[ticket/11828] Fix greedy operators in lexer

Use lazy operators and use stricter validation PHPBB3-11828
author: Nathan Guse <nathaniel.guse@gmail.com> 2013-09-12 14:15:41 -0500
committer: Nathan Guse <nathaniel.guse@gmail.com> 2013-09-12 14:15:41 -0500
commit: 8c2f73bb09dc1fa305b59c2adabdc47fd3d5afdb (patch)
tree: f3ca73e76fac173861dea9cb616d59dc1870e796 /phpBB/phpbb/template/twig
parent: fc1dfd779da37128382322ffdc75bf751a0834a3 (diff)
download: forums-8c2f73bb09dc1fa305b59c2adabdc47fd3d5afdb.tar
forums-8c2f73bb09dc1fa305b59c2adabdc47fd3d5afdb.tar.gz
forums-8c2f73bb09dc1fa305b59c2adabdc47fd3d5afdb.tar.bz2
forums-8c2f73bb09dc1fa305b59c2adabdc47fd3d5afdb.tar.xz
forums-8c2f73bb09dc1fa305b59c2adabdc47fd3d5afdb.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/phpBB/phpbb/template/twig/lexer.php b/phpBB/phpbb/template/twig/lexer.php
index 7ab569313c..bd9ece57fd 100644
--- a/phpBB/phpbb/template/twig/lexer.php
+++ b/phpBB/phpbb/template/twig/lexer.php
@@ -75,7 +75,7 @@ class phpbb_template_twig_lexer extends Twig_Lexer
 
 		// Fix tokens that may have inline variables (e.g. <!-- DEFINE $TEST = '{FOO}')
 		$code = $this->fix_inline_variable_tokens(array(
-			'DEFINE.+=',
+			'DEFINE \$[a-zA-Z0-9]+ =',
 			'INCLUDE',
 			'INCLUDEPHP',
 			'INCLUDEJS',
@@ -240,7 +240,7 @@ class phpbb_template_twig_lexer extends Twig_Lexer
 			return "<!-- {$matches[1]}IF{$inner}-->";
 		};
 
-		return preg_replace_callback('#<!-- (ELSE)?IF((.*)[\s][\$|\.|!]([^\s]+)(.*))-->#', $callback, $code);
+		return preg_replace_callback('#<!-- (ELSE)?IF((.*?)[\s][\$|\.|!]([^\s]+)(.*?))-->#', $callback, $code);
 	}
 
 	/**
@@ -264,10 +264,10 @@ class phpbb_template_twig_lexer extends Twig_Lexer
 		*/
 
 		// Replace <!-- DEFINE $NAME with {% DEFINE definition.NAME
-		$code = preg_replace('#<!-- DEFINE \$(.*)-->#', '{% DEFINE $1 %}', $code);
+		$code = preg_replace('#<!-- DEFINE \$(.*?) -->#', '{% DEFINE $1 %}', $code);
 
 		// Changing UNDEFINE NAME to DEFINE NAME = null to save from creating an extra token parser/node
-		$code = preg_replace('#<!-- UNDEFINE \$(.*)-->#', '{% DEFINE $1= null %}', $code);
+		$code = preg_replace('#<!-- UNDEFINE \$(.*?)-->#', '{% DEFINE $1= null %}', $code);
 
 		// Replace all of our variables, {$VARNAME}, with Twig style, {{ definition.VARNAME }}
 		$code = preg_replace('#{\$([a-zA-Z0-9_\.]+)}#', '{{ definition.$1 }}', $code);
author	Nathan Guse <nathaniel.guse@gmail.com>	2013-09-12 14:15:41 -0500
committer	Nathan Guse <nathaniel.guse@gmail.com>	2013-09-12 14:15:41 -0500
commit	8c2f73bb09dc1fa305b59c2adabdc47fd3d5afdb (patch)
tree	f3ca73e76fac173861dea9cb616d59dc1870e796 /phpBB/phpbb/template/twig
parent	fc1dfd779da37128382322ffdc75bf751a0834a3 (diff)
download	forums-8c2f73bb09dc1fa305b59c2adabdc47fd3d5afdb.tar forums-8c2f73bb09dc1fa305b59c2adabdc47fd3d5afdb.tar.gz forums-8c2f73bb09dc1fa305b59c2adabdc47fd3d5afdb.tar.bz2 forums-8c2f73bb09dc1fa305b59c2adabdc47fd3d5afdb.tar.xz forums-8c2f73bb09dc1fa305b59c2adabdc47fd3d5afdb.zip