From 614ad1f8b9b00086efc123e49b7bb8efbfa81b61 Mon Sep 17 00:00:00 2001 From: Uwe Tews Date: Fri, 21 Jul 2017 05:13:54 +0200 Subject: - security possible PHP code injection on custom resources at display() or fetch() calls if the resource does not sanitize the template name --- change_log.txt | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'change_log.txt') diff --git a/change_log.txt b/change_log.txt index 3db0cd9e..7ab4888f 100644 --- a/change_log.txt +++ b/change_log.txt @@ -1,4 +1,8 @@ ===== 3.1.32 - dev === +21.7.2017 + - security possible PHP code injection on custom resources at display() or fetch() + calls if the resource does not sanitize the template name + 27.5.2017 - bugfix change compiled code for registered function and modifiers to called as callable to allow closures https://github.com/smarty-php/smarty/pull/368, https://github.com/smarty-php/smarty/issues/273 -- cgit v1.3