Commit e2eb8684 authored by Francois Marier's avatar Francois Marier
Browse files

dwoo: new upstream version (1.1.1)



This version fixes a security bug which is not relevant to existing
Mahara installations since it has to do with auto_escape=on (which
is still off by default in Mahara).
Signed-off-by: default avatarFrancois Marier <francois@catalyst.net.nz>
parent 2c14d6c4
......@@ -2,7 +2,7 @@ Dwoo in Mahara
======================
Website: http://www.dwoo.org/
Version: svn://dwoo.org/dwoo/trunk -r280
Version: 1.1.1
This library is used for all the templating.
......
This diff is collapsed.
This diff is collapsed.
......@@ -35,7 +35,7 @@ class Dwoo
*
* @var string
*/
const VERSION = '1.1.0';
const VERSION = '1.1.1';
/**
* unique number of this dwoo release
......@@ -44,7 +44,7 @@ class Dwoo
* has been compiled before this release or not, so that old templates are
* recompiled automatically when Dwoo is updated
*/
const RELEASE_TAG = 16;
const RELEASE_TAG = 17;
/**#@+
* constants that represents all plugin types
......@@ -198,8 +198,9 @@ class Dwoo
* stores the data during template runtime
*
* @var array
* @private
*/
protected $data;
public $data;
/**
* stores the current scope during template runtime
......@@ -246,7 +247,7 @@ class Dwoo
*/
protected $pluginProxy;
/**
/**
* constructor, sets the cache and compile dir to the default values if not provided
*
* @param string $compileDir path to the compiled directory, defaults to lib/compiled
......@@ -332,7 +333,7 @@ class Dwoo
} else {
throw new Dwoo_Exception('Dwoo->get/Dwoo->output\'s data argument must be a Dwoo_IDataProvider object (i.e. Dwoo_Data) or an associative array', E_USER_NOTICE);
}
$this->globals['template'] = $_tpl->getName();
$this->initRuntimeVars($_tpl);
......@@ -354,18 +355,19 @@ class Dwoo
}
} else {
// no cache present
if ($doCache === true) {
$dynamicId = uniqid();
}
// render template
$out = include $_tpl->getCompiledTemplate($this, $_compiler);
$compiledTemplate = $_tpl->getCompiledTemplate($this, $_compiler);
$out = include $compiledTemplate;
// template returned false so it needs to be recompiled
if ($out === false) {
$_tpl->forceCompilation();
$out = include $_tpl->getCompiledTemplate($this, $_compiler);
$compiledTemplate = $_tpl->getCompiledTemplate($this, $_compiler);
$out = include $compiledTemplate;
}
if ($doCache === true) {
......@@ -373,7 +375,7 @@ class Dwoo
if (!class_exists('Dwoo_plugin_dynamic', false)) {
$this->getLoader()->loadPlugin('dynamic');
}
$out = Dwoo_Plugin_dynamic::unescape($out, $dynamicId);
$out = Dwoo_Plugin_dynamic::unescape($out, $dynamicId, $compiledTemplate);
}
// process filters
......@@ -408,9 +410,8 @@ class Dwoo
// output
if ($_output === true) {
echo $out;
} else {
return $out;
}
return $out;
}
}
}
......@@ -1058,10 +1059,11 @@ class Dwoo
* this is so a single instance of every class plugin is created at each template run,
* allowing class plugins to have "per-template-run" static variables
*
* @private
* @param string $class the class name
* @return mixed an object of the given class
*/
protected function getObjectPlugin($class)
public function getObjectPlugin($class)
{
if (isset($this->runtimePlugins[$class])) {
return $this->runtimePlugins[$class];
......@@ -1197,7 +1199,7 @@ class Dwoo
}
if (is_array($varstr) === false) {
preg_match_all('#(\[|->|\.)?([^.[\]-]+)\]?#i', $varstr, $m);
preg_match_all('#(\[|->|\.)?((?:[^.[\]-]|-(?!>))+)\]?#i', $varstr, $m);
} else {
$m = $varstr;
}
......@@ -1211,7 +1213,7 @@ class Dwoo
return null;
}
} else {
if (is_object($data) && ($safeRead === false || isset($data->$m[2][$k]))) {
if (is_object($data) && ($safeRead === false || isset($data->$m[2][$k]) || is_callable(array($data, '__get')))) {
