Обновление WebAsyst 1.8.2.218 от 5 марта 2018 года - ошибка после установки на Магазин 6.3 Есть решение
Обновление WebAsyst 1.8.2.218 от 5 марта 2018 года - ошибка после установки на Магазин 6.3:
При входе в панель администрирования - полосатый экран и ошибка 0
В логах:
2018-03-05 16:01:49 193.200.205.135
Uncaught exception SmartyCompilerException:
Syntax Error in template "/home/salfetki/domains/salfetki.kiev.ua/public_html/wa-apps/shop/templates/actions/order/Order.html" on line 399 "{$pl = shopPayment::getPluginInfo($_tmp[0])}" access to static method 'shopPayment::getPluginInfo($_smarty_tpl->tpl_vars['_tmp']->value[0])' not allowed by security setting (0)
#0 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/vendors/smarty3/sysplugins/smarty_security.php(289): Smarty_Internal_TemplateCompilerBase->trigger_template_error('access to stati...')
#1 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/vendors/smarty3/sysplugins/smarty_internal_templateparser.php(2683): Smarty_Security->isTrustedStaticClass('shopPayment', Object(Smarty_Internal_SmartyTemplateCompiler), 'getPluginInfo($...')
#2 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/vendors/smarty3/sysplugins/smarty_internal_templateparser.php(3101): Smarty_Internal_Templateparser->yy_r118()
#3 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/vendors/smarty3/sysplugins/smarty_internal_templateparser.php(3201): Smarty_Internal_Templateparser->yy_reduce(118)
#4 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/vendors/smarty3/sysplugins/smarty_internal_smartytemplatecompiler.php(105): Smarty_Internal_Templateparser->doParse(17, '}')
#5 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/vendors/smarty3/sysplugins/smarty_internal_templatecompilerbase.php(206): Smarty_Internal_SmartyTemplateCompiler->doCompile('{if empty($orde...')
#6 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/vendors/smarty3/sysplugins/smarty_internal_template.php(187): Smarty_Internal_TemplateCompilerBase->compileTemplate(Object(Smarty_Internal_Template))
#7 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/vendors/smarty3/sysplugins/smarty_internal_templatebase.php(155): Smarty_Internal_Template->compileTemplateSource()
#8 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/view/waSmarty3View.class.php(117): Smarty_Internal_TemplateBase->fetch('templates/actio...', NULL)
#9 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/controller/waViewAction.class.php(171): waSmarty3View->fetch('templates/actio...', NULL)
#10 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/controller/waViewController.class.php(86): waViewAction->display()
#11 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/controller/waDefaultViewController.class.php(48): waViewController->executeAction(Object(shopOrderAction))
#12 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/controller/waController.class.php(21): waDefaultViewController->execute()
#13 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/controller/waViewController.class.php(46): waController->run(NULL)
#14 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/controller/waFrontController.class.php(229): waViewController->run(NULL)
#15 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/controller/waFrontController.class.php(164): waFrontController->runController(Object(waDefaultViewController), NULL)
#16 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/controller/waFrontController.class.php(58): waFrontController->execute(NULL, 'order', NULL)
#17 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/waSystem.class.php(562): waFrontController->dispatch()
#18 /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-system/waSystem.class.php(485): waSystem->dispatchBackend('webasyst/shop/')
#19 /home/salfetki/domains/salfetki.kiev.ua/public_html/index.php(7): waSystem->dispatch()
#20 {main}
5 ответов
Что можно сделать оперативно с этим?
