Your message dated Fri, 17 May 2013 11:43:14 +0000 with message-id <[email protected]> and subject line Bug#707941: Removed package(s) from unstable has caused the Debian Bug report #573389, regarding Smarty_Compiler.class.php in Debian package fails to handle single quotes properly to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 573389: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573389 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: gallery2 Version: 2.3.1.dfsg-1~bpo50+1 Severity: important The Debian version of /usr/share/gallery2/lib/smarty/Smarty_Compiler.class.php differs from the stock gallery2 2.3.1 version of the file, and it fails when there are single quotes (') in templates, leading to errors such as: Parse error: syntax error, unexpected T_STRING, expecting ')' in /var/www/user-rw/gallery2-349gl0289gys/smarty/templates_c/%%626616196/matrix/%%26^261^2615E4E5%%AdminPlugins.tpl.php on line 173 When trying to access Site Admin > Plugins via the web interface of gallery2. The diff from the Debian version to the stock 2.3.1 version is: --- /usr/share/gallery2/lib/smarty/Smarty_Compiler.class.php 2009-10-25 15:19:04.000000000 +0000 +++ Smarty_Compiler.class.php 2008-10-16 07:35:13.000000000 +0100 @@ -1695,12 +1695,7 @@ $_return = $var_expr; } // replace double quoted literal string with single quotes - - // The follwoing line has been replaced to close a function injection security hole (U.Tews) - // $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return); - $_return = str_replace('"',"'",$_return); - // escape dollar sign if not printing a var - $_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return); + $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return); return $_return; } Replacing the Debian version with the stock version allows things to work properly once more, once you've used Maintenance > Delete template cache. The stock version uses double-quotes (") around the strings it is handling, the Debian version uses single-quotes ('), without thinking to escape such single quotes in the text, and this is the cause of the problem. -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.33-fysh-kvmguest (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages gallery2 depends on: ii apache2 2.2.9-10+lenny6 Apache HTTP Server metapackage ii apache2-mpm-pre 2.2.9-10+lenny6 Apache HTTP Server - traditional n ii debconf [debcon 1.5.24 Debian configuration management sy ii imagemagick 7:6.3.7.9.dfsg2-1~lenny3 image manipulation programs ii libapache2-mod- 5.2.6.dfsg.1-1+lenny6 server-side, HTML-embedded scripti ii libphp-adodb 5.05-1 The ADOdb database abstraction lay ii mysql-client-5. 5.0.51a-24+lenny3 MySQL database client binaries ii netpbm 2:10.0-12 Graphics conversion tools ii php5 5.2.6.dfsg.1-1+lenny6 server-side, HTML-embedded scripti ii php5-cgi 5.2.6.dfsg.1-1+lenny6 server-side, HTML-embedded scripti ii php5-mysql 5.2.6.dfsg.1-1+lenny6 MySQL module for php5 ii php5-pgsql 5.2.6.dfsg.1-1+lenny6 PostgreSQL module for php5 ii postgresql-clie 8.3.9-0lenny1 front-end programs for PostgreSQL ii smarty 2.6.20-1.2 Template engine for PHP ii wwwconfig-commo 0.1.2 Debian web auto configuration Versions of packages gallery2 recommends: ii dcraw 8.86-1 decode raw digital camera images ii ffmpeg 0.svn20080206-18+lenny1 multimedia player, server and enco ii jhead 2.84-2 manipulate the non-image part of E ii libjpeg-progs 6b-14 Programs for manipulating JPEG fil ii php5-gd 5.2.6.dfsg.1-1+lenny6 GD module for php5 ii unzip 5.52-12 De-archiver for .zip files ii zip 2.32-1 Archiver for .zip files Versions of packages gallery2 suggests: pn mysql-server-5.0 | mysql-serv <none> (no description available) -- debconf information: gallery2/mysql/dbadmpass: (password omitted) gallery2/webserver_type: apache, apache-ssl, apache-perl, apache2 gallery2/mysql/dbname: gallery2 * gallery2/mysql/dbserver: db.fysh.org gallery2/mysql/configure: true * gallery2/restart-webserver: false gallery2/purge: true * gallery2/mysql/dbadmin: root
--- End Message ---
--- Begin Message ---Version: 2.3.2.dfsg-1+rm Dear submitter, as the package gallery2 has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see http://bugs.debian.org/707941 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]. Debian distribution maintenance software pp. Luca Falavigna (the ftpmaster behind the curtain)
--- End Message ---