$data = $data->$m[2][$k];
} else {
return null;
......@@ -1301,7 +1303,7 @@ class Dwoo
$varstr = 'dwoo'.$varstr;
}
preg_match_all('#(\[|->|\.)?([^.[\]-]+)\]?#i', $varstr, $m);
preg_match_all('#(\[|->|\.)?((?:[^.[\]-]|-(?!>))+)\]?#i', $varstr, $m);
}
$i = $m[2][0];
......@@ -1522,6 +1524,10 @@ class Dwoo
* @return mixed
*/
public function __call($method, $args) {
return call_user_func_array($this->getPluginProxy()->getCallback($method), $args);
$proxy = $this->getPluginProxy();
if (!$proxy) {
throw new Dwoo_Exception('Call to undefined method '.__CLASS__.'::'.$method.'()');
}
return call_user_func_array($proxy->getCallback($method), $args);
}
}
// CakePHP Dwoo bridge - v0.2
// CakePHP Dwoo bridge - v0.2
// ------------------------
// Installation :
// ------------------------
......@@ -8,8 +8,8 @@
// line in dwoo.php to include the dwoo library properly.
//
// 2. Place this file in the app/views directory, or on cake/libs/view.
//
// 3. Create the app/tmp/dwoo/cache and app/tmp/dwoo/compile directories
//
// 3. Create the app/tmp/dwoo/cache and app/tmp/dwoo/compile directories
// and make sure they are writable.
// ------------------------
// Usage example :
......
......@@ -58,13 +58,13 @@ class DwooView extends View
$this->_sv_compile_dir = TMP . 'dwoo' . DS . 'compile';
$this->_sv_cache_dir = TMP . 'dwoo' . DS . 'cache';
$this->_dwoo = new Dwoo($this->_sv_compile_dir, $this->_sv_cache_dir);
$this->_sv_compile_id = $controller->name;
$this->_dwoo->sv_this = $this;
$this->_dwoo->setSecurityPolicy();
$this->_dwoo->setSecurityPolicy();
return;
}
......@@ -140,4 +140,4 @@ class DwooView extends View
public function get(){
return $this->_dwoo;
}
}
\ No newline at end of file
}
......@@ -7,7 +7,7 @@ Dwoo - http://dwoo.org
CodeIgniter - http://codeigniter.com
Installation:
1) Extract package into your application directory (i.e. $webroot/application or
1) Extract package into your application directory (i.e. $webroot/application or
$webroot/system/application)
2) Change the parameters in config/dwootemplate.php
3) Create the compile and cache directory you set in your config file in step 2
......
......@@ -9,8 +9,8 @@ class Dwoowelcome extends Controller {
function index()
{
$this->load->library('Dwootemplate');
$this->dwootemplate->assign('itshowlate', date('H:i:s'));
$this->dwootemplate->display('dwoowelcome.tpl');
$this->load->library('Dwootemplate');
$this->dwootemplate->assign('itshowlate', date('H:i:s'));
$this->dwootemplate->display('dwoowelcome.tpl');
}
}
\ No newline at end of file
......@@ -33,14 +33,14 @@ class Dwoo_Adapters_ZendFramework_View extends Zend_View_Abstract
* @var Dwoo_Compiler
*/
protected $_compiler = null;
/**
* Changing Filter's scope to play nicely
*
* @var array
*/
protected $_filter = array();
/**
* @var string
......@@ -66,7 +66,7 @@ class Dwoo_Adapters_ZendFramework_View extends Zend_View_Abstract
*/
public function __construct($opt = array())
{
if (is_array($opt)) {
$this->setOptions($opt);
} elseif ($opt instanceof Zend_Config) {
......@@ -81,7 +81,7 @@ class Dwoo_Adapters_ZendFramework_View extends Zend_View_Abstract
* - engine = engine class name|engine object|array of options for engine
* - dataProvider = data provider class name|data provider object|array of options for data provider
* - compiler = compiler class name|compiler object|array of options for compiler
* - templateFile =
* - templateFile =
*
* Array of options:
* - type class name or object for engine, dataProvider or compiler
......@@ -103,11 +103,11 @@ class Dwoo_Adapters_ZendFramework_View extends Zend_View_Abstract
}
// end BC
// Making sure that everything is loaded.
