Fix entry creation by restoring smarty access to PHP modifiers

Also removes unused code from the smarty security wrapper

Author: onli

include/functions_smarty.inc.php

@@ -919,6 +919,49 @@ function serendipity_smarty_count($value, $mode = COUNT_NORMAL) {
     return count($value, $mode);
 }
 
+function serendipity_smarty_sizeof($value, $mode = COUNT_NORMAL) {
+    return count($value, $mode);
+}
+
+function serendipity_smarty_isset($var, $vars) {
+    return isset($var, $vars);
+}
+
+function serendipity_smarty_empty($var) {
+    return empty($var);
+}
+
+function serendipity_smarty_in_array(mixed $needle, array $haystack, bool $strict = false) {
+    return in_array($needle, $haystack, $strict);
+}
+
+function serendipity_smarty_is_array($var) {
+    return is_array($var);
+}
+
+function serendipity_smarty_time() {
+    return time();
+}
+
+function serendipity_smarty_nl2br(string $string, bool $use_xhtml = true) {
+    return nl2br($string, $use_xhtml);
+}
+
+function serendipity_smarty_class_exists(string $class, bool $autoload = true) {
+    return class_exists($class, $autoload);
+}
+
+function serendipity_smarty_rand($min = 0, $max = null) {
+    return rand($min, $max ?? getrandmax());
+}
+
+function serendipity_smarty_str_repeat($string, $times) {
+    return str_repeat($string, $times);
+}
+
+
+
+
 /**
  * Initialize the Smarty framework for use in Serendipity
  *
@@ -989,16 +1032,6 @@ function serendipity_smarty_init($vars = array()) {
             // enable security policy by instance of the Smarty_Security class
             $serendipity['smarty']->enableSecurity('Serendipity_Smarty_Security_Policy');
 
-            // debugging...
-            #echo '<pre>';print_r($serendipity['smarty']);echo '</pre>';#exit;
-            #$serendipity['smarty']->testInstall();exit;
-            // extreme debugging with undocumented internal flag which enables a trace output from the parser during debugging
-            #$serendipity['smarty']->_parserdebug = true; // be careful!
-
-            /**
-             * ToDo: Check for possible API changes in Smarty 3.2 [smarty_modifier_foobar, --> [smarty_modifier_foobar, smarty_function_foobar, smarty_block_foobar] (in class)]
-             * smarty_modifier_foobar(Smarty $smarty, $string, ...) vs. smarty_modifier_foobar($string, ...)
-             **/
             $serendipity['smarty']->registerPlugin('modifier', 'makeFilename', 'serendipity_makeFilename');
             $serendipity['smarty']->registerPlugin('modifier', 'xhtml_target', 'serendipity_xhtml_target');
             $serendipity['smarty']->registerPlugin('modifier', 'emptyPrefix', 'serendipity_emptyPrefix');
@@ -1030,6 +1063,18 @@ function serendipity_smarty_init($vars = array()) {
             $serendipity['smarty']->registerPlugin('function', 'serendipity_getConfigVar', 'serendipity_smarty_getConfigVar');
             $serendipity['smarty']->registerPlugin('function', 'serendipity_setFormToken', 'serendipity_smarty_setFormToken');
 
+
+            // Backwards compatibility fix for Smarty v5: Allow these these php functions and modifiers
+            $php_functions = array('isset', 'empty', 'sizeof', 'count', 'in_array', 'is_array', 'time', 'nl2br');
+            $php_modifiers = array('rand', 'str_repeat', 'nl2br', 'class_exists');
+
+            foreach ($php_functions as $php_function) {
+                $serendipity['smarty']->registerPlugin('function', $php_function, "serendipity_smarty_$php_function");
+            }
+            foreach ($php_modifiers as $php_modifier) {
+                $serendipity['smarty']->registerPlugin('modifier', $php_modifier, "serendipity_smarty_$php_modifier");
+            }
+
             $serendipity['smarty']->registerFilter('pre', 'serendipity_replaceSmartyVars');
 
         }

include/serendipity_smarty_class.inc.php

@@ -12,28 +12,6 @@
 // Create a wrapper class extended from Smarty_Security - which allows access to S9Y-plugin and S9Y-template dirs
 class Serendipity_Smarty_Security_Policy extends \Smarty\Security
   {
-    // these are the allowed functions only. - default as is
-    public $php_functions = array('isset', 'empty', 'sizeof', 'count', 'in_array', 'is_array', 'time', 'nl2br', 'class_exists');
-    // to disable all PHP functions
-    #public $php_functions = null;
-
-    // set allowed modifiers only. (default = array( 'escape', 'count' );)
-    public $php_modifiers = array('escape', 'rand', 'str_repeat', 'nl2br');
-
-    public $allow_constants = true;
-
-    public $allow_super_globals = true;
-
-    // array of template directories that are considered secure. No need, as ...TemplateDir concidered secure implicitly.  (unproofed)
-    public $secure_dir = array(S9Y_TEMPLATE_SECUREDIR); // do we need this then?
-
-    // actually no need, as template dirs are explicit defined as trusted_dirs. (unproofed)
-    public $trusted_dir = array(S9Y_TEMPLATE_USERDEFAULT, S9Y_TEMPLATE_USERDEFAULT_BACKEND, S9Y_TEMPLATE_FALLBACK); // do we need this then?
-
-    #public $modifiers = array(); // can be omitted, when all allowed
-
-    // to test this - overwrites Serendipity_Smarty::default_modifiers and Serendipity_Smarty_Security_Policy::php_modifiers - modifier 'escape' not allowed by security setting
-    #public $allowed_modifiers = array('escape:"htmlall"');
 
     // This allows the fetch() and include calls to pull .tpl files from any directory,
     // so that symlinked plugin directories outside the s9y path can be included properly.