При попытке просмотреть заказы в админке выдает ошибку:<h2 id="Title" style="margin-bottom: 0.3em; font-size: 1.35em; font-family: "Helvetica Neue", "Liberation Sans", Arial, sans-serif; line-height: 1.2em; background-color: rgb(255, 255, 255);">Syntax Error in template "/home/salfetki/domains/salfetki.kiev.ua/public_html/wa-apps/shop/templates/actions/order/Order.html" on line 399 "{$pl = shopPayment::getPluginInfo($_tmp[0])}" access to static method 'shopPayment::getPluginInfo($_smarty_tpl->tpl_vars['_tmp']->value[0])' not allowed by security setting code 0</h2>вот полный текст:
## wa-system/waSystem.class.php(499) #0 index.php(7): waSystem->dispatch() #1 {main} Next SmartyCompilerException with message 'Syntax Error in template "/home/salfetki/domains/salfetki.kiev.ua/public_html/wa-apps/shop/templates/actions/order/Order.html" on line 399 "{$pl = shopPayment::getPluginInfo($_tmp[0])}" access to static method 'shopPayment::getPluginInfo($_smarty_tpl->tpl_vars['_tmp']->value[0])' not allowed by security setting': ## wa-system/vendors/smarty3/sysplugins/smarty_internal_templatecompilerbase.php(667) #0 wa-system/vendors/smarty3/sysplugins/smarty_security.php(289): Smarty_Internal_TemplateCompilerBase->trigger_template_error('access to stati...') #1 wa-system/vendors/smarty3/sysplugins/smarty_internal_templateparser.php(2683): Smarty_Security->isTrustedStaticClass('shopPayment', Object(Smarty_Internal_SmartyTemplateCompiler), 'getPluginInfo($...') #2 wa-system/vendors/smarty3/sysplugins/smarty_internal_templateparser.php(3101): Smarty_Internal_Templateparser->yy_r118() #3 wa-system/vendors/smarty3/sysplugins/smarty_internal_templateparser.php(3201): Smarty_Internal_Templateparser->yy_reduce(118) #4 wa-system/vendors/smarty3/sysplugins/smarty_internal_smartytemplatecompiler.php(105): Smarty_Internal_Templateparser->doParse(17, '}') #5 wa-system/vendors/smarty3/sysplugins/smarty_internal_templatecompilerbase.php(206): Smarty_Internal_SmartyTemplateCompiler->doCompile('{if empty($orde...') #6 wa-system/vendors/smarty3/sysplugins/smarty_internal_template.php(187): Smarty_Internal_TemplateCompilerBase->compileTemplate(Object(Smarty_Internal_Template)) #7 wa-system/vendors/smarty3/sysplugins/smarty_internal_templatebase.php(155): Smarty_Internal_Template->compileTemplateSource() #8 wa-system/view/waSmarty3View.class.php(117): Smarty_Internal_TemplateBase->fetch('templates/actio...', NULL) #9 wa-system/controller/waViewAction.class.php(171): waSmarty3View->fetch('templates/actio...', NULL) #10 wa-system/controller/waViewController.class.php(86): waViewAction->display() #11 wa-system/controller/waDefaultViewController.class.php(48): waViewController->executeAction(Object(shopOrderAction)) #12 wa-system/controller/waController.class.php(21): waDefaultViewController->execute() #13 wa-system/controller/waViewController.class.php(46): waController->run(NULL) #14 wa-system/controller/waFrontController.class.php(229): waViewController->run(NULL) #15 wa-system/controller/waFrontController.class.php(164): waFrontController->runController(Object(waDefaultViewController), NULL) #16 wa-system/controller/waFrontController.class.php(58): waFrontController->execute(NULL, 'order', NULL) #17 wa-system/waSystem.class.php(562): waFrontController->dispatch() #18 wa-system/waSystem.class.php(485): waSystem->dispatchBackend('webasyst/shop/') #19 index.php(7): waSystem->dispatch() #20 {main}494 $log[] = $e instanceof waException ? $e->getFullTraceAsString() : $e->getTraceAsString(); 495 waLog::log(join("\n", $log)); 496 } 497 if (class_exists('waException')) { 498 if (!$e instanceof waException) { >>499 $e = new waException($e->getMessage(), $e->getCode(), $e); 500 } 501 $e->sendResponseCode(); 502 } 503 print $e; 504 }Доп ошибки:
[05-Mar-2018 16:10:19 Europe/Kiev] PHP Warning: Invalid argument supplied for foreach() in /home/salfetki/domains/salfetki.kiev.ua/public_html/wa-apps/shop/lib/classes/checkout/shopCheckoutShipping.class.php on line 256
