Package: gallery2 Version: 2.3.1.dfsg-1~bpo50+1 Severity: important The Debian version of /usr/share/gallery2/lib/smarty/Smarty_Compiler.class.php differs from the stock gallery2 2.3.1 version of the file, and it fails when there are single quotes (') in templates, leading to errors such as:
Parse error: syntax error, unexpected T_STRING, expecting ')' in /var/www/user-rw/gallery2-349gl0289gys/smarty/templates_c/%%626616196/matrix/%%26^261^2615E4E5%%AdminPlugins.tpl.php on line 173 When trying to access Site Admin > Plugins via the web interface of gallery2. The diff from the Debian version to the stock 2.3.1 version is: --- /usr/share/gallery2/lib/smarty/Smarty_Compiler.class.php 2009-10-25 15:19:04.000000000 +0000 +++ Smarty_Compiler.class.php 2008-10-16 07:35:13.000000000 +0100 @@ -1695,12 +1695,7 @@ $_return = $var_expr; } // replace double quoted literal string with single quotes - - // The follwoing line has been replaced to close a function injection security hole (U.Tews) - // $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return); - $_return = str_replace('"',"'",$_return); - // escape dollar sign if not printing a var - $_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return); + $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return); return $_return; } Replacing the Debian version with the stock version allows things to work properly once more, once you've used Maintenance > Delete template cache. The stock version uses double-quotes (") around the strings it is handling, the Debian version uses single-quotes ('), without thinking to escape such single quotes in the text, and this is the cause of the problem. -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.33-fysh-kvmguest (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages gallery2 depends on: ii apache2 2.2.9-10+lenny6 Apache HTTP Server metapackage ii apache2-mpm-pre 2.2.9-10+lenny6 Apache HTTP Server - traditional n ii debconf [debcon 1.5.24 Debian configuration management sy ii imagemagick 7:6.3.7.9.dfsg2-1~lenny3 image manipulation programs ii libapache2-mod- 5.2.6.dfsg.1-1+lenny6 server-side, HTML-embedded scripti ii libphp-adodb 5.05-1 The ADOdb database abstraction lay ii mysql-client-5. 5.0.51a-24+lenny3 MySQL database client binaries ii netpbm 2:10.0-12 Graphics conversion tools ii php5 5.2.6.dfsg.1-1+lenny6 server-side, HTML-embedded scripti ii php5-cgi 5.2.6.dfsg.1-1+lenny6 server-side, HTML-embedded scripti ii php5-mysql 5.2.6.dfsg.1-1+lenny6 MySQL module for php5 ii php5-pgsql 5.2.6.dfsg.1-1+lenny6 PostgreSQL module for php5 ii postgresql-clie 8.3.9-0lenny1 front-end programs for PostgreSQL ii smarty 2.6.20-1.2 Template engine for PHP ii wwwconfig-commo 0.1.2 Debian web auto configuration Versions of packages gallery2 recommends: ii dcraw 8.86-1 decode raw digital camera images ii ffmpeg 0.svn20080206-18+lenny1 multimedia player, server and enco ii jhead 2.84-2 manipulate the non-image part of E ii libjpeg-progs 6b-14 Programs for manipulating JPEG fil ii php5-gd 5.2.6.dfsg.1-1+lenny6 GD module for php5 ii unzip 5.52-12 De-archiver for .zip files ii zip 2.32-1 Archiver for .zip files Versions of packages gallery2 suggests: pn mysql-server-5.0 | mysql-serv <none> (no description available) -- debconf information: gallery2/mysql/dbadmpass: (password omitted) gallery2/webserver_type: apache, apache-ssl, apache-perl, apache2 gallery2/mysql/dbname: gallery2 * gallery2/mysql/dbserver: db.fysh.org gallery2/mysql/configure: true * gallery2/restart-webserver: false gallery2/purge: true * gallery2/mysql/dbadmin: root -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org