diff options
| -rw-r--r-- | phpBB/includes/template.php | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php index 542ae39435..899f727333 100644 --- a/phpBB/includes/template.php +++ b/phpBB/includes/template.php @@ -271,6 +271,11 @@ class Template { global $config; + // Remove any "loose" php ... we want to give admins the ability + // to switch on/off PHP for a given template. Allowing unchecked + // php is a no-no + $code = preg_replace('#\<\?php(.*?)\?\>#is', '', $code); + // Pull out all block/statement level elements and seperate // plain text preg_match_all('#<!-- PHP -->(.*?)<!-- ENDPHP -->#s', $code, $matches); @@ -292,7 +297,6 @@ class Template $this->compile_var_tags($text_blocks[$i]); } - $compile_blocks = array(); for ($curr_tb = 0; $curr_tb < count($text_blocks); $curr_tb++) @@ -371,9 +375,12 @@ class Template $template_php .= (!$no_echo) ? ((!empty($trim_check_text)) ? $text_blocks[$i] : '') . ((!empty($compile_blocks[$i])) ? $compile_blocks[$i] : '') : ((!empty($trim_check_text)) ? $text_blocks[$i] : '') . ((!empty($compile_blocks[$i])) ? $compile_blocks[$i] : ''); } + // There will be a number of occassions where we switch into and out of + // PHP mode instantaneously. Rather than "burden" the parser with this + // we'll strip out such occurences, minimising such switching $template_php = str_replace(' ?><?php ', '', $template_php); - return (!$no_echo) ? str_replace("\\'", "'", $template_php) : "\$$echo_var .= '" . addslashes($template_php) . "'"; + return (!$no_echo) ? $template_php : "\$$echo_var .= '" . $template_php . "'"; } function compile_var_tags(&$text_blocks) @@ -381,9 +388,6 @@ class Template // change template varrefs into PHP varrefs $varrefs = array(); - $text_blocks = str_replace('\\', '\\\\', $text_blocks); - $text_blocks = str_replace('\'', '\\\'', $text_blocks); - // This one will handle varrefs WITH namespaces preg_match_all('#\{(([a-z0-9\-_]+?\.)+?)([a-z0-9\-_]+?)\}#is', $text_blocks, $varrefs); @@ -405,7 +409,7 @@ class Template { global $user; - $text_blocks = preg_replace('#\{L_([A-Z0-9\-_]*?)\}#e', "<?php echo ((isset(\$this->_tpldata[\'.\'][0][\'L_\\1\'])) ? \$this->_tpldata[\'.\'][0][\'L_\\1\'] : \'' . ((isset(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '') . '\'); ?>'" , $text_blocks); + $text_blocks = preg_replace('#\{L_([A-Z0-9\-_]*?)\}#e', "'<?php echo ((isset(\$this->_tpldata[\'.\'][0][\'L_\\1\'])) ? \$this->_tpldata[\'.\'][0][\'L_\\1\'] : \'' . ((isset(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '') . '\'); ?>'" , $text_blocks); } $text_blocks = preg_replace('#\{([a-z0-9\-_]*?)\}#is', "<?php echo \$this->_tpldata['.'][0]['\\1']; ?>", $text_blocks); |