diff options
| -rw-r--r-- | change_log.txt | 3 | ||||
| -rw-r--r-- | libs/plugins/function.cycle.php | 2 | ||||
| -rw-r--r-- | libs/plugins/function.html_options.php | 4 | ||||
| -rw-r--r-- | libs/plugins/function.mailto.php | 3 | ||||
| -rw-r--r-- | libs/plugins/function.math.php | 11 | ||||
| -rw-r--r-- | libs/sysplugins/smarty_internal_compile_break.php | 3 | ||||
| -rw-r--r-- | libs/sysplugins/smarty_internal_compile_config_load.php | 3 | ||||
| -rw-r--r-- | libs/sysplugins/smarty_internal_compile_continue.php | 3 | ||||
| -rw-r--r-- | libs/sysplugins/smarty_internal_compile_extends.php | 3 | ||||
| -rw-r--r-- | libs/sysplugins/smarty_internal_debug.php | 3 | ||||
| -rw-r--r-- | libs/sysplugins/smarty_internal_templatebase.php | 38 | ||||
| -rw-r--r-- | libs/sysplugins/smarty_resource.php | 5 | ||||
| -rw-r--r-- | libs/sysplugins/smarty_security.php | 46 |
13 files changed, 88 insertions, 39 deletions
diff --git a/change_log.txt b/change_log.txt index d0691328..3da63ccb 100644 --- a/change_log.txt +++ b/change_log.txt @@ -1,4 +1,7 @@ ===== trunk ===== +01.10.2011 +- improvement replaced most in_array() calls by more efficient isset() on array_flip()ed haystacks + 29.09.2011 - improvement of Smarty_Internal_Config::loadConfigVars() dropped the in_array for index look up diff --git a/libs/plugins/function.cycle.php b/libs/plugins/function.cycle.php index d456ee54..1778ffb5 100644 --- a/libs/plugins/function.cycle.php +++ b/libs/plugins/function.cycle.php @@ -52,7 +52,7 @@ function smarty_function_cycle($params, $template) $advance = (isset($params['advance'])) ? (bool)$params['advance'] : true; $reset = (isset($params['reset'])) ? (bool)$params['reset'] : false; - if (!in_array('values', array_keys($params))) { + if (!isset($params['values'])) { if(!isset($cycle_vars[$name]['values'])) { trigger_error("cycle: missing 'values' parameter"); return; diff --git a/libs/plugins/function.html_options.php b/libs/plugins/function.html_options.php index 269601a5..9c524b92 100644 --- a/libs/plugins/function.html_options.php +++ b/libs/plugins/function.html_options.php @@ -66,7 +66,7 @@ function smarty_function_html_options($params, $template) case 'selected': if (is_array($_val)) { - $selected = array_map('strval', array_values((array)$_val)); + $selected = array_flip(array_map('strval', array_values((array)$_val))); } else { $selected = $_val; } @@ -114,7 +114,7 @@ function smarty_function_html_options_optoutput($key, $value, $selected, $id, $c if (!is_array($value)) { $_html_result = '<option value="' . smarty_function_escape_special_chars($key) . '"'; if (is_array($selected)) { - if (in_array((string)$key, $selected)) { + if (isset($selected[(string) $key])) { $_html_result .= ' selected="selected"'; } } elseif ($key == $selected) { diff --git a/libs/plugins/function.mailto.php b/libs/plugins/function.mailto.php index 5875713a..0f56195c 100644 --- a/libs/plugins/function.mailto.php +++ b/libs/plugins/function.mailto.php @@ -50,6 +50,7 @@ */ function smarty_function_mailto($params, $template) { + static $_allowed_encoding = array('javascript' => true, 'javascript_charcode' => true, 'hex' => true, 'none' => true); $extra = ''; if (empty($params['address'])) { @@ -95,7 +96,7 @@ function smarty_function_mailto($params, $template) $address .= $mail_parm_vals; $encode = (empty($params['encode'])) ? 