/40 – bugfix
named {foreach} comparison like $smarty.foreach.foobar.index > 1 did compile
into wrong code https://github.com/smarty-php/smarty/issues/41 19.05.2015 –
bugfix compiler did overwrite existing variable value when setting the nocache
attribute https://github.com/smarty-php/smarty/issues/39 – bugfix output
filter trimwhitespace could run into the pcre.backtrack_limit on large output
(code.google issue 220) – bugfix compiler could run into the
pcre.backtrack_limit on larger comment or {php} tag sections (forum 25538)
18.05.2015 – improvement introduce shortcuts in lexer/parser rules for most
frequent terms for higher compilation speed 16.05.2015 – bugfix
{php}{/php} did work just for single lines https://github.com/smarty-
php/smarty/issues/33 – improvement remove not needed ?><?php transitions from
compiled code – improvement reduce number of lexer tokens on operators and if
conditions – improvement higher compilation speed by modified lexer/parser
generator at “smarty/smarty-lexer” 13.05.2015 – improvement remove not
needed ?><?php transitions from compiled code – improvement of debugging:
– use fresh Smarty object to display the debug console because of possible
problems when the Smarty was extended or Smarty properties had been
modified in the class source – display Smarty version number –
Truncate lenght of Origin display and extend strin value display to 80 character
– bugfix in Smarty_Security ‘nl2br’ should be a trusted modifier, not PHP
function (code.google issue 223) 12.05.2015 – bugfix
{$smarty.constant.TEST} did fail on undefined constant
https://github.com/smarty-php/smarty/issues/28 – bugfix access to undefined
config variable like {#undef#} did fail https://github.com/smarty-
php/smarty/issues/29 – bugfix in nested {foreach} saved item attributes got
overwritten https://github.com/smarty-php/smarty/issues/33 ===== 3.1.23 =====
(12.05.2015) 12.05.2015 – bugfix of smaller performance issue introduce in
3.1.22 when caching is enabled – bugfix missig entry for smarty-temmplate-
config in autoloader ===== 3.1.22 ===== tag was deleted because 3.1.22 did
fail caused by the missing entry for smarty-temmplate-config in autoloader
10.05.2015 – bugfix custom cache resource did not observe compile_id and
cache_id when $cache_locking == true – bugfix cache lock was not handled
correctly after timeout when $cache_locking == true – improvement added
constants for $debugging 07.05.2015 – improvement of the debugging console.
Read NEW_FEATURES.txt – optimization of resource class loading 06.05.2015
– bugfix in 3.1.22-dev cache resource must not be loaded for subtemplates –
bugfix/improvement in 3.1.22-dev cache locking did not work as expected
05.05.2015 – optimization on cache update when main template is modified –
optimization move <?php ?> handling from parser to new compiler module
05.05.2015 – bugfix code could be messed up when {tags} are used in multiple
attributes https://github.com/smarty-php/smarty/issues/23 04.05.2015 –
bugfix Smarty_Resource::parseResourceName incompatible with Google AppEngine
(https://github.com/smarty-php/smarty/issues/22) – improvement use is_file()
checks to avoid errors suppressed by @ which could still cause problems
(https://github.com/smarty-php/smarty/issues/24) 28.04.2015 – bugfix
plugins of merged subtemplates not loaded in 3.1.22-dev (forum topic 25508) 2nd
fix 28.04.2015 – bugfix plugins of merged subtemplates not loaded in
3.1.22-dev (forum topic 25508) 23.04.2015 – bugfix a nocache template
variable used as parameter at {insert} was by mistake cached 20.04.2015 –
bugfix at a template function containing nocache code a parmeter could overwrite
a template variable of same name 27.03.2015 – bugfix
Smarty_Security->allow_constants=false; did also disable true, false and null
(change of 16.03.2015) – improvement added a whitelist for trusted constants
to security Smarty_Security::$trusted_constants (forum topic 25471) 20.03.2015
– bugfix make sure that function properties get saved only in compiled files
containing the fuction definition {forum topic 25452} – bugfix correct update
of global variable values on exit of template functions. (reported under Smarty
Developers) 16.03.2015 – bugfix problems with {function}{/function} and
{call} tags in different subtemplate cache files {forum topic 25452} – bugfix
Smarty_Security->allow_constants=false; did not disallow direct usage of defined
constants like {SMARTY_DIR} {forum topic 25457} – bugfix {block}{/block} tags
did not work inside double quoted strings https://github.com/smarty-
php/smarty/issues/18 15.03.2015 – bugfix $smarty->compile_check must be
restored before rendering of a just updated cache file {forum 25452}
14.03.2015 – bugfix {nocache} {/nocache} tags corrupted code when used
within a nocache section caused by a nocache template variable. – bugfix
template functions defined with {function} in an included subtemplate could not
be called in nocache mode with {call… nocache} if the subtemplate
had it’s own cache file {forum 25452} 10.03.2015 – bugfix {include …
nocache} whith variable file or compile_id attribute was not executed in nocache
mode. 12.02.2015 – bugfix multiple Smarty::fetch() of same template when
$smarty->merge_compiled_includes = true; could cause function already defined
error 11.02.2015 – bugfix recursive {includes} did create E_NOTICE message
when $smarty->merge_compiled_includes = true; (github issue #16) 22.01.2015
– new feature security can now control access to static methods and properties
