v4.4.1

Full Changelog: v4.4.0...v4.4.1

v4.4.0

What's Changed

• Fix incorrect compilation of expressions when escape_html=true by @wisskid in #932
• Prevent deprecation notices for implode, json_encode and substr modif… by @wisskid in #942

Full Changelog: v4.3.5...v4.4.0

v5.0.0-rc2

What's Changed

• Fix strip_tags modifier for falsy input. by @wisskid in #893
• Smarty5 by @wisskid in #852
• Fix use of negative numbers in math equations. by @wisskid in #903
• Fix case-sensitive tag names (#907) by @Jack-Dane in #910
• Typos in documentation by @shadowwa in #914
• Do not auto-html-escape custom function results. by @wisskid in #908

New Contributors

• @Jack-Dane made their first contribution in #910
• @shadowwa made their first contribution in #914

Full Changelog: v4.3.2...v5.0.0-rc2

v4.3.4

What's Changed

• Fix strip_tags modifier for falsy input. by @wisskid in #893
• Fix use of negative numbers in math equations (4.3 port of #903) by @wisskid in #904

Full Changelog: v4.3.2...v4.3.4

v4.3.2

What's Changed

• Remove md5 modifier from debug.tpl by @j-applese3d in #871
• muteUndefinedOrNullWarnings() now also mutes PHP8 warnings for undefi… by @wisskid in #891

New Contributors

• @j-applese3d made their first contribution in #871

Full Changelog: v4.3.1...v4.3.2

v4.3.1

Security

• Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447.

Fixed

• $smarty->muteUndefinedOrNullWarnings() now also mutes PHP7 notices for undefined array indexes #736
• $smarty->muteUndefinedOrNullWarnings() now treats undefined vars and array access of a null or false variables
  equivalent across all supported PHP versions
• $smarty->muteUndefinedOrNullWarnings() now allows dereferencing of non-objects across all supported PHP versions #831
• PHP 8.1 deprecation warnings on null strings in modifiers #834

v3.1.48

Security

• Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447.

Fixed

• Output buffer is now cleaned for internal PHP errors as well, not just for Exceptions #514

v4.3.0

What's Changed

• clean output buffer for Throwable instead of just Exception by @wisskid in #797
• Fix wrong indentation in libs/plugins/modifier.capitalize.php by @MrPetovan in #802
• fix compilation for caching templates by @Storyxx in #801
• Fix Variable Expression by @JonisoftGermany in #808
• Silence deprecation errors for strtime in PHP8.1 or higher by @wisskid in #811
• Fixed PHP8.1 deprecation errors passing null to parameter in trim by @IT-Experte in #807
• Re-organize all testrunners to use the same script(s). by @wisskid in #812
• Fixed PHP8.1 deprecation errors in strip_tags by @wisskid in #803
• #155 Adapt Smarty upper/lower functions to be codesafe (e.g. for Turkish locale) by @asmecher in #586
• Bug fix for underscore in template name by @EDCScott in #581
• Using PHP functions as modifiers now triggers a deprecation notice. by @wisskid in #814
• Use 'DIR' instead of 'dirname(FILE)' by @MekDrop in #817
• Fixed several typos and grammar errors by @AndrewDawes in #821
• PHP8.2 compatibility by @Progi1984 in #775
• Make SmartyCompilerException play nicer with error handler libraries by @Hunman in #782
• Change file permissions for directories and respect umask for files by @wisskid in #828

New Contributors

• @MrPetovan made their first contribution in #802
• @Storyxx made their first contribution in #801
• @asmecher made their first contribution in #586
• @EDCScott made their first contribution in #581
• @MekDrop made their first contribution in #817
• @AndrewDawes made their first contribution in #821
• @Progi1984 made their first contribution in #775

Full Changelog: v4.2.1...v4.3.0

v4.2.1

If you use the {mailto} plugin in your templates, please check if you are escaping the address value explicitly like this {mailto address=$htmladdress|escape}. This could cause problems through double escaping.

What's Changed

Security

• Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks #454

Fixed

• Fixed PHP8.1 deprecation errors in modifiers (upper, explode, number_format and replace) #755 and #788
• Fixed PHP8.1 deprecation errors in capitalize modifier #789
• Fixed use of rand() without a parameter in math function #794
• Fixed unselected year/month/day not working in html_select_date #395

New Contributors

• @mfettig made their first contribution in #755

Full Changelog: v4.2.0...v4.2.1

v3.1.47

If you use the {mailto} plugin in your templates, please check if you are escaping the address value explicitly like this {mailto address=$htmladdress|escape}. This could cause problems through double escaping.

Security

• Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks #454

Fixed

• Fixed use of rand() without a parameter in math function #794
• Fixed unselected year/month/day not working in html_select_date #395