- bugfix removed security hole when using {$smarty.template}

uwetews · uwetews · commit 0154f17de2b2 · 2011-02-09T17:50:05.000Z
diff --git a/change_log.txt b/change_log.txt
@@ -1,4 +1,7 @@
 ===== SVN trunk  =====
+09/02/2011
+- bugfix removed security hole when using {$smarty.template}
+
 01/02/2011
 - removed assert() from config and template parser
 
diff --git a/libs/sysplugins/smarty_internal_compile_private_special_variable.php b/libs/sysplugins/smarty_internal_compile_private_special_variable.php
@@ -56,12 +56,10 @@ public function compile($args, $compiler, $parameter)
                 break;
 
             case 'template':
-                $_template_name = basename($compiler->template->getTemplateFilepath());
-                return "'$_template_name'";
+                return 'basename($_smarty_tpl->getTemplateFilepath())';
 
             case 'current_dir':
-                $_template_dir_name = dirname($compiler->template->getTemplateFilepath());
-                return "'$_template_dir_name'";
+                return 'dirname($_smarty_tpl->getTemplateFilepath())';
 
             case 'version':
                 $_version = Smarty::SMARTY_VERSION;