// Making sure that everything is loaded.
$classes = array('engine', 'dataProvider', 'compiler');
// Setting options to Dwoo objects...
foreach ($opt as $type => $settings) {
foreach ($opt as $type => $settings) {
if (!method_exists($this, 'set' . $type)) {
throw new Dwoo_Exception("Unknown type $type");
}
......@@ -119,11 +119,11 @@ class Dwoo_Adapters_ZendFramework_View extends Zend_View_Abstract
if (array_key_exists('type', $settings)) {
call_user_func(array($this, 'set' . $type), $settings['type']);
}
if (in_array($type, $classes)) {
// Call get so that the class is initialized
$rel = call_user_func(array($this, 'get' . $type));
// Call set*() methods so that all the settings are set.
foreach ($settings as $method => $value) {
if (method_exists($rel, 'set' . $method)) {
......@@ -158,7 +158,7 @@ class Dwoo_Adapters_ZendFramework_View extends Zend_View_Abstract
* @see Dwoo::setPluginProxy();
*/
protected function preRender()
{
{
$this->getEngine()->setPluginProxy($this->getPluginProxy());
}
......@@ -170,12 +170,12 @@ class Dwoo_Adapters_ZendFramework_View extends Zend_View_Abstract
* @param string $name the variable name
* @param string $value the value to assign to it
*/
public function __set($name, $value)
{
$this->getDataProvider()->__set($name, $value);
}
public function __set($name, $value)
{
$this->getDataProvider()->__set($name, $value);
}
/**
/**
* Sraper for Dwoo_Data::__get() allows to read variables using the object
* syntax
*
......@@ -183,22 +183,22 @@ class Dwoo_Adapters_ZendFramework_View extends Zend_View_Abstract
* @param string $name the variable name
* @return mixed
*/
public function __get($name)
{
public function __get($name)
{
return $this->getDataProvider()->__get($name);
}
}
/**
/**
* Wraper for Dwoo_Data::__isset()
* supports calls to isset($dwooData->var)
*
* @see Dwoo_Data::__isset()
* @param string $name the variable name
*/
public function __isset($name)
{
return $this->getDataProvider()->__isset($name);
}
public function __isset($name)
{
return $this->getDataProvider()->__isset($name);
}
/**
* Wraper for Dwoo_Data::_unset()
......@@ -211,7 +211,7 @@ class Dwoo_Adapters_ZendFramework_View extends Zend_View_Abstract
{
$this->getDataProvider()->__unset($name);
}
/**
* Catches clone request and clones data provider
*/
......@@ -339,25 +339,25 @@ class Dwoo_Adapters_ZendFramework_View extends Zend_View_Abstract
* @return Dwoo_Data
*/
public function getCompiler()
{
if (null === $this->_compiler) {
{
if (null === $this->_compiler) {
$this->_compiler = Dwoo_Compiler::compilerFactory();
}
return $this->_compiler;
}
/**
* Initializes Dwoo_ITemplate type of class and sets properties from _templateFileSettings
*
*
* @param string Template location
* @return Dwoo_ITemplate
*/
public function getTemplateFile($template) {
$templateFileClass = $this->_templateFileClass;
$templateFileClass = $this->_templateFileClass;
$dwooTemplateFile = new $templateFileClass($template);
if (!($dwooTemplateFile instanceof Dwoo_ITemplate)) {
throw new Dwoo_Exception("Custom templateFile class must be a subclass of Dwoo_ITemplate");
}
......@@ -367,13 +367,13 @@ class Dwoo_Adapters_ZendFramework_View extends Zend_View_Abstract
call_user_func(array($dwooTemplateFile, 'set' . $method), $value);
}
}
return $dwooTemplateFile;
}
/**
* Dwoo_ITemplate type of class
*
*
* @param string Name of the class
* @return void
*/
......@@ -394,12 +394,12 @@ class Dwoo_Adapters_ZendFramework_View extends Zend_View_Abstract
$this->getDataProvider()->assign($name, $val);
return $this;
}
/**
* Return list of all assigned variables
*
* @return array
*/
* @return array
*/
public function getVars()
{
return $this->_dataProvider->getData();
......
