Bump smarty/smarty from 5.3.1 to 5.4.0 #70

vendor/composer/installed.json

@@ -1032,17 +1032,17 @@
         },
         {
             "name": "smarty/smarty",
-            "version": "v5.3.1",
-            "version_normalized": "5.3.1.0",
+            "version": "v5.4.0",
+            "version_normalized": "5.4.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/smarty-php/smarty.git",
-                "reference": "3cb35854326a94120cd415b81db28c53d95d0d5d"
+                "reference": "fd90f7eac969d998736edbf12dadf04c64471b0a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/smarty-php/smarty/zipball/3cb35854326a94120cd415b81db28c53d95d0d5d",
-                "reference": "3cb35854326a94120cd415b81db28c53d95d0d5d",
+                "url": "https://api.github.com/repos/smarty-php/smarty/zipball/fd90f7eac969d998736edbf12dadf04c64471b0a",
+                "reference": "fd90f7eac969d998736edbf12dadf04c64471b0a",
                 "shasum": ""
             },
             "require": {
@@ -1053,7 +1053,7 @@
                 "phpunit/phpunit": "^8.5 || ^7.5",
                 "smarty/smarty-lexer": "^4.0.2"
             },
-            "time": "2024-06-16T19:51:13+00:00",
+            "time": "2024-08-14T20:00:44+00:00",
             "type": "library",
             "extra": {
                 "branch-alias": {
@@ -1099,7 +1099,7 @@
             "support": {
                 "forum": "https://github.com/smarty-php/smarty/discussions",
                 "issues": "https://github.com/smarty-php/smarty/issues",
-                "source": "https://github.com/smarty-php/smarty/tree/v5.3.1"
+                "source": "https://github.com/smarty-php/smarty/tree/v5.4.0"
             },
             "install-path": "../smarty/smarty"
         },

vendor/composer/installed.php

@@ -3,7 +3,7 @@
         'name' => 'fusionwowcms/fusioncms',
         'pretty_version' => 'dev-main',
         'version' => 'dev-main',
-        'reference' => '0173218f21eee9c74074b55d7e7ab363e2f23148',
+        'reference' => '9436e9151d2fddfa8042c88822be67b1b416337a',
         'type' => 'project',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -85,7 +85,7 @@
         'fusionwowcms/fusioncms' => array(
             'pretty_version' => 'dev-main',
             'version' => 'dev-main',
-            'reference' => '0173218f21eee9c74074b55d7e7ab363e2f23148',
+            'reference' => '9436e9151d2fddfa8042c88822be67b1b416337a',
             'type' => 'project',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
@@ -167,9 +167,9 @@
             ),
         ),
         'smarty/smarty' => array(
-            'pretty_version' => 'v5.3.1',
-            'version' => '5.3.1.0',
-            'reference' => '3cb35854326a94120cd415b81db28c53d95d0d5d',
+            'pretty_version' => 'v5.4.0',
+            'version' => '5.4.0.0',
+            'reference' => 'fd90f7eac969d998736edbf12dadf04c64471b0a',
             'type' => 'library',
             'install_path' => __DIR__ . '/../smarty/smarty',
             'aliases' => array(),

vendor/smarty/smarty/CHANGELOG.md

@@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [5.4.0] - 2024-08-14
+- Fixing forced OpCache invalidation on every template include, which is resulting in fast raising wasted OpCache memory [#1007](https://github.com/smarty-php/smarty/issues/1007) 
+- Improvement of auto-escaping [#1030](https://github.com/smarty-php/smarty/pull/1030)
+
+
 ## [5.3.1] - 2024-06-16
 - Fixed error when using section with nocache [#1034](https://github.com/smarty-php/smarty/issues/1034)
 

