From 7e5356380fab1bb0984fe00276552c8110e474c9 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Sat, 1 Oct 2016 21:13:24 +0900 Subject: [PATCH 1/5] Fix #579 insufficient information in template error --- classes/template/TemplateHandler.class.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/classes/template/TemplateHandler.class.php b/classes/template/TemplateHandler.class.php index 708b24e08..83dca2996 100644 --- a/classes/template/TemplateHandler.class.php +++ b/classes/template/TemplateHandler.class.php @@ -123,7 +123,7 @@ class TemplateHandler // if target file does not exist exit if(!$this->file || !file_exists($this->file)) { - return "Err : '{$this->file}' template file does not exists."; + return escape("Template not found: ${tpl_path}${tpl_filename}" . ($tpl_file ? " (${tpl_file})" : '')); } // for backward compatibility @@ -184,8 +184,7 @@ class TemplateHandler // if target file does not exist exit if(!$this->file || !file_exists($this->file)) { - Context::close(); - exit("Cannot find the template file: '{$this->file}'"); + return escape("Template not found: ${tpl_path}${tpl_filename}"); } return $this->parse(); From 78a0e857b5bacdd56dafb66d57a7f341e20d810b Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Sat, 1 Oct 2016 21:16:01 +0900 Subject: [PATCH 2/5] Also trigger warning when template is not found --- classes/template/TemplateHandler.class.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/classes/template/TemplateHandler.class.php b/classes/template/TemplateHandler.class.php index 83dca2996..95bba18aa 100644 --- a/classes/template/TemplateHandler.class.php +++ b/classes/template/TemplateHandler.class.php @@ -123,7 +123,9 @@ class TemplateHandler // if target file does not exist exit if(!$this->file || !file_exists($this->file)) { - return escape("Template not found: ${tpl_path}${tpl_filename}" . ($tpl_file ? " (${tpl_file})" : '')); + $error_message = "Template not found: ${tpl_path}${tpl_filename}" . ($tpl_file ? " (${tpl_file})" : ''); + trigger_error($error_message, \E_USER_WARNING); + return escape($error_message); } // for backward compatibility @@ -184,7 +186,9 @@ class TemplateHandler // if target file does not exist exit if(!$this->file || !file_exists($this->file)) { - return escape("Template not found: ${tpl_path}${tpl_filename}"); + $error_message = "Template not found: ${tpl_path}${tpl_filename}"; + trigger_error($error_message, \E_USER_WARNING); + return escape($error_message); } return $this->parse(); From b6113b9df828ebc5645eb2ef08518f11c1b06fe3 Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Sat, 1 Oct 2016 21:39:04 +0900 Subject: [PATCH 3/5] Allow access to superglobals and constants in template code --- classes/template/TemplateHandler.class.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/classes/template/TemplateHandler.class.php b/classes/template/TemplateHandler.class.php index 95bba18aa..8f489fa9a 100644 --- a/classes/template/TemplateHandler.class.php +++ b/classes/template/TemplateHandler.class.php @@ -235,7 +235,7 @@ class TemplateHandler $buff = $this->_parseInline($buff); // include, unload/load, import - $buff = preg_replace_callback('/{(@[\s\S]+?|(?=\$\w+|_{1,2}[A-Z]+|[!\(+-]|\w+(?:\(|::)|\d+|[\'"].*?[\'"]).+?)}|<(!--[#%])?(include|import|(un)?load(?(4)|(?:_js_plugin)?)|config)(?(2)\(["\']([^"\']+)["\'])(.*?)(?(2)\)--|\/)>|(\s*)/', array($this, '_parseResource'), $buff); + $buff = preg_replace_callback('/{(@[\s\S]+?|(?=[\$\\\\]\w+|_{1,2}[A-Z]+|[!\(+-]|\w+(?:\(|::)|\d+|[\'"].*?[\'"]).+?)}|<(!--[#%])?(include|import|(un)?load(?(4)|(?:_js_plugin)?)|config)(?(2)\(["\']([^"\']+)["\'])(.*?)(?(2)\)--|\/)>|(\s*)/', array($this, '_parseResource'), $buff); // remove block which is a virtual tag $buff = preg_replace('@@is', '', $buff); @@ -824,7 +824,17 @@ class TemplateHandler { return ''; } - return preg_replace('@(?