......@@ -232,6 +232,16 @@ class Dwoo_Compiler implements Dwoo_ICompiler
protected static $instance;
/**
* constructor
*
* saves the created instance so that child templates get the same one
*/
public function __construct()
{
self::$instance = $this;
}
/**
* sets the delimiters to use in the templates
*
* delimiters can be multi-character strings but should not be one of those as they will
......@@ -461,7 +471,33 @@ class Dwoo_Compiler implements Dwoo_ICompiler
}
/**
* adds a template plugin, this is reserved for use by the {function} plugin
* adds an used plugin, this is reserved for use by the {template} plugin
*
* this is required so that plugin loading bubbles up from loaded
* template files to the current one
*
* @private
* @param string $name function name
* @param int $type plugin type (Dwoo::*_PLUGIN)
*/
public function addUsedPlugin($name, $type)
{
$this->usedPlugins[$name] = $type;
}
/**
* returns all the plugins this template uses
*
* @private
* @return array the list of used plugins in the parsed template
*/
public function getUsedPlugins()
{
return $this->usedPlugins;
}
/**
* adds a template plugin, this is reserved for use by the {template} plugin
*
* this is required because the template functions are not declared yet
* during compilation, so we must have a way of validating their argument
......@@ -652,7 +688,7 @@ class Dwoo_Compiler implements Dwoo_ICompiler
$this->template = $template;
$this->templateSource =& $tpl;
$this->pointer =& $ptr;
while (true) {
// if pointer is at the beginning, reset everything, that allows a plugin to externally reset the compiler if everything must be reparsed
if ($ptr===0) {
......@@ -802,7 +838,7 @@ class Dwoo_Compiler implements Dwoo_ICompiler
if ($this->debug) echo 'COMPILATION COMPLETE : MEM USAGE : '.memory_get_usage().'<br>';
$output = "<?php\n";
$output = "<?php\n/* template head */\n";
// build plugin preloader
foreach ($this->usedPlugins as $plugin=>$type) {
......@@ -1468,8 +1504,8 @@ class Dwoo_Compiler implements Dwoo_ICompiler
if (is_array($parsingParams)) {
$output = $this->parseMethodCall($out[count($out)-1][1], $match[0], $curBlock, $ptr);
$out[count($out)-1][0] .= substr($match[0], 0, $ptr);
$out[count($out)-1][1] .= $output;
$out[count($out)-1][0] = $output;
$out[count($out)-1][1] .= substr($match[0], 0, $ptr);
} else {
$out = $this->parseMethodCall($out, $match[0], $curBlock, $ptr);
}
......@@ -2273,7 +2309,7 @@ class Dwoo_Compiler implements Dwoo_ICompiler
}
}
} else {
preg_match_all('#(\[|->|\.)?([a-z0-9_]+|(\\\?[\'"])[^\3]*?\3)\]?#i', $key, $m);
preg_match_all('#(\[|->|\.)?((?:[a-z0-9_]|-(?!>))+|(\\\?[\'"])[^\3]*?\3)\]?#i', $key, $m);
$i = $m[2][0];
if ($i === '_parent' || $i === '_') {
......@@ -2327,7 +2363,7 @@ class Dwoo_Compiler implements Dwoo_ICompiler
}
}
} else {
preg_match_all('#(\[|->|\.)?([a-z0-9_]+)\]?#i', $key, $m);
preg_match_all('#(\[|->|\.)?((?:[a-z0-9_]|-(?!>))+)\]?#i', $key, $m);
unset($m[0]);
$output = '$this->readVar('.str_replace("\n", '', var_export($m, true)).')';
}
......@@ -2457,6 +2493,7 @@ class Dwoo_Compiler implements Dwoo_ICompiler
}
$src = $substr;
$substr = trim($substr);
if (strtolower($substr) === 'false' || strtolower($substr) === 'no' || strtolower($substr) === 'off') {