vendor/smarty/smarty/docs/api/configuring.md

@@ -143,6 +143,35 @@ Enable auto-escaping for HTML as follows:
 $smarty->setEscapeHtml(true);
 ```
 
+When auto-escaping is enabled, the `|escape` modifier's default mode (`html`) has no effect,
+to avoid double-escaping. It is possible to force it with the `force` mode.
+Other modes (`htmlall`, `url`, `urlpathinfo`, `quotes`, `javascript`) may be used
+with the result you might expect, without double-escaping.
+
+Even when auto-escaping is enabled, you might want to display the content of a variable without
+escaping it. To do so, use the `|raw` modifier.
+
+Examples (with auto-escaping enabled):
+```smarty
+{* these three statements are identical *}
+{$myVar}
+{$myVar|escape}
+{$myVar|escape:'html'}
+
+{* no double-escaping on these statements *}
+{$var|escape:'htmlall'}
+{$myVar|escape:'url'}
+{$myVar|escape:'urlpathinfo'}
+{$myVar|escape:'quotes'}
+{$myVar|escape:'javascript'}
+
+{* no escaping at all *}
+{$myVar|raw}
+
+{* force double-escaping *}
+{$myVar|escape:'force'}
+```
+
 ## Disabling compile check
 By default, Smarty tests to see if the
 current template has changed since the last time

vendor/smarty/smarty/docs/designers/language-modifiers/language-modifier-escape.md

@@ -73,6 +73,6 @@ This snippet is useful for emails, but see also
 <a href="mailto:{$EmailAddress|escape:'hex'}">{$EmailAddress|escape:'mail'}</a>
 ```
 
-See also [escaping smarty parsing](../language-basic-syntax/language-escaping.md),
+See also [auto-escaping](../../api/configuring.md#enabling-auto-escaping), [escaping smarty parsing](../language-basic-syntax/language-escaping.md),
 [`{mailto}`](../language-custom-functions/language-function-mailto.md) and the [obfuscating email
-addresses](../../appendixes/tips.md#obfuscating-e-mail-addresses) page.
+addresses](../../appendixes/tips.md#obfuscating-e-mail-addresses) pages.

vendor/smarty/smarty/docs/designers/language-modifiers/language-modifier-raw.md

@@ -0,0 +1,8 @@
+# raw
+
+Prevents variable escaping when [auto-escaping](../../api/configuring.md#enabling-auto-escaping) is activated.
+
+## Basic usage
+```smarty
+{$myVar|raw}
+```

vendor/smarty/smarty/mkdocs.yml

@@ -68,6 +68,7 @@ nav:
         - 'noprint': 'designers/language-modifiers/language-modifier-noprint.md'
         - 'number_format': 'designers/language-modifiers/language-modifier-number-format.md'
         - 'nl2br': 'designers/language-modifiers/language-modifier-nl2br.md'
+        - 'raw': 'designers/language-modifiers/language-modifier-raw.md'
         - 'regex_replace': 'designers/language-modifiers/language-modifier-regex-replace.md'
         - 'replace': 'designers/language-modifiers/language-modifier-replace.md'
         - 'round': 'designers/language-modifiers/language-modifier-round.md'

vendor/smarty/smarty/src/Compile/Modifier/EscapeModifierCompiler.php

@@ -24,22 +24,32 @@ public function compile($params, \Smarty\Compiler\Template $compiler) {
 			}
 			switch ($esc_type) {
 				case 'html':
+				case 'force':
+					// in case of auto-escaping, and without the 'force' option, no double-escaping
+					if ($compiler->getSmarty()->escape_html && $esc_type != 'force')
+						return $params[0];
+					// otherwise, escape the variable
 					return 'htmlspecialchars((string)' . $params[ 0 ] . ', ENT_QUOTES, ' . var_export($char_set, true) . ', ' .
 						var_export($double_encode, true) . ')';
 				// no break
 				case 'htmlall':
+					$compiler->setRawOutput(true);
 					return 'htmlentities(mb_convert_encoding((string)' . $params[ 0 ] . ', \'UTF-8\', ' .
 						var_export($char_set, true) . '), ENT_QUOTES, \'UTF-8\', ' .
 						var_export($double_encode, true) . ')';
 				// no break
 				case 'url':
+					$compiler->setRawOutput(true);
 					return 'rawurlencode((string)' . $params[ 0 ] . ')';
 				case 'urlpathinfo':
+					$compiler->setRawOutput(true);
 					return 'str_replace("%2F", "/", rawurlencode((string)' . $params[ 0 ] . '))';
 				case 'quotes':
+					$compiler->setRawOutput(true);
 					// escape unescaped single quotes
 					return 'preg_replace("%(?<!\\\\\\\\)\'%", "\\\'", (string)' . $params[ 0 ] . ')';
 				case 'javascript':
+					$compiler->setRawOutput(true);
 					// escape quotes and backslashes, newlines, etc.
 					// see https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements
 					return 'strtr((string)' .
@@ -53,4 +63,4 @@ public function compile($params, \Smarty\Compiler\Template $compiler) {
 		}
 		return '$_smarty_tpl->getSmarty()->getModifierCallback(\'escape\')(' . join(', ', $params) . ')';
 	}
-}
+}