$1', $php); + + return preg_replace_callback('@(?' . $matches[1]; + } + }, $php); } } From 95a36477b750af6cbf3e3756e0946ddb5733221d Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Sat, 1 Oct 2016 21:54:25 +0900 Subject: [PATCH 4/5] Clean up path handling in TemplateHandler --- classes/template/TemplateHandler.class.php | 26 ++++++++-------------- 1 file changed, 9 insertions(+), 17 deletions(-) diff --git a/classes/template/TemplateHandler.class.php b/classes/template/TemplateHandler.class.php index 8f489fa9a..cf0f2121f 100644 --- a/classes/template/TemplateHandler.class.php +++ b/classes/template/TemplateHandler.class.php @@ -11,11 +11,9 @@ */ class TemplateHandler { - private $compiled_path = 'files/cache/template_compiled/'; ///< path of compiled caches files private $path = NULL; ///< target directory private $filename = NULL; ///< target filename private $file = NULL; ///< target file (fullpath) - private $xe_path = NULL; ///< XpressEngine base path private $web_path = NULL; ///< tpl file web path private $compiled_file = NULL; ///< tpl file web path private $config = NULL; @@ -29,9 +27,8 @@ class TemplateHandler */ public function __construct() { - $this->xe_path = rtrim(preg_replace('/([^\.^\/]+)\.php$/i', '', $_SERVER['SCRIPT_NAME']), '/'); - $this->compiled_path = _XE_PATH_ . $this->compiled_path; - $this->config = new stdClass(); + $this->config = new stdClass; + $this->handler_mtime = filemtime(__FILE__); } /** @@ -93,16 +90,12 @@ class TemplateHandler $this->filename = $tpl_filename; $this->file = $tpl_file; - $this->web_path = $this->xe_path . '/' . ltrim(preg_replace('@^' . preg_quote(_XE_PATH_, '@') . '|\./@', '', $this->path), '/'); + // set absolute URL of template path + $this->web_path = \RX_BASEURL . ltrim(preg_replace('@^' . preg_quote(\RX_BASEDIR, '@') . '|\./@', '', $this->path), '/'); - // get compiled file name - $hash = md5($this->file . __XE_VERSION__); - $this->compiled_file = "{$this->compiled_path}{$hash}.compiled.php"; - - // compare various file's modified time for check changed - $this->handler_mtime = filemtime(__FILE__); - - $skip = array(''); + // set compiled file name + $converted_path = str_replace(array('\\', '..'), array('/', 'dotdot'), ltrim($this->file, './')); + $this->compiled_file = \RX_BASEDIR . 'files/cache/template/' . $converted_path . '.php'; } /** @@ -134,8 +127,7 @@ class TemplateHandler self::$rootTpl = $this->file; } - $source_template_mtime = filemtime($this->file); - $latest_mtime = $source_template_mtime > $this->handler_mtime ? $source_template_mtime : $this->handler_mtime; + $latest_mtime = max(filemtime($this->file), $this->handler_mtime); // make compiled file if(!file_exists($this->compiled_file) || filemtime($this->compiled_file) < $latest_mtime) @@ -808,7 +800,7 @@ class TemplateHandler } } - $path = preg_replace('/^' . preg_quote(_XE_PATH_, '/') . '/', '', $path); + $path = preg_replace('/^' . preg_quote(\RX_BASEDIR, '/') . '/', '', $path); return $path; } From a0bcb928471e2122bb4d3c737ff26c38bee9436a Mon Sep 17 00:00:00 2001 From: Kijin Sung Date: Sat, 1 Oct 2016 22:19:47 +0900 Subject: [PATCH 5/5] Add unit tests for TemplateHandler changes --- tests/unit/classes/TemplateHandlerTest.php | 25 ++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tests/unit/classes/TemplateHandlerTest.php b/tests/unit/classes/TemplateHandlerTest.php index 34b2d33ea..529c7230f 100644 --- a/tests/unit/classes/TemplateHandlerTest.php +++ b/tests/unit/classes/TemplateHandlerTest.php @@ -275,6 +275,31 @@ class TemplateHandlerTest extends \Codeception\TestCase\Test array( 'asdf src="../img/img.gif" asdf', '?>asdf src="../img/img.gif" asdf' + ), + // Rhymix improvements (PR #604) + array( + '{$_SERVER["REMOTE_ADDR"]}', + '?>' + ), + array( + '{escape($_COOKIE[$var], false)}', + '?>var], false) ?>' + ), + array( + '{$GLOBALS[$__Context->rhymix->rules]}', + '?>rhymix->rules] ?>' + ), + array( + '{$FOOBAR}', + '?>FOOBAR ?>' + ), + array( + '{RX_BASEDIR}', + '?>{RX_BASEDIR}' + ), + array( + '{\RX_BASEDIR}', + '?>' ), );