'none' : $params['encode']; - if (!in_array($encode, array('javascript', 'javascript_charcode', 'hex', 'none'))) { + if (!isset($_allowed_encoding[$encode])) { trigger_error("mailto: 'encode' parameter must be none, javascript, javascript_charcode or hex", E_USER_WARNING); return; } diff --git a/libs/plugins/function.math.php b/libs/plugins/function.math.php index cdbe6d61..c2621a68 100644 --- a/libs/plugins/function.math.php +++ b/libs/plugins/function.math.php @@ -23,6 +23,11 @@ */ function smarty_function_math($params, $template) { + static $_allowed_funcs = array( + 'int' => true, 'abs' => true, 'ceil' => true, 'cos' => true, 'exp' => true, 'floor' => true, + 'log' => true, 'log10' => true, 'max' => true, 'min' => true, 'pi' => true, 'pow' => true, + 'rand' => true, 'round' => true, 'sin' => true, 'sqrt' => true, 'srand' => true ,'tan' => true + ); // be sure equation parameter is present if (empty($params['equation'])) { trigger_error("math: missing equation parameter",E_USER_WARNING); @@ -39,11 +44,9 @@ function smarty_function_math($params, $template) // match all vars in equation, make sure all are passed preg_match_all("!(?:0x[a-fA-F0-9]+)|([a-zA-Z][a-zA-Z0-9_]*)!",$equation, $match); - $allowed_funcs = array('int','abs','ceil','cos','exp','floor','log','log10', - 'max','min','pi','pow','rand','round','sin','sqrt','srand','tan'); foreach($match[1] as $curr_var) { - if ($curr_var && !in_array($curr_var, array_keys($params)) && !in_array($curr_var, $allowed_funcs)) { + if ($curr_var && !isset($params[$curr_var]) && !isset($_allowed_funcs[$current_var])) { trigger_error("math: function call $curr_var not allowed",E_USER_WARNING); return; } @@ -52,7 +55,7 @@ function smarty_function_math($params, $template) foreach($params as $key => $val) { if ($key != "equation" && $key != "format" && $key != "assign") { // make sure value is not empty - if (strlen($val)==0) { + if (isset($val[0])) { trigger_error("math: parameter $key is empty",E_USER_WARNING); return; } diff --git a/libs/sysplugins/smarty_internal_compile_break.php b/libs/sysplugins/smarty_internal_compile_break.php index 84e67479..259c66e2 100644 --- a/libs/sysplugins/smarty_internal_compile_break.php +++ b/libs/sysplugins/smarty_internal_compile_break.php @@ -41,6 +41,7 @@ class Smarty_Internal_Compile_Break extends Smarty_Internal_CompileBase { */
public function compile($args, $compiler, $parameter)
{
+ static $_is_loopy = array('for' => true, 'foreach' => true, 'while' => true, 'section' => true);
// check and get attributes
$_attr = $this->getAttributes($compiler, $args);
@@ -59,7 +60,7 @@ class Smarty_Internal_Compile_Break extends Smarty_Internal_CompileBase { $level_count = $_levels;
$stack_count = count($compiler->_tag_stack) - 1;
while ($level_count > 0 && $stack_count >= 0) {
- if (in_array($compiler->_tag_stack[$stack_count][0], array('for', 'foreach', 'while', 'section'))) {
+ if (isset($_is_loopy[$compiler->_tag_stack[$stack_count][0]])) {
$level_count--;
}
$stack_count--;
diff --git a/libs/sysplugins/smarty_internal_compile_config_load.php b/libs/sysplugins/smarty_internal_compile_config_load.php index 408f6d98..deaa052c 100644 --- a/libs/sysplugins/smarty_internal_compile_config_load.php +++ b/libs/sysplugins/smarty_internal_compile_config_load.php @@ -48,6 +48,7 @@ class Smarty_Internal_Compile_Config_Load extends Smarty_Internal_CompileBase { */ public function compile($args, $compiler) { + static $_is_legal_scope = array('local' => true,'parent' => true,'root' => true,'global' => true); // check and get attributes $_attr = $this->getAttributes($compiler, $args); @@ -67,7 +68,7 @@ class Smarty_Internal_Compile_Config_Load extends Smarty_Internal_CompileBase { // scope setup if (isset($_attr['scope'])) { $_attr['scope'] = trim($_attr['scope'], "'\""); - if (in_array($_attr['scope'],array('local','parent','root','global'))) { + if (isset($_is_legal_scope[$_attr['scope']])) { $scope = $_attr['scope']; } else { $compiler->trigger_template_error('illegal value for "scope" attribute', $compiler->lex->taglineno); diff --git a/libs/sysplugins/smarty_internal_compile_continue.php b/libs/sysplugins/smarty_internal_compile_continue.php index 9db194dd..4082a93b 100644 --- a/libs/sysplugins/smarty_internal_compile_continue.php +++ b/libs/sysplugins/smarty_internal_compile_continue.php @@ -42,6 +42,7 @@ class Smarty_Internal_Compile_Continue extends Smarty_Internal_CompileBase { */
