File moodle-CVE-2008-1066.patch of Package moodle

Overview Repositories Revisions Requests Users Attributes Meta

File moodle-CVE-2008-1066.patch of Package moodle (Revision b28d06984dbf456090fbcb2659fd9528)

Currently displaying revision b28d06984dbf456090fbcb2659fd9528 , Show latest

Index: moodle/lib/smarty/plugins/modifier.regex_replace.php
===================================================================
--- moodle.orig/lib/smarty/plugins/modifier.regex_replace.php
+++ moodle/lib/smarty/plugins/modifier.regex_replace.php
@@ -11,9 +11,10 @@
  *
  * Type:     modifier<br>
  * Name:     regex_replace<br>
- * Purpose:  regular epxression search/replace
+ * Purpose:  regular expression search/replace
  * @link http://smarty.php.net/manual/en/language.modifier.regex.replace.php
  *          regex_replace (Smarty online manual)
+ * @author   Monte Ohrt <monte at ohrt dot com>
  * @param string
  * @param string|array
  * @param string|array
@@ -21,10 +22,13 @@
  */
 function smarty_modifier_regex_replace($string, $search, $replace)
 {
-    if (preg_match('!\W(\w+)$!s', $search, $match) && (strpos($match[1], 'e') !== false)) {
+    if (($pos = strpos($search,"\0")) !== false)
+      $search = substr($search,0,$pos);
+    if (preg_match('!([a-zA-Z\s]+)$!s', $search, $match) && (strpos($match[1], 'e') !== false)) {
         /* remove eval-modifier from $search */
-        $search = substr($search, 0, -strlen($match[1])) . str_replace('e', '', $match[1]);
+        $search = substr($search, 0, -strlen($match[1])) . preg_replace('![e\s]+!', '', $match[1]);
     }
+       
     return preg_replace($search, $replace, $string);
 }

Places

File moodle-CVE-2008-1066.patch of Package moodle (Revision b28d06984dbf456090fbcb2659fd9528)

Places