vendor/smarty/smarty/src/Compile/Modifier/RawModifierCompiler.php

@@ -0,0 +1,21 @@
+<?php
+namespace Smarty\Compile\Modifier;
+
+use Smarty\Exception;
+
+/**
+ * Smarty raw modifier plugin
+ * Type:     modifier
+ * Name:     raw
+ * Purpose:  when escaping is enabled by default, generates a raw output of a variable
+ *
+ * @author Amaury Bouchard
+ */
+
+class RawModifierCompiler extends Base {
+
+	public function compile($params, \Smarty\Compiler\Template $compiler) {
+		$compiler->setRawOutput(true);
+		return ($params[0]);
+	}
+}

vendor/smarty/smarty/src/Compile/ModifierCompiler.php

@@ -75,7 +75,7 @@ public function compile($args, \Smarty\Compiler\Template $compiler, $parameter =
 				}
 			}
 		}
-		return $output;
+		return (string)$output;
 	}
 
 	/**

vendor/smarty/smarty/src/Compile/PrintExpressionCompiler.php

@@ -82,12 +82,13 @@ public function compile($args, \Smarty\Compiler\Template $compiler, $parameter =
 					$output = $compiler->compileModifier($modifierlist, $output);
 				}
 
-				if ($compiler->getTemplate()->getSmarty()->escape_html) {
+				if ($compiler->getTemplate()->getSmarty()->escape_html && !$compiler->isRawOutput()) {
 					$output = "htmlspecialchars((string) ({$output}), ENT_QUOTES, '" . addslashes(\Smarty\Smarty::$_CHARSET) . "')";
 				}
 
 			}
 			$output = "<?php echo {$output};?>\n";
+			$compiler->setRawOutput(false);
 		}
 		return $output;
 	}

vendor/smarty/smarty/src/Compiler/Template.php

@@ -313,6 +313,12 @@ class Template extends BaseCompiler {
 	 */
 	private $noCacheStackDepth = 0;
 
+	/**
+	 * disabled auto-escape (when set to true, the next variable output is not auto-escaped)
+	 *
+	 * @var boolean
+	 */
+	private $raw_output = false;
 
 	/**
 	 * Initialize compiler
@@ -1486,4 +1492,21 @@ public function isNocacheActive(): bool {
 	public function getTagStack(): array {
 		return $this->_tag_stack;
 	}
+
+	/**
+	 * Should the next variable output be raw (true) or auto-escaped (false)
+	 * @return bool
+	 */
+	public function isRawOutput(): bool {
+		return $this->raw_output;
+	}
+
+	/**
+	 * Should the next variable output be raw (true) or auto-escaped (false)
+	 * @param bool $raw_output
+	 * @return void
+	 */
+	public function setRawOutput(bool $raw_output): void {
+		$this->raw_output = $raw_output;
+	}
 }