public function compile($args, $compiler, $parameter)
{
+ static $_is_loopy = array('for' => true, 'foreach' => true, 'while' => true, 'section' => true);
// check and get attributes
$_attr = $this->getAttributes($compiler, $args);
@@ -60,7 +61,7 @@ class Smarty_Internal_Compile_Continue extends Smarty_Internal_CompileBase { $level_count = $_levels;
$stack_count = count($compiler->_tag_stack) - 1;
while ($level_count > 0 && $stack_count >= 0) {
- if (in_array($compiler->_tag_stack[$stack_count][0], array('for', 'foreach', 'while', 'section'))) {
+ if (isset($_is_loopy[$compiler->_tag_stack[$stack_count][0]])) {
$level_count--;
}
$stack_count--;
diff --git a/libs/sysplugins/smarty_internal_compile_extends.php b/libs/sysplugins/smarty_internal_compile_extends.php index 5d3973e2..8a4deeed 100644 --- a/libs/sysplugins/smarty_internal_compile_extends.php +++ b/libs/sysplugins/smarty_internal_compile_extends.php @@ -42,6 +42,7 @@ class Smarty_Internal_Compile_Extends extends Smarty_Internal_CompileBase { */ public function compile($args, $compiler) { + static $_is_stringy = array('string' => true, 'eval' => true); $this->_rdl = preg_quote($compiler->smarty->right_delimiter); $this->_ldl = preg_quote($compiler->smarty->left_delimiter); $filepath = $compiler->template->source->filepath; @@ -60,7 +61,7 @@ class Smarty_Internal_Compile_Extends extends Smarty_Internal_CompileBase { // create template object $_template = new $compiler->smarty->template_class($include_file, $compiler->smarty, $compiler->template); // save file dependency - if (in_array($_template->source->type, array('eval', 'string'))) { + if (isset($_is_stringy[$_template->source->type])) { $template_sha1 = sha1($include_file); } else { $template_sha1 = sha1($_template->source->filepath); diff --git a/libs/sysplugins/smarty_internal_debug.php b/libs/sysplugins/smarty_internal_debug.php index 83d9fef2..2aea13f3 100644 --- a/libs/sysplugins/smarty_internal_debug.php +++ b/libs/sysplugins/smarty_internal_debug.php @@ -180,6 +180,7 @@ class Smarty_Internal_Debug extends Smarty_Internal_Data { */ private static function get_key($template) { + static $_is_stringy = array('string' => true, 'eval' => true); // calculate Uid if not already done if ($template->source->uid == '') { $template->source->filepath; @@ -188,7 +189,7 @@ class Smarty_Internal_Debug extends Smarty_Internal_Data { if (isset(self::$template_data[$key])) { return $key; } else { - if (in_array($template->source->type, array('string','eval'))) { + if (isset($_is_stringy[$template->source->type])) { self::$template_data[$key]['name'] = '\''.substr($template->source->name,0,25).'...\''; } else { self::$template_data[$key]['name'] = $template->source->filepath; diff --git a/libs/sysplugins/smarty_internal_templatebase.php b/libs/sysplugins/smarty_internal_templatebase.php index 954ad1be..f3d1ba38 100644 --- a/libs/sysplugins/smarty_internal_templatebase.php +++ b/libs/sysplugins/smarty_internal_templatebase.php @@ -676,24 +676,44 @@ abstract class Smarty_Internal_TemplateBase extends Smarty_Internal_Data { */
public function __call($name, $args)
{
- // methode of Smarty object?