if ($this->debug) echo 'BOOLEAN(FALSE) PARSED<br />';
......@@ -2882,7 +2919,7 @@ class Dwoo_Compiler implements Dwoo_ICompiler
}
if (($pluginType & Dwoo::COMPILABLE_PLUGIN) === 0 && ($pluginType & Dwoo::NATIVE_PLUGIN) === 0 && ($pluginType & Dwoo::PROXY_PLUGIN) === 0) {
$this->usedPlugins[$name] = $pluginType;
$this->addUsedPlugin($name, $pluginType);
}
return $pluginType;
......@@ -2978,7 +3015,7 @@ class Dwoo_Compiler implements Dwoo_ICompiler
} else {
$name = $callback;
}
throw new Dwoo_Compilation_Exception($this, 'Argument '.$k.'/'.$v[0].' missing for '.str_replace(array('Dwoo_Plugin_', '_compile'), '', $name));
} elseif ($v[2]===null) {
// enforce lowercased null if default value is null (php outputs NULL with var export)
......@@ -3042,7 +3079,7 @@ class Dwoo_Compiler implements Dwoo_ICompiler
public static function compilerFactory()
{
if (self::$instance === null) {
self::$instance = new self;
new self;
}
return self::$instance;
}
......
......@@ -96,17 +96,17 @@ class Dwoo_Data implements Dwoo_IDataProvider
$this->data[$name] = $val;
}
}
/**
* allows to assign variables using the object syntax
*
* @param string $name the variable name
* @param string $value the value to assign to it
*/
public function __set($name, $value)
{
$this->assign($name, $value);
}
/**
* allows to assign variables using the object syntax
*
* @param string $name the variable name
* @param string $value the value to assign to it
*/
public function __set($name, $value)
{
$this->assign($name, $value);
}
/**
* assigns a value by reference to the data object
......@@ -129,9 +129,9 @@ class Dwoo_Data implements Dwoo_IDataProvider
* @param mixed $val the value to assign, or null if $name was an array
* @param bool $merge true to merge data or false to append, defaults to false
*/
public function append($name, $val = null, $merge = false)
{
if (is_array($name)) {
public function append($name, $val = null, $merge = false)
{
if (is_array($name)) {
foreach ($name as $key=>$val) {
if (isset($this->data[$key]) && !is_array($this->data[$key])) {
settype($this->data[$key], 'array');
......@@ -143,9 +143,11 @@ class Dwoo_Data implements Dwoo_IDataProvider
$this->data[$key][] = $val;
}
}
} elseif ($val !== null) {
} elseif ($val !== null) {
if (isset($this->data[$name]) && !is_array($this->data[$name])) {
settype($this->data[$name], 'array');
} elseif (!isset($this->data[$name])) {
$this->data[$name] = array();
}
if ($merge === true && is_array($val)) {
......@@ -153,8 +155,8 @@ class Dwoo_Data implements Dwoo_IDataProvider
} else {
$this->data[$name][] = $val;
}
}
}
}
}
/**
* appends a value by reference to the data object
......@@ -164,85 +166,85 @@ class Dwoo_Data implements Dwoo_IDataProvider
* @param mixed $val the value to append by reference
* @param bool $merge true to merge data or false to append, defaults to false
*/
public function appendByRef($name, &$val, $merge = false)
{
if (isset($this->data[$name]) && !is_array($this->data[$name])) {
public function appendByRef($name, &$val, $merge = false)
{
if (isset($this->data[$name]) && !is_array($this->data[$name])) {
settype($this->data[$name], 'array');
}
if ($merge === true && is_array($val)) {
foreach ($val as $key => &$val) {
$this->data[$name][$key] =& $val;
}
} else {
$this->data[$name][] =& $