From: Neil Drumm Date: Thu, 8 Aug 2013 05:55:56 +0000 (+0000) Subject: CRM-12930 Always use Smarty security for string templates X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=0d82bf32a5ac80d69b5abcf2f6a7aca1b89563ed;p=civicrm-core.git CRM-12930 Always use Smarty security for string templates --- diff --git a/CRM/Core/Smarty.php b/CRM/Core/Smarty.php index 43aab01c20..3104453152 100644 --- a/CRM/Core/Smarty.php +++ b/CRM/Core/Smarty.php @@ -186,7 +186,15 @@ class CRM_Core_Smarty extends Smarty { * @param boolean $display */ function fetch($resource_name, $cache_id = NULL, $compile_id = NULL, $display = FALSE) { - return parent::fetch($resource_name, $cache_id, $compile_id, $display); + if (preg_match( '/^(\s+)?string:/', $resource_name)) { + $old_security = $this->security; + $this->security = TRUE; + } + $output = parent::fetch($resource_name, $cache_id, $compile_id, $display); + if (isset($old_security)) { + $this->security = $old_security; + } + return $output; } function appendValue($name, $value) { diff --git a/CRM/Mailing/BAO/Mailing.php b/CRM/Mailing/BAO/Mailing.php index ee75e2aff5..4b8cda012f 100644 --- a/CRM/Mailing/BAO/Mailing.php +++ b/CRM/Mailing/BAO/Mailing.php @@ -1187,9 +1187,7 @@ ORDER BY civicrm_email.is_bulkmail DESC )) { $textBody = join('', $text); if ($useSmarty) { - $smarty->security = TRUE; - $textBody = $smarty->fetch("string:$textBody"); - $smarty->security = FALSE; + $textBody = $smarty->fetch("string:$textBody"); } $mailParams['text'] = $textBody; } @@ -1199,9 +1197,7 @@ ORDER BY civicrm_email.is_bulkmail DESC ))) { $htmlBody = join('', $html); if ($useSmarty) { - $smarty->security = TRUE; - $htmlBody = $smarty->fetch("string:$htmlBody"); - $smarty->security = FALSE; + $htmlBody = $smarty->fetch("string:$htmlBody"); } $mailParams['html'] = $htmlBody; }