| Server IP : 78.140.185.180 / Your IP : 3.12.34.36 Web Server : LiteSpeed System : Linux cpanel13.v.fozzy.com 4.18.0-513.11.1.lve.el8.x86_64 #1 SMP Thu Jan 18 16:21:02 UTC 2024 x86_64 User : builderbox ( 1072) PHP Version : 7.3.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /var/softaculous/smarty/ |
Upload File : |
## [4.3.2] - 2023-07-19
### Fixed
- `$smarty->muteUndefinedOrNullWarnings()` now also mutes PHP8 warnings for undefined properties
## [4.3.1] - 2023-03-28
### Security
- Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447.
### Fixed
- `$smarty->muteUndefinedOrNullWarnings()` now also mutes PHP7 notices for undefined array indexes [#736](https://github.com/smarty-php/smarty/issues/736)
- `$smarty->muteUndefinedOrNullWarnings()` now treats undefined vars and array access of a null or false variables
equivalent across all supported PHP versions
- `$smarty->muteUndefinedOrNullWarnings()` now allows dereferencing of non-objects across all supported PHP versions [#831](https://github.com/smarty-php/smarty/issues/831)
- PHP 8.1 deprecation warnings on null strings in modifiers [#834](https://github.com/smarty-php/smarty/pull/834)
## [4.3.0] - 2022-11-22
### Added
- PHP8.2 compatibility [#775](https://github.com/smarty-php/smarty/pull/775)
### Changed
- Include docs and demo in the releases [#799](https://github.com/smarty-php/smarty/issues/799)
- Using PHP functions as modifiers now triggers a deprecation notice because we will drop support for this in the next major release [#813](https://github.com/smarty-php/smarty/issues/813)
- Dropped remaining references to removed PHP-support in Smarty 4 from docs, lexer and security class. [#816](https://github.com/smarty-php/smarty/issues/816)
- Support umask when writing (template) files and set dir permissions to 777 [#548](https://github.com/smarty-php/smarty/issues/548) [#819](https://github.com/smarty-php/smarty/issues/819)
### Fixed
- Output buffer is now cleaned for internal PHP errors as well, not just for Exceptions [#514](https://github.com/smarty-php/smarty/issues/514)
- Fixed recursion and out of memory errors when caching in complicated template set-ups using inheritance and includes [#801](https://github.com/smarty-php/smarty/pull/801)
- Fixed PHP8.1 deprecation errors in strip_tags
- Fix Variable Usage in Exception message when unable to load subtemplate [#808](https://github.com/smarty-php/smarty/pull/808)
- Fixed PHP8.1 deprecation notices for strftime [#672](https://github.com/smarty-php/smarty/issues/672)
- Fixed PHP8.1 deprecation errors passing null to parameter in trim [#807](https://github.com/smarty-php/smarty/pull/807)
- Adapt Smarty upper/lower functions to be codesafe (e.g. for Turkish locale) [#586](https://github.com/smarty-php/smarty/pull/586)
- Bug fix for underscore and limited length in template name in custom resources [#581](https://github.com/smarty-php/smarty/pull/581)
## [4.2.1] - 2022-09-14
### Security
- Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks [#454](https://github.com/smarty-php/smarty/issues/454)
### Fixed
- Fixed PHP8.1 deprecation errors in modifiers (upper, explode, number_format and replace) [#755](https://github.com/smarty-php/smarty/pull/755) and [#788](https://github.com/smarty-php/smarty/pull/788)
- Fixed PHP8.1 deprecation errors in capitalize modifier [#789](https://github.com/smarty-php/smarty/issues/789)
- Fixed use of `rand()` without a parameter in math function [#794](https://github.com/smarty-php/smarty/issues/794)
- Fixed unselected year/month/day not working in html_select_date [#395](https://github.com/smarty-php/smarty/issues/395)
[4.1.0] - 2022-02-06
Added
PHP8.1 compatibility #713
[4.0.4] - 2022-01-18
Fixed
Fixed illegal characters bug in math function security check #702
[4.0.3] - 2022-01-10
Security
Prevent evasion of the static_classes security policy. This addresses CVE-2021-21408
[4.0.2] - 2022-01-10
Security
Prevent arbitrary PHP code execution through maliciously crafted expression for the math function. This addresses CVE-2021-29454
[4.0.1] - 2022-01-09
Security
Rewrote the mailto function to not use eval when encoding with javascript
[4.0.0] - 2021-11-25
[4.0.0-rc.0] - 2021-10-13
Added
You can now use $smarty->muteUndefinedOrNullWarnings() to activate convert warnings about undefined or null template vars to notices when running PHP8
Changed
Switch CI from Travis to Github CI
Updated unit tests to avoid skipped and risky test warnings
Removed
Dropped support for PHP7.0 and below, so Smarty now requires PHP >=7.1
Dropped support for php asp tags in templates (removed from php since php7.0)
Dropped deprecated API calls that where only accessible through SmartyBC
Dropped support for {php} and {include_php} tags and embedded PHP in templates. Embedded PHP will now be passed through as is.
Removed all PHP_VERSION_ID and compare_version checks and conditional code blocks that are now no longer required
Dropped deprecated SMARTY_RESOURCE_CHAR_SET and SMARTY_RESOURCE_DATE_FORMAT constants
Dropped deprecated Smarty::muteExpectedErrors and Smarty::unmuteExpectedErrors API methods
Dropped deprecated $smarty->getVariable() method. Use $smarty->getTemplateVars() instead.
$smarty->registerResource() no longer accepts an array of callback functions
[3.1.40] - 2021-10-13
Changed
modifier escape now triggers a E_USER_NOTICE when an unsupported escape type is used https://github.com/smarty-php/smarty/pull/649
Security
More advanced javascript escaping to handle https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements thanks to m-haritonov