Headline
CVE-2022-0323: Fix CVE-2022-0323 (improper neutralization of section names) · bobthecow/mustache.php@579ffa5
Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1.
@@ -320,7 +320,6 @@ private function block($nodes) }
const SECTION_CALL = ' // %s section $value = $context->%s(%s);%s $buffer .= $this->section%s($context, $indent, $value); '; @@ -391,11 +390,10 @@ private function section($nodes, $id, $filters, $start, $end, $otag, $ctag, $lev $id = var_export($id, true); $filters = $this->getFilters($filters, $level);
return sprintf($this->prepare(self::SECTION_CALL, $level), $id, $method, $id, $filters, $key); return sprintf($this->prepare(self::SECTION_CALL, $level), $method, $id, $filters, $key); }
const INVERTED_SECTION = ' // %s inverted section $value = $context->%s(%s);%s if (empty($value)) { %s @@ -418,7 +416,7 @@ private function invertedSection($nodes, $id, $filters, $level) $id = var_export($id, true); $filters = $this->getFilters($filters, $level);
return sprintf($this->prepare(self::INVERTED_SECTION, $level), $id, $method, $id, $filters, $this->walk($nodes, $level)); return sprintf($this->prepare(self::INVERTED_SECTION, $level), $method, $id, $filters, $this->walk($nodes, $level)); }
const PARTIAL_INDENT = ', $indent . %s’;