Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/matomo-org/matomo.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/libs/Smarty/Smarty_Compiler.class.php
diff options
context:
space:
mode:
Diffstat (limited to 'libs/Smarty/Smarty_Compiler.class.php')
-rw-r--r--libs/Smarty/Smarty_Compiler.class.php51
1 files changed, 43 insertions, 8 deletions
diff --git a/libs/Smarty/Smarty_Compiler.class.php b/libs/Smarty/Smarty_Compiler.class.php
index 2a1fb8630a..f6a278d4a4 100644
--- a/libs/Smarty/Smarty_Compiler.class.php
+++ b/libs/Smarty/Smarty_Compiler.class.php
@@ -21,7 +21,7 @@
* @link http://smarty.php.net/
* @author Monte Ohrt <monte at ohrt dot com>
* @author Andrei Zmievski <andrei@php.net>
- * @version 2.6.25
+ * @version 2.6.26
* @copyright 2001-2005 New Digital Group, Inc.
* @package Smarty
*/
@@ -2047,27 +2047,57 @@ class Smarty_Compiler extends Smarty {
break;
case 'get':
- $compiled_ref = "\$this->_supers['get']";
+ if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
+ $this->_syntax_error("(secure mode) super global access not permitted",
+ E_USER_WARNING, __FILE__, __LINE__);
+ return;
+ }
+ $compiled_ref = "\$_GET";
break;
case 'post':
- $compiled_ref = "\$this->_supers['post']";
+ if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
+ $this->_syntax_error("(secure mode) super global access not permitted",
+ E_USER_WARNING, __FILE__, __LINE__);
+ return;
+ }
+ $compiled_ref = "\$_POST";
break;
case 'cookies':
- $compiled_ref = "\$this->_supers['cookies']";
+ if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
+ $this->_syntax_error("(secure mode) super global access not permitted",
+ E_USER_WARNING, __FILE__, __LINE__);
+ return;
+ }
+ $compiled_ref = "\$_COOKIE";
break;
case 'env':
- $compiled_ref = "\$this->_supers['env']";
+ if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
+ $this->_syntax_error("(secure mode) super global access not permitted",
+ E_USER_WARNING, __FILE__, __LINE__);
+ return;
+ }
+ $compiled_ref = "\$_ENV";
break;
case 'server':
- $compiled_ref = "\$this->_supers['server']";
+ if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
+ $this->_syntax_error("(secure mode) super global access not permitted",
+ E_USER_WARNING, __FILE__, __LINE__);
+ return;
+ }
+ $compiled_ref = "\$_SERVER";
break;
case 'session':
- $compiled_ref = "\$this->_supers['session']";
+ if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
+ $this->_syntax_error("(secure mode) super global access not permitted",
+ E_USER_WARNING, __FILE__, __LINE__);
+ return;
+ }
+ $compiled_ref = "\$_SESSION";
break;
/*
@@ -2075,8 +2105,13 @@ class Smarty_Compiler extends Smarty {
* compiler.
*/
case 'request':
+ if ($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) {
+ $this->_syntax_error("(secure mode) super global access not permitted",
+ E_USER_WARNING, __FILE__, __LINE__);
+ return;
+ }
if ($this->request_use_auto_globals) {
- $compiled_ref = "\$this->_supers['request']";
+ $compiled_ref = "\$_REQUEST";
break;
} else {
$this->_init_smarty_vars = true;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-28 18:47:04 +0300