vendor/smarty/smarty/src/Extension/DefaultExtension.php

@@ -35,6 +35,7 @@ public function getModifierCompiler(string $modifier): ?\Smarty\Compile\Modifier
 			case 'lower': $this->modifiers[$modifier] = new \Smarty\Compile\Modifier\LowerModifierCompiler(); break;
 			case 'nl2br': $this->modifiers[$modifier] = new \Smarty\Compile\Modifier\Nl2brModifierCompiler(); break;
 			case 'noprint': $this->modifiers[$modifier] = new \Smarty\Compile\Modifier\NoPrintModifierCompiler(); break;
+			case 'raw': $this->modifiers[$modifier] = new \Smarty\Compile\Modifier\RawModifierCompiler(); break;
 			case 'round': $this->modifiers[$modifier] = new \Smarty\Compile\Modifier\RoundModifierCompiler(); break;
 			case 'str_repeat': $this->modifiers[$modifier] = new \Smarty\Compile\Modifier\StrRepeatModifierCompiler(); break;
 			case 'string_format': $this->modifiers[$modifier] = new \Smarty\Compile\Modifier\StringFormatModifierCompiler(); break;
@@ -753,4 +754,4 @@ public function smarty_modifier_truncate($string, $length = 80, $etc = '...', $b
 		return $string;
 	}
 
-}
+}

vendor/smarty/smarty/src/Resource/FilePlugin.php

@@ -56,11 +56,14 @@ public function populate(Source $source, Template $_template = null) {
 	 * @param Source $source source object
 	 */
 	public function populateTimestamp(Source $source) {
-		if (!$source->exists && $path = $this->getFilePath($source->name, $source->getSmarty(), $source->isConfig)) {
-			$source->timestamp = $source->exists = is_file($path);
+		$path = $this->getFilePath($source->name, $source->getSmarty(), $source->isConfig);
+		if (!$source->exists) {
+			$source->exists = ($path !== false && is_file($path));
 		}
-		if ($source->exists && $path) {
+		if ($source->exists && $path !== false) {
 			$source->timestamp = filemtime($path);
+		} else {
+			$source->timestamp = 0;
 		}
 	}
 

vendor/smarty/smarty/src/Smarty.php

@@ -54,7 +54,7 @@ class Smarty extends \Smarty\TemplateBase {
 	/**
 	 * smarty version
 	 */
-	const SMARTY_VERSION = '5.3.1';
+	const SMARTY_VERSION = '5.4.0';
 
 	/**
 	 * define caching modes

vendor/smarty/smarty/src/Template/Compiled.php

@@ -136,7 +136,7 @@ private function compileAndLoad(Template $_smarty_tpl) {
 		if ($this->exists && !$_smarty_tpl->getSmarty()->force_compile
 			&& !($_smarty_tpl->compile_check && $_smarty_tpl->getSource()->getTimeStamp() > $this->getTimeStamp())
 		) {
-			$this->loadCompiledTemplate($_smarty_tpl);
+			$this->loadCompiledTemplate($_smarty_tpl, false);
 		}
 
 		if (!$this->isValid) {
@@ -241,16 +241,19 @@ private function write(Template $_template, $code) {
 	 * HHVM requires a workaround because of a PHP incompatibility
 	 *
 	 * @param Template $_smarty_tpl do not change/remove variable name, is used by compiled template
+	 * @param bool $invalidateCachedFiles forces a revalidation of the file in opcache or apc cache (if available)
 	 *
 	 */
-	private function loadCompiledTemplate(Template $_smarty_tpl) {
-
-		if (function_exists('opcache_invalidate')
-			&& (!function_exists('ini_get') || strlen(ini_get("opcache.restrict_api")) < 1)
-		) {
-			opcache_invalidate($this->filepath, true);
-		} elseif (function_exists('apc_compile_file')) {
-			apc_compile_file($this->filepath);
+	private function loadCompiledTemplate(Template $_smarty_tpl, bool $invalidateCachedFiles = true) {
+
+		if ($invalidateCachedFiles) {
+			if (function_exists('opcache_invalidate')
+				 && (!function_exists('ini_get') || strlen(ini_get("opcache.restrict_api")) < 1)
+			) {
+				opcache_invalidate($this->filepath, true);
+			} elseif (function_exists('apc_compile_file')) {
+				apc_compile_file($this->filepath);
+			}
 		}
 		if (defined('HHVM_VERSION')) {
 			eval('?>' . file_get_contents($this->filepath));

vendor/smarty/smarty/src/debug.tpl

@@ -144,6 +144,7 @@
                         {$vars['attributes']|debug_print_var nofilter}
                     {/if}
                 </td>
+            </tr>
          {/foreach}
     </table>