Giter Site home page Giter Site logo

smarty-db-resource's Introduction

License GitHub release Maintainability PHP Packagist

Smarty DB resource

Smarty resource plugin that can read templates from database.

This plugin is inspired but similar from Xoops - resource.db.

Installation

To install and use this package, we recommend to use Composer:

composer require imponeer/smarty-db-resource

Otherwise, you need to include manually files from src/ directory.

Registering in Smarty

If you want to use these extensions from this package in your project you need register them with registerResource function from Smarty. For example:

$smarty = new \Smarty();
$plugin = new \Imponeer\Smarty\Extensions\DBResource\DBResource(
    $pdo, // PDO compatible database connection
    'default', // current template set name
    'tplfile',
    'tpl_source',
    'tpl_lastmodified',
    'tpl_tplset',
    'tpl_file',
    function (array $row): string { // function that converts database row info into string of real file
       return $row['file'];
    },
    'default'
);
$smarty->registerResource($plugin->getName(), $plugin);

Using from templates

To use this resource from templates, you need to use db: prefix when accessing files. For example :

  {include file="db:/images/image.tpl"}

How to contribute?

If you want to add some functionality or fix bugs, you can fork, change and create pull request. If you not sure how this works, try interactive GitHub tutorial.

If you found any bug or have some questions, use issues tab and write there your questions.

smarty-db-resource's People

Contributors

dependabot[bot] avatar fiammybe avatar mekdrop avatar mend-bolt-for-github[bot] avatar

Watchers

 avatar  avatar  avatar

smarty-db-resource's Issues

CVE-2022-29221 (High) detected in smarty/smarty-v3.1.44

CVE-2022-29221 - High Severity Vulnerability

Vulnerable Library - smarty/smarty-v3.1.44

Smarty - the compiling PHP template engine

Library home page: https://api.github.com/repos/smarty-php/smarty/zipball/99085d8dc65eeb5e55ae3cba74d3dc6b3bb0205e

Dependency Hierarchy:

  • imponeer/smarty-extensions-contracts-v1.0.0 (Root Library)
    • โŒ smarty/smarty-v3.1.44 (Vulnerable Library)

Found in base branch: main

Vulnerability Details

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.

Publish Date: 2022-05-24

URL: CVE-2022-29221

CVSS 3 Score Details (8.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-634x-pc3q-cf4c

Release Date: 2022-05-24

Fix Resolution: v3.1.45;v4.1.1


Step up your Open Source Security Game with Mend here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.