see also NEW_FEATURES.txt 21.01.2015 – bugfix clearCompiledTemplates(),
clearAll() and clear() could try to delete whole drive at wrong path permissions
because realpath() fail (forum 25397) – bugfix ‘self::’ and ‘parent::’ was
interpreted in template syntax as static class 04.01.2015 – push last weeks
changes to github – different optimizations – improvement automatically create
different versions of compiled templates and config files depending on
property settings. – optimization restructure template processing by moving
code into classes it better belongs to – optimization restructure config file
processing 31.12.2014 – bugfix use function_exists(‘mb_get_info’) for setting
Smarty::$_MBSTRING. Function mb_split could be overloaded depending on
php.ini mbstring.func_overload 29.12.2014 – new feature security can now
limit the template nesting level by property $max_template_nesting
see also NEW_FEATURES.txt (forum 25370) 29.12.2014 – new feature security
can now disable special $smarty variables listed in property
$disabled_special_smarty_vars see also NEW_FEATURES.txt (forum
25370) 27.12.2014 – bugfix clear internal _is_file_cache when plugins_dir
was modified 13.12.2014 – improvement optimization of lexer and parser
resulting in a up to 30% higher compiling speed 11.12.2014 – bugfix resolve
parser ambiguity between constant print tag {CONST} and other smarty tags after
change of 09.12.2014 09.12.2014 – bugfix variables $null, $true and $false
did not work after the change of 12.11.2014 (forum 25342) – bugfix call of
template function by a variable name did not work after latest changes (forum
25342) 23.11.2014 – bugfix a plugin with attached modifier could fail if
the tag was immediately followed by another Smarty tag (since 3.1.21) (forum
25326) 13.11.2014 – improvement move autoload code into Autoloader.php. Use
Composer autoloader when possible 12.11.2014 – new feature added support of
namespaces to template code 08.11.2014 – 10.11.2014 – bugfix subtemplate
called in nocache mode could be called with wrong compile_id when it did change
on one of the calling templates – improvement add code of template functions
called in nocache mode dynamically to cache file (related to bugfix of
01.11.2014) – bugfix Debug Console did not include all data from merged
compiled subtemplates 04.11.2014 – new feature $smarty->debugging = true; =>
overwrite existing Debug Console window (old behaviour)
$smarty->debugging = 2; => individual Debug Console window by template name
03.11.2014 – bugfix Debug Console did not show included subtemplates since
3.1.17 (forum 25301) – bugfix Modifier debug_print_var did not limit recursion
or prevent recursive object display at Debug Console (ATTENTION: parameter
order has changed to be able to specify maximum recursion) – bugfix Debug
consol did not include subtemplate information with
$smarty->merge_compiled_includes = true – improvement The template variables
are no longer displayed as objects on the Debug Console – improvement
$smarty->createData($parent = null, $name = null) new optional name parameter
for display at Debug Console – addition of some hooks for future extension of
Debug Console 01.11.2014 – bugfix and enhancement on subtemplate {include}
and template {function} tags. * Calling a template which has a nocache
section could fail if it was called from a cached and a not cached subtemplate.
* Calling the same subtemplate cached and not cached with the
$smarty->merge_compiled_includes enabled could cause problems * Many smaller
related changes 30.10.2014 – bugfix access to class constant by object like
{$object::CONST} or variable class name {$class::CONST} did not work (forum
25301) 26.10.2014 – bugfix E_NOTICE message was created during compilation
when ASP tags ‘<%’ or ‘%>’ are in template source text – bugfix
merge_compiled_includes option failed when caching enables and same subtemplate
was included cached and not cached
——————————————————————————–
ChangeLog:
* Fri Feb 22 2019 Shawn Iwinski <shawn@iwin.ski> – 3.1.33-1
– Update to 3.1.33
– RHBZ #s: 1532492, 1532493, 1532494, 1628739, 1628740, 1628741, 1631095, 1631096, 1631098
– CVEs: CVE-2017-1000480, CVE-2018-13982, CVE-2018-16831
– License LGPLv2+ => LGPLv3
* Sat Feb 2 2019 Fedora Release Engineering <releng@fedoraproject.org> – 3.1.21-9
– Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> – 3.1.21-8
– Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
——————————————————————————–
References:
[ 1 ] Bug #1631098 – CVE-2018-13982 php-Smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1631098
[ 2 ] Bug #1628740 – CVE-2018-16831 php-Smarty: trusted_dir protection mechanism bypass [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1628740
[ 3 ] Bug #1532493 – CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1532493
[ 4 ] Bug #1631096 – CVE-2018-13982 php-Smarty: Path traversal vulnerability in Smarty_Security::isTrustedResourceDir() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1631096
[ 5 ] Bug #1628741 – CVE-2018-16831 php-Smarty: trusted_dir protection mechanism bypass [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1628741
[ 6 ] Bug #1532494 – CVE-2017-1000480 php-Smarty: Code injection when calling fetch() or display() on unsanitized template names [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1532494
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-d248c5aa39’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org