Releases: smarty-php/smarty
Releases · smarty-php/smarty
v4.4.1
Full Changelog: v4.4.0...v4.4.1
v4.4.0
v5.0.0-rc2
What's Changed
- Fix strip_tags modifier for falsy input. by @wisskid in #893
- Smarty5 by @wisskid in #852
- Fix use of negative numbers in math equations. by @wisskid in #903
- Fix case-sensitive tag names (#907) by @Jack-Dane in #910
- Typos in documentation by @shadowwa in #914
- Do not auto-html-escape custom function results. by @wisskid in #908
New Contributors
- @Jack-Dane made their first contribution in #910
- @shadowwa made their first contribution in #914
Full Changelog: v4.3.2...v5.0.0-rc2
v4.3.4
v4.3.2
What's Changed
- Remove
md5
modifier from debug.tpl by @j-applese3d in #871 - muteUndefinedOrNullWarnings() now also mutes PHP8 warnings for undefi… by @wisskid in #891
New Contributors
- @j-applese3d made their first contribution in #871
Full Changelog: v4.3.1...v4.3.2
v4.3.1
Security
- Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447.
Fixed
$smarty->muteUndefinedOrNullWarnings()
now also mutes PHP7 notices for undefined array indexes #736$smarty->muteUndefinedOrNullWarnings()
now treats undefined vars and array access of a null or false variables
equivalent across all supported PHP versions$smarty->muteUndefinedOrNullWarnings()
now allows dereferencing of non-objects across all supported PHP versions #831- PHP 8.1 deprecation warnings on null strings in modifiers #834
v3.1.48
v4.3.0
What's Changed
- clean output buffer for Throwable instead of just Exception by @wisskid in #797
- Fix wrong indentation in libs/plugins/modifier.capitalize.php by @MrPetovan in #802
- fix compilation for caching templates by @Storyxx in #801
- Fix Variable Expression by @JonisoftGermany in #808
- Silence deprecation errors for strtime in PHP8.1 or higher by @wisskid in #811
- Fixed PHP8.1 deprecation errors passing null to parameter in trim by @IT-Experte in #807
- Re-organize all testrunners to use the same script(s). by @wisskid in #812
- Fixed PHP8.1 deprecation errors in strip_tags by @wisskid in #803
- #155 Adapt Smarty upper/lower functions to be codesafe (e.g. for Turkish locale) by @asmecher in #586
- Bug fix for underscore in template name by @EDCScott in #581
- Using PHP functions as modifiers now triggers a deprecation notice. by @wisskid in #814
- Use 'DIR' instead of 'dirname(FILE)' by @MekDrop in #817
- Fixed several typos and grammar errors by @AndrewDawes in #821
- PHP8.2 compatibility by @Progi1984 in #775
- Make SmartyCompilerException play nicer with error handler libraries by @Hunman in #782
- Change file permissions for directories and respect umask for files by @wisskid in #828
New Contributors
- @MrPetovan made their first contribution in #802
- @Storyxx made their first contribution in #801
- @asmecher made their first contribution in #586
- @EDCScott made their first contribution in #581
- @MekDrop made their first contribution in #817
- @AndrewDawes made their first contribution in #821
- @Progi1984 made their first contribution in #775
Full Changelog: v4.2.1...v4.3.0
v4.2.1
If you use the {mailto} plugin in your templates, please check if you are escaping the address value explicitly like this {mailto address=$htmladdress|escape}
. This could cause problems through double escaping.
What's Changed
Security
- Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks #454
Fixed
- Fixed PHP8.1 deprecation errors in modifiers (upper, explode, number_format and replace) #755 and #788
- Fixed PHP8.1 deprecation errors in capitalize modifier #789
- Fixed use of
rand()
without a parameter in math function #794 - Fixed unselected year/month/day not working in html_select_date #395
New Contributors
Full Changelog: v4.2.0...v4.2.1
v3.1.47
If you use the {mailto} plugin in your templates, please check if you are escaping the address value explicitly like this {mailto address=$htmladdress|escape}
. This could cause problems through double escaping.
Security
- Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks #454