Revert "Merge branch 'dev5' into master"

This reverts commit a3c547c, reversing
changes made to 0a9c9a8.

# Conflicts:
#	bundled-libs/Smarty/CHANGELOG.md
#	bundled-libs/Smarty/libs/Smarty.class.php

bundled-libs/HTTP/Request2.php

@@ -427,7 +427,7 @@ public function getConfig($name = null)
  *
  * @return HTTP_Request2
  */
- public function setAuth($user, #[\SensitiveParameter] $password = '', $scheme = self::AUTH_BASIC)
+ public function setAuth($user, $password = '', $scheme = self::AUTH_BASIC)
  {
  if (empty($user)) {
  $this->auth = null;

bundled-libs/HTTP/Request2/Adapter/Socket.php

@@ -688,7 +688,7 @@ protected function updateChallenge(&$challenge, $headerValue)
  * @return string value of [Proxy-]Authorization request header
  * @link http://tools.ietf.org/html/rfc2617#section-3.2.2
  */
- protected function createDigestResponse($user, #[\SensitiveParameter] string $password, $url, &$challenge)
+ protected function createDigestResponse($user, $password, $url, &$challenge)
  {
  if (false !== ($q = strpos($url, '?'))
  && $this->request->getConfig('digest_compat_ie')

bundled-libs/HTTP/Request2/SOCKS5.php

@@ -92,7 +92,7 @@ public function __construct(
  * @throws HTTP_Request2_MessageException
  * @link http://tools.ietf.org/html/rfc1929
  */
- protected function performAuthentication($username, #[\SensitiveParameter] string $password)
+ protected function performAuthentication($username, $password)
  {
  $request = pack('C2', 1, strlen($username)) . $username
  . pack('C', strlen($password)) . $password;

bundled-libs/Onyx/RSS.php

@@ -63,7 +63,8 @@ function __construct($charset = 'UTF-8')
  $charset = LANG_CHARSET;
  }
  $this->parser = xml_parser_create($charset);
- if (!$this->parser || !($this->parser instanceof XMLParser))
+ $r = PHP_VERSION_ID < 80000 ? !is_resource($this->parser) : !($this->parser instanceof XMLParser); // With 8.0.0 parser expects an XMLParser instance now; previously, a resource was expected
+ if (!$this->parser || $r)
  {
  $this->raiseError((__LINE__-3), ONYX_ERR_NO_PARSER);
  return false;

bundled-libs/Smarty/CHANGELOG.md

@@ -6,19 +6,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
-## [4.5.2-Styx-dev-4] - 2024-04-07
-- see [Custom Styx features]
-
-- Fixed argument must be passed by reference error introduced in v4.5.1 [#964](https:/smarty-php/smarty/issues/964)
-
-## [4.5.1] - 2024-03-18
-
+## [4.4.1-dev-5] - 2024-05-28
+- Fixed a code injection vulnerability in extends-tag. This addresses CVE-2024-35226.
+ (Tagged as v.4.5.3)
 
-## [4.5.0] - 2024-03-18
-
-
-### Changed
-- Using unregistered static class methods in expressions now also triggers a deprecation notice because we will drop support for this in the next major release [#813](https:/smarty-php/smarty/issues/813)
+## [4.4.1-Styx-dev-4] - 2024-02-26
+- see [Custom Styx features]
 
 ## [4.4.1] - 2024-02-26
 - Fixed internal release-tooling

bundled-libs/Smarty/libs/Smarty.class.php

@@ -107,7 +107,8 @@ class Smarty extends Smarty_Internal_TemplateBase
  /**
  * smarty version
  */
- const SMARTY_VERSION = '4.5.2-dev-4';
+ const SMARTY_VERSION = '4.4.1-dev-5';
+
  /**
  * define variable scopes
  */

bundled-libs/Smarty/libs/sysplugins/smarty_internal_compile_private_modifier.php

@@ -107,11 +107,9 @@ public function compile($args, Smarty_Internal_TemplateCompilerBase $compiler, $
  if (!is_object($compiler->smarty->security_policy)
  || $compiler->smarty->security_policy->isTrustedPhpModifier($modifier, $compiler)
  ) {
- if (!in_array($modifier, ['time', 'join', 'is_array', 'in_array'])) {
- trigger_error('Using unregistered function "' . $modifier . '" in a template is deprecated and will be ' .
- 'removed in a future release. Use Smarty::registerPlugin to explicitly register ' .
- 'a custom modifier.', E_USER_DEPRECATED);
- }
+ @trigger_error('Using php-function "' . $modifier . '" as a modifier is deprecated and will be ' .
+ 'removed in a future release. Use Smarty::registerPlugin to explicitly register ' .
+ 'a custom modifier.', E_USER_DEPRECATED);
  $output = "{$modifier}({$params})";
  }
  $compiler->known_modifier_type[ $modifier ] = $type;

bundled-libs/Smarty/libs/sysplugins/smarty_internal_templatecompilerbase.php

@@ -654,17 +654,6 @@ public function compilePHPFunctionCall($name, $parameter)
  return $func_name . '(' . $parameter[ 0 ] . ')';
  }
  } else {
-
- if (
- !$this->smarty->loadPlugin('smarty_modifiercompiler_' . $name)
- && !isset($this->smarty->registered_plugins[Smarty::PLUGIN_MODIFIER][$name])
- && !in_array($name, ['time', 'join', 'is_array', 'in_array'])
- ) {
- trigger_error('Using unregistered function "' . $name . '" in a template is deprecated and will be ' .
- 'removed in a future release. Use Smarty::registerPlugin to explicitly register ' .
- 'a custom modifier.', E_USER_DEPRECATED);
- }
-
  return $name . '(' . implode(',', $parameter) . ')';
  }
  } else {

bundled-libs/Smarty/libs/sysplugins/smarty_internal_templateparser.php

@@ -2425,9 +2425,6 @@ public function yy_r99(){
  if (isset($this->smarty->registered_classes[$this->yystack[$this->yyidx + -2]->minor])) {
  $this->_retvalue = $this->smarty->registered_classes[$this->yystack[$this->yyidx + -2]->minor].'::'.$this->yystack[$this->yyidx + 0]->minor[0].$this->yystack[$this->yyidx + 0]->minor[1];
  } else {
- trigger_error('Using unregistered static method "' . $this->yystack[$this->yyidx + -2]->minor.'::'.$this->yystack[$this->yyidx + 0]->minor[0] . '" in a template is deprecated and will be ' .
- 'removed in a future release. Use Smarty::registerClass to explicitly register ' .
- 'a class for access.', E_USER_DEPRECATED);
  $this->_retvalue = $this->yystack[$this->yyidx + -2]->minor.'::'.$this->yystack[$this->yyidx + 0]->minor[0].$this->yystack[$this->yyidx + 0]->minor[1];
  } 
  } else {

bundled-libs/Smarty/libs/sysplugins/smarty_security.php

@@ -254,7 +254,6 @@ public function __construct($smarty)
  * @param string $function_name
  * @param object $compiler compiler object
  *
- * @deprecated
  * @return boolean true if function is trusted
  */
  public function isTrustedPhpFunction($function_name, $compiler)

bundled-libs/XML/RPC.php

@@ -1057,7 +1057,7 @@ function __construct($val, $fcode = 0, $fstr = '')
  {
  if ($fcode != 0) {
  $this->fn = $fcode;
- $this->fs = htmlspecialchars($fstr);
+ $this->fs = serendipity_specialchars($fstr);
  } else {
  $this->xv = $val;
  }
@@ -1452,7 +1452,7 @@ function parseResponse($data = '')
  $hdrfnd = 0;
  if ($this->debug) {
  print "\n<pre>---GOT---\n";
- print isset($_SERVER['SERVER_PROTOCOL']) ? htmlspecialchars($data) : $data;
+ print isset($_SERVER['SERVER_PROTOCOL']) ? serendipity_specialchars($data) : $data;
  print "\n---END---</pre>\n";
  }
 
@@ -1708,7 +1708,7 @@ function serializedata($typ, $val)
  $rs .= "<struct>\n";
  reset($val);
  foreach ($val as $key2 => $val2) {
- $rs .= "<member><name>" . htmlspecialchars($key2) . "</name>\n";
+ $rs .= "<member><name>" . serendipity_specialchars($key2) . "</name>\n";
  $rs .= $this->serializeval($val2);
  $rs .= "</member>\n";
  }
@@ -1733,7 +1733,7 @@ function serializedata($typ, $val)
  $rs .= "<{$typ}>" . ($val ? '1' : '0') . "</{$typ}>";
  break;
  case $GLOBALS['XML_RPC_String']:
- $rs .= "<{$typ}>" . htmlspecialchars($val). "</{$typ}>";
+ $rs .= "<{$typ}>" . serendipity_specialchars($val). "</{$typ}>";
  break;
  default:
  $rs .= "<{$typ}>{$val}</{$typ}>";

bundled-libs/simplepie/SimplePie.php

@@ -691,6 +691,11 @@ class SimplePie
  */
  public function __construct()
  {
+ if (version_compare(PHP_VERSION, '7.2', '<')) {
+ trigger_error('Please upgrade to PHP 7.2 or newer.');
+ die();
+ }
+
  $this->set_useragent();
 
  $this->set_cache_namefilter(new CallableNameFilter($this->cache_name_function));
@@ -9540,7 +9545,12 @@ public function get_local_date($date_format = '%c')
  if (!$date_format) {
  return $this->sanitize($this->get_date(''), \SimplePie\SimplePie::CONSTRUCT_TEXT);
  } elseif (($date = $this->get_date('U')) !== null && $date !== false) {
- $out = serendipity_toDateTimeMapper($date_format, $date, WYSIWYG_LANG);
+ if (PHP_VERSION_ICU === true) {
+ // ICU71 is fixed up from PHP 8.2
+ $out = serendipity_toDateTimeMapper($date_format, $date, WYSIWYG_LANG);
+ } else {
+ $out = @strftime($date_format, $date); // replace strftime() before PHP 9
+ }
  return $out;
  }
 

comment.php

@@ -2,8 +2,6 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved. See LICENSE file for licensing details
 
-declare(strict_types=1);
-
 # Developer
 #if ($_REQUEST['type'] == 'trackback') die('Disabled');
 
@@ -147,7 +145,7 @@
  $serendipity['smarty']->assign(
  array(
  'is_comment_added' => true,
- 'comment_url' => htmlspecialchars($_GET['url']) . '&serendipity[entry_id]=' . $id,
+ 'comment_url' => serendipity_specialchars($_GET['url']) . '&serendipity[entry_id]=' . $id,
  'comment_string' => explode('%s', COMMENT_ADDED_CLICK)
  )
  );
@@ -218,7 +216,7 @@
  $serendipity['smarty']->assign(
  array(
  'is_comment_notadded' => true,
- 'comment_url' => htmlspecialchars($_SERVER['HTTP_REFERER']),
+ 'comment_url' => serendipity_specialchars($_SERVER['HTTP_REFERER']),
  'comment_string' => explode('%s', COMMENT_NOT_ADDED_CLICK)
  )
  );
@@ -227,7 +225,7 @@
  $serendipity['smarty']->assign(
  array(
  'is_comment_empty' => true,
- 'comment_url' => htmlspecialchars($_SERVER['HTTP_REFERER']),
+ 'comment_url' => serendipity_specialchars($_SERVER['HTTP_REFERER']),
  'comment_string' => explode('%s', EMPTY_COMMENT)
  )
  );

docs/NEWS

@@ -2742,7 +2742,7 @@ Version 3.0.0 (May, 28th 2020)
  * PHP and JavaScript set Sessions and Cookies DO now SET the "sameSite"
  attribute. Inbound JS Libraries were changed or replaced to support this.
  This regards upcoming Browser changes [ Mozilla 76+, Chromium 80+, ..]
- internally handling and changing the default “sameSite” attribute.
+ internally handling and changing the default �sameSite� attribute.
  To avoid future Browser Revisions to reject old Cookies without, this for
  now was hard set wherever possible.
  This raises the PHP requirement to PHP >= 7.3.0.
@@ -2871,7 +2871,7 @@ Version 3.0.0 (May, 28th 2020)
  To focus on details for utf8mb4_unicode_ci/utf8mb4_unicode_520_ci,
  there are problems with sorting/comparing certain letters which have
  a stroke for example. (This and other examples apply to languages like
- polish, czech, greek, turkish, german (i.e. ß=ss), etc., just to name few.)
+ polish, czech, greek, turkish, german (i.e. �=ss), etc., just to name few.)
  For these cases and languages, the sorting Algorithm does return different
  ordered resultsets, depending the collation used, appending sort results
  before, after, or at the same place as the normal letter.
@@ -5863,7 +5863,7 @@ Version 2.1-beta1 Styx (September 3rd, 2016)
  see here, this is NOT trivial to change and error prone, to
  be that robust as it has ever been.
 
- 2. To set the connection’s COLLATION to "unicode" instead of
+ 2. To set the connection�s COLLATION to "unicode" instead of
  "general" you have to convert these tables by using "SET NAMES
  ... COLLATE ...".
  You only need to use this better "utf8_unicode_ci" collation
@@ -5879,7 +5879,7 @@ Version 2.1-beta1 Styx (September 3rd, 2016)
  By default a new Serendipity (UTF-8) installation should already
  be set to use the "utf8_unicode_ci" collation.
 
- (*) Likewise ß=ss; utf8_unicode_ci uses the Unicode Collation
+ (*) Likewise �=ss; utf8_unicode_ci uses the Unicode Collation
  Algorithm as defined in the Unicode standards, whereas
  utf8_general_ci is a more simple sort order which results
  in "less accurate" sorting results.
@@ -5903,7 +5903,7 @@ Version 2.1-beta1 Styx (September 3rd, 2016)
  The unset Serendipity option, NOT to use SET NAMES, enables a
  better automated, modern handshake between server and database.
  At this point, these characters and symbols are actually stored
- in native UTF-8, eg. 'Ã'+'¼' for "ü".
+ in native UTF-8, eg. '�'+'�' for "�".
  But since there are way too much possible settings/issues
  around, which may play a role, and not have been mentioned
  here, please see this approach as "EXPERIMENTAL" and at your

exit.php

@@ -2,8 +2,6 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved. See LICENSE file for licensing details
 
-declare(strict_types=1);
-
 include 'serendipity_config.inc.php';
 
 $url = $serendipity['baseURL'];

include/admin/category.inc.php

@@ -2,8 +2,6 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved. See LICENSE file for licensing details
 
-declare(strict_types=1);
-
 if (IN_serendipity !== true) {
  die ("Don't hack!");
 }
@@ -69,7 +67,7 @@
  if (is_array($r)) {
  $r = serendipity_db_query("SELECT category_name FROM {$serendipity['dbPrefix']}category
  WHERE categoryid = ". (int)$parentid);
- $data['subcat'] = sprintf(ALREADY_SUBCATEGORY, htmlspecialchars($r[0]['category_name']), htmlspecialchars($name));
+ $data['subcat'] = sprintf(ALREADY_SUBCATEGORY, serendipity_specialchars($r[0]['category_name']), serendipity_specialchars($name));
  } else {
  $_sort_order = $serendipity['POST']['cat']['sort_order'] ?? 0;
  $_hide_sub = $serendipity['POST']['cat']['hide_sub'] ?? 0;
@@ -218,7 +216,7 @@
  if (empty($admin_category)) {
  $cats = serendipity_fetchCategories('all');
  } else {
- $cats = serendipity_fetchCategories(); // $serendipity['authorid'] is added inside - only use per given parameter, when current user is different to meant user!!
+ $cats = serendipity_fetchCategories(null, null, null, 'write'); // $serendipity['authorid'] is added in there - only use per given parameter, when current user is different to meant user!!
  }
  $data['view'] = true;
  $data['viewCats'] = $cats;
@@ -236,7 +234,7 @@
  : (
  (serendipity_checkPermission('adminEntriesMaintainOthers') && serendipity_checkPermission('adminCategoriesMaintainOthers'))
  ? GROUP . ': <span class="icon-users chief" title="' . USERLEVEL_CHIEF_DESC . '" aria-hidden="true"></span> +'
- : AUTHOR . ': ' .htmlspecialchars($serendipity['serendipityUser'])
+ : AUTHOR . ': ' .serendipity_specialchars($serendipity['serendipityUser'])
  );
  }
 }