Skip to content

Releases: smarty-php/smarty

v3.1.48

28 Mar 19:49
Compare
Choose a tag to compare

Security

  • Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447.

Fixed

  • Output buffer is now cleaned for internal PHP errors as well, not just for Exceptions #514

v4.3.0

22 Nov 21:48
Compare
Choose a tag to compare

What's Changed

  • clean output buffer for Throwable instead of just Exception by @wisskid in #797
  • Fix wrong indentation in libs/plugins/modifier.capitalize.php by @MrPetovan in #802
  • fix compilation for caching templates by @Storyxx in #801
  • Fix Variable Expression by @JonisoftGermany in #808
  • Silence deprecation errors for strtime in PHP8.1 or higher by @wisskid in #811
  • Fixed PHP8.1 deprecation errors passing null to parameter in trim by @IT-Experte in #807
  • Re-organize all testrunners to use the same script(s). by @wisskid in #812
  • Fixed PHP8.1 deprecation errors in strip_tags by @wisskid in #803
  • #155 Adapt Smarty upper/lower functions to be codesafe (e.g. for Turkish locale) by @asmecher in #586
  • Bug fix for underscore in template name by @EDCScott in #581
  • Using PHP functions as modifiers now triggers a deprecation notice. by @wisskid in #814
  • Use 'DIR' instead of 'dirname(FILE)' by @MekDrop in #817
  • Fixed several typos and grammar errors by @AndrewDawes in #821
  • PHP8.2 compatibility by @Progi1984 in #775
  • Make SmartyCompilerException play nicer with error handler libraries by @Hunman in #782
  • Change file permissions for directories and respect umask for files by @wisskid in #828

New Contributors

Full Changelog: v4.2.1...v4.3.0

v4.2.1

14 Sep 11:32
Compare
Choose a tag to compare

If you use the {mailto} plugin in your templates, please check if you are escaping the address value explicitly like this {mailto address=$htmladdress|escape}. This could cause problems through double escaping.

What's Changed

Security

  • Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks #454

Fixed

  • Fixed PHP8.1 deprecation errors in modifiers (upper, explode, number_format and replace) #755 and #788
  • Fixed PHP8.1 deprecation errors in capitalize modifier #789
  • Fixed use of rand() without a parameter in math function #794
  • Fixed unselected year/month/day not working in html_select_date #395

New Contributors

Full Changelog: v4.2.0...v4.2.1

v3.1.47

14 Sep 11:32
Compare
Choose a tag to compare

If you use the {mailto} plugin in your templates, please check if you are escaping the address value explicitly like this {mailto address=$htmladdress|escape}. This could cause problems through double escaping.

Security

  • Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks #454

Fixed

  • Fixed use of rand() without a parameter in math function #794
  • Fixed unselected year/month/day not working in html_select_date #395

v4.2.0

01 Aug 21:59
Compare
Choose a tag to compare

What's Changed

  • add local testrunners for all supported PHP versions using docker. by @wisskid in #770
  • Fix PHP 8.1 htmlspecialchars deprecation by @gkreitz in #766
  • Do not use obsolete smarty properties '_dir_perms', '_file_perms', 'p… by @wisskid in #772
  • Update to HTML5-syntax in debug template by @JonisoftGermany in #599
  • Merge branch 'fix-issue-549-v3' of github.com:AnrDaemon/smarty into A… by @wisskid in #771
  • Fixed second param of unescape modifier by @wisskid in #778

New Contributors

Full Changelog: v4.1.1...v4.2.0

v3.1.46

01 Aug 21:59
Compare
Choose a tag to compare

What's Changed

  • Fixed replace modifier by converting encoding if needed by @AnrDaemon in #740
  • Fixed second param of unescape modifier by @wisskid in #779

Full Changelog: v3.1.45...v3.1.46

v4.1.1

17 May 12:59
Compare
Choose a tag to compare

Security

  • Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022-29221

Fixed

  • Exclude docs and demo from export and composer #751
  • PHP 8.1 deprecation notices in demo/plugins/cacheresource.pdo.php #706
  • PHP 8.1 deprecation notices in truncate modifier #699
  • Math equation max(x, y) didn't work anymore #721
  • Fix PHP 8.1 deprecated warning when calling rtrim #743
  • PHP 8.1: fix deprecation in escape modifier #727

v3.1.45

17 May 12:59
Compare
Choose a tag to compare

Security

  • Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022-29221

Fixed

  • Math equation max(x, y) didn't work anymore #721

v4.1.0

06 Feb 20:35
Compare
Choose a tag to compare

Added support for PHP 8.1.

What's Changed

  • PHP 8.1 compatibility (without IntlDateFormatter) by @thirsch in #713
  • Updating PHP 8.0 to 8.1 in the docs. by @thirsch in #717

Full Changelog: v4.0.4...v4.1.0

v4.0.4

17 Jan 23:18
Compare
Choose a tag to compare

What's Changed

  • Support multiple operators in math equations by @caugner in #708

Full Changelog: v4.0.3...v4.0.4