diff options
| author | Uwe.Tews <uwe.tews@localhost> | 2010-04-17 10:24:44 +0000 |
|---|---|---|
| committer | Uwe.Tews <uwe.tews@localhost> | 2010-04-17 10:24:44 +0000 |
| commit | d44ffe91327a60e51955771e4803033984dba808 (patch) | |
| tree | 9feefaa7d7c5777db2c74f578baa15681c6b1fe9 /libs/plugins | |
| parent | 09c208eda674eeed87682813fddcb4a8fe538626 (diff) | |
| download | smarty-d44ffe91327a60e51955771e4803033984dba808.tar.gz smarty-d44ffe91327a60e51955771e4803033984dba808.tar.bz2 smarty-d44ffe91327a60e51955771e4803033984dba808.zip | |
- security fix in {math} plugin
Diffstat (limited to 'libs/plugins')
| -rw-r--r-- | libs/plugins/function.math.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libs/plugins/function.math.php b/libs/plugins/function.math.php index d7ac9f8f..257d2fee 100644 --- a/libs/plugins/function.math.php +++ b/libs/plugins/function.math.php @@ -39,7 +39,7 @@ function smarty_function_math($params, $smarty, $template) } // match all vars in equation, make sure all are passed - preg_match_all("!(?:0x[a-fA-F0-9]+)|([a-zA-Z][a-zA-Z0-9_]+)!",$equation, $match); + preg_match_all("!(?:0x[a-fA-F0-9]+)|([a-zA-Z][a-zA-Z0-9_]*)!",$equation, $match); $allowed_funcs = array('int','abs','ceil','cos','exp','floor','log','log10', 'max','min','pi','pow','rand','round','sin','sqrt','srand','tan'); @@ -81,4 +81,4 @@ function smarty_function_math($params, $smarty, $template) } } } -?> +?>
\ No newline at end of file |