+ static $_prefixes = array('set' => true, 'get' => true);
+ static $_resolved_property_name = array();
+ static $_resolved_property_source = array();
+
+ // method of Smarty object?
if (method_exists($this->smarty, $name)) {
return call_user_func_array(array($this->smarty, $name), $args);
}
// see if this is a set/get for a property
$first3 = strtolower(substr($name, 0, 3));
- if (in_array($first3, array('set', 'get')) && substr($name, 3, 1) !== '_') {
- // try to keep case correct for future PHP 6.0 case-sensitive class methods
- // lcfirst() not available < PHP 5.3.0, so improvise
- $property_name = strtolower(substr($name, 3, 1)) . substr($name, 4);
- // convert camel case to underscored name
- $property_name = preg_replace_callback('/([A-Z])/', array($this,'replaceCamelcase'), $property_name);
- if (property_exists($this, $property_name)) {
+ if (isset($_prefixes[$first3]) && isset($name[3]) && $name[3] !== '_') {
+ if (isset($_resolved_property_name[$name])) {
+ $property_name = $_resolved_property_name[$name];
+ } else {
+ // try to keep case correct for future PHP 6.0 case-sensitive class methods
+ // lcfirst() not available < PHP 5.3.0, so improvise
+ $property_name = strtolower(substr($name, 3, 1)) . substr($name, 4);
+ // convert camel case to underscored name
+ $property_name = preg_replace_callback('/([A-Z])/', array($this,'replaceCamelcase'), $property_name);
+ $_resolved_property_name[$name] = $property_name;
+ }
+ if (isset($_resolved_property_source[$property_name])) {
+ $_is_this = $_resolved_property_source[$property_name];
+ } else {
+ $_is_this = null;
+ if (property_exists($this, $property_name)) {
+ $_is_this = true;
+ } else if (property_exists($this->smarty, $property_name)) {
+ $_is_this = false;
+ }
+ $_resolved_property_source[$property_name] = $_is_this;
+ }
+ if ($_is_this) {
if ($first3 == 'get')
return $this->$property_name;
else
return $this->$property_name = $args[0];
- } else if (property_exists($this->smarty, $property_name)) {
+ } else if ($_is_this === false) {
if ($first3 == 'get')
return $this->smarty->$property_name;
else
diff --git a/libs/sysplugins/smarty_resource.php b/libs/sysplugins/smarty_resource.php index 009133cf..69a4ba42 100644 --- a/libs/sysplugins/smarty_resource.php +++ b/libs/sysplugins/smarty_resource.php @@ -440,6 +440,7 @@ abstract class Smarty_Resource { */ public static function config(Smarty_Internal_Config $_config) { + static $_incompatible_resources = array('eval' => true, 'string' => true, 'extends' => true, 'php' => true); $config_resource = $_config->config_resource; $smarty = $_config->smarty; @@ -457,8 +458,8 @@ abstract class Smarty_Resource { $resource_name = $config_resource; } } - - if (in_array($resource_type, array('eval', 'string', 'extends', 'php'))) { + + if (isset($_incompatible_resources[$resource_type])) { throw new SmartyException ("Unable to use resource '{$resource_type}' for config"); } diff --git a/libs/sysplugins/smarty_security.php b/libs/sysplugins/smarty_security.php index 8eb4ed7a..9f80ca95 100644 --- a/libs/sysplugins/smarty_security.php +++ b/libs/sysplugins/smarty_security.php @@ -6,6 +6,15 @@ * @subpackage Security * @author Uwe Tews */ + +/* + * FIXME: Smarty_Security API + * - getter and setter instead of public properties would allow cultivating an internal cache properly + * - current implementation of isTrustedResourceDir() assumes that Smarty::$template_dir and Smarty::$config_dir are immutable + * the cache is killed every time either of the variables change. That means that two distinct Smarty objects with differing + * $template_dir or $config_dir should NOT share the same Smarty_Security instance, + * as this would lead to (severe) performance penalty! how should this be handled? + */ /** * This class does contain the security settings @@ -120,38 +129,45 @@ class Smarty_Security { public $allow_super_globals = true; /** - * @param Smarty $smarty - */ - public function __construct($smarty) - { - $this->smarty = $smarty; - } - - /** - * @var string + * Cache for $resource_dir lookups + * @var array */ protected $_resource_dir = null; /** - * @var string + * Cache for $template_dir lookups + * @var array */ protected $_template_dir = null; /** - * @var string + * Cache for $config_dir lookups + * @var array */ protected $_config_dir = null; /** - * @var string + * Cache for $secure_dir lookups + * @var array */ protected $_secure_dir = null; /** - * @var string + * Cache for $php_resource_dir lookups + * @var array */ protected $_php_resource_dir = null; /** - * @var string + * Cache for $trusted_dir lookups + * @var array */ protected $_trusted_dir = null; - + + + /** + * @param Smarty $smarty + */ + public function __construct($smarty) + { + $this->smarty = $smarty; + } + /** * Check if PHP function is trusted. * |
