mumumu · March 10, 2013 13:16
diff --git a/Smarty2.6.26_to_2.6.27.patch b/Smarty2.6.26_to_2.6.27.patch
 Index: ChangeLog
 ===================================================================
 --- ChangeLog   (リビジョン 3764)
 +++ ChangeLog   (リビジョン 4660)
 @@ -1,3 +1,8 @@
 +2012-09-24  Uwe Tews
 +
 +    * Fixed  escape Smarty error messages to avoid possible script execution
 +
 +    
 2010-04-17  Uwe Tews
 
     * Fixed security hole in {math} plugin
 Index: libs/Smarty.class.php
 ===================================================================
 --- libs/Smarty.class.php       (リビジョン 3764)
 +++ libs/Smarty.class.php       (リビジョン 4660)
 @@ -20,7 +20,7 @@
  *
  * For questions, help, comments, discussion, etc., please join the
  * Smarty mailing list. Send a blank e-mail to
 - * [email protected] 
 + * [email protected]
  *
  * @link http://www.smarty.net/
  * @copyright 2001-2005 New Digital Group, Inc.
 @@ -1058,7 +1058,7 @@
         } else {
             // var non-existant, return valid reference
             $_tmp = null;
 -            return $_tmp;   
 +            return $_tmp;
         }
     }
 
 @@ -1090,7 +1090,8 @@
      */
     function trigger_error($error_msg, $error_type = E_USER_WARNING)
     {
 -        trigger_error("Smarty error: $error_msg", $error_type);
 +        $msg = htmlentities($error_msg);
 +        trigger_error("Smarty error: $msg", $error_type);
     }
 
 
 @@ -1117,7 +1118,7 @@
     function fetch($resource_name, $cache_id = null, $compile_id = null, $display = false)
     {
         static $_cache_info = array();
 -        
 +
         $_smarty_old_error_level = $this->debugging ? error_reporting() : error_reporting(isset($this->error_reporting)
                ? $this->error_reporting : error_reporting() & ~E_NOTICE);
 
 @@ -1933,10 +1934,10 @@
     {
         return eval($code);
     }
 -    
 +
     /**
      * Extracts the filter name from the given callback
 -     * 
 +     *
      * @param callback $function
      * @return string
      */
 @@ -1951,7 +1952,7 @@
                        return $function;
                }
        }
 -  
 +
     /**#@-*/
 
 }
	Index: ChangeLog
	===================================================================
	--- ChangeLog (リビジョン 3764)
	+++ ChangeLog (リビジョン 4660)
	@@ -1,3 +1,8 @@
	+2012-09-24 Uwe Tews
	+
	+ * Fixed escape Smarty error messages to avoid possible script execution
	+
	+
	2010-04-17 Uwe Tews

	* Fixed security hole in {math} plugin
	Index: libs/Smarty.class.php
	===================================================================
	--- libs/Smarty.class.php (リビジョン 3764)
	+++ libs/Smarty.class.php (リビジョン 4660)
	@@ -20,7 +20,7 @@
	*
	* For questions, help, comments, discussion, etc., please join the
	* Smarty mailing list. Send a blank e-mail to
	- * [email protected]
	+ * [email protected]
	*
	* @link http://www.smarty.net/
	* @copyright 2001-2005 New Digital Group, Inc.
	@@ -1058,7 +1058,7 @@
	} else {
	// var non-existant, return valid reference
	$_tmp = null;
	- return $_tmp;
	+ return $_tmp;
	}
	}

	@@ -1090,7 +1090,8 @@
	*/
	function trigger_error($error_msg, $error_type = E_USER_WARNING)
	{
	- trigger_error("Smarty error: $error_msg", $error_type);
	+ $msg = htmlentities($error_msg);
	+ trigger_error("Smarty error: $msg", $error_type);
	}


	@@ -1117,7 +1118,7 @@
	function fetch($resource_name, $cache_id = null, $compile_id = null, $display = false)
	{
	static $_cache_info = array();
	-
	+
	$_smarty_old_error_level = $this->debugging ? error_reporting() : error_reporting(isset($this->error_reporting)
	? $this->error_reporting : error_reporting() & ~E_NOTICE);

	@@ -1933,10 +1934,10 @@
	{
	return eval($code);
	}
	-
	+
	/**
	* Extracts the filter name from the given callback
	- *
	+ *
	* @param callback $function
	* @return string
	*/
	@@ -1951,7 +1952,7 @@
	return $function;
	}
	}
	-
	+
	/*#@-/

	}