Откатите файл до прежнего состояния /wa-system/vendors/smarty3/sysplugins/smarty_security.php
вот старый код файла:
<?php /** * Smarty plugin * * @package Smarty * @subpackage Security * @author Uwe Tews */ /* * FIXME: Smarty_Security API * - getter and setter instead of public properties would allow cultivating an internal cache properly * - current implementation of isTrustedResourceDir() assumes that Smarty::$template_dir and Smarty::$config_dir are immutable * the cache is killed every time either of the variables change. That means that two distinct Smarty objects with differing * $template_dir or $config_dir should NOT share the same Smarty_Security instance, * as this would lead to (severe) performance penalty! how should this be handled? */ /** * This class does contain the security settings */ class Smarty_Security { /** * This determines how Smarty handles "<?php ... ?>" tags in templates. * possible values: * <ul> * <li>Smarty::PHP_PASSTHRU -> echo PHP tags as they are</li> * <li>Smarty::PHP_QUOTE -> escape tags as entities</li> * <li>Smarty::PHP_REMOVE -> remove php tags</li> * <li>Smarty::PHP_ALLOW -> execute php tags</li> * </ul> * * @var integer */ public $php_handling = Smarty::PHP_PASSTHRU; /** * This is the list of template directories that are considered secure. * $template_dir is in this list implicitly. * * @var array */ protected $secure_dir = array(); /** * This is an array of directories where trusted php scripts reside. * {@link $security} is disabled during their inclusion/execution. * * @var array */ public $trusted_dir = array(); /** * List of regular expressions (PCRE) that include trusted URIs * * @var array */ protected $trusted_uri = array(); /** * This is an array of NOT trusted static classes. * * If empty access to all static classes is allowed. * If set to 'none' none is allowed. * @var array */ protected $static_classes = array( 'waAppConfig', 'waFiles', 'waSystem', 'waContactFields', 'waConfig', 'waUtils', 'waHtmlControl', 'waLog', 'waRequest::file', 'waDbConnector', ); /** * This is an array of disabled PHP functions. */ protected $php_functions = array( 'dl', 'eval', 'exec', 'system', 'popen', 'pclose', 'shell_exec', 'passthru', 'assert', 'assert_options', 'fopen', 'fwrite', 'fput', 'fputs', 'copy', 'chmod', 'chgrp', 'chown', 'rename', 'touch', 'tempnam', 'fscanf', 'glob', 'fprintf', 'lchown', 'lchgrp', 'link', 'symlink', 'unlink', 'realpath', 'scandir', 'opendir', 'rmdir', 'mkdir', 'is_writable', 'call_user_func', 'call_user_func_array', 'create_function', 'call_user_method', 'call_user_method_array', 'lstat', 'stat', 'register_shutdown_function', 'register_tick_function', 'set_error_handler', 'set_exception_handler', 'session_set_save_handler', 'preg_replace_callback', 'wa', 'wa_lambda', 'preg_replace', 'unserialize', 'serialize', 'debug_backtrace', 'get_resources', 'phpinfo', 'get_defined_vars', 'get_defined_constants', 'getenv', 'putenv', 'get_current_user', 'get_cfg_var', 'pathinfo', 'disk_free_space', 'disk_total_space', 'diskfreespace', 'getcwd', 'getlastmo', 'gid', 'array_map', 'array_walk', 'array_reduce', 'array_filter', 'usort', 'uksort', 'uasort', 'array_diff_uassoc', 'array_diff_ukey', 'array_udiff_assoc', 'array_udiff_uassoc', 'array_udiff', 'array_uintersect_assoc', 'array_uintersect_uassoc', 'array_intersect_uassoc', 'array_intersect_ukey', 'extract', 'parse_str', 'array_uintersect', 'array_walk', 'array_walk_recursive', 'pfsockopen', 'fsockopen', 'func_get_args', 'func_get_arg', 'class_alias', 'iterator_apply', 'iptcembed', 'dom_import_simplexml', 'simplexml_load_string', 'show_source', 'php_strip_whitespace', 'get_meta_tags', 'spl_autoload_register', 'spl_autoload_call', 'sscanf', 'curl_init', 'debug_backtrace', 'mail', 'mb_send_mail', 'set', 'php_uname', //'move_uploaded_file', 'tmpfile', 'highlight_file', 'parse_ini_file', 'simplexml_load_file', 'ini_alter', 'ini_get', ); /** * Array of disabled PHP function masks. */ protected $php_function_masks = array( '~callback~i', '~exif_~i', '~(?<!is_)file(?!(mtime|_exists))~i', '~^mysql~i', '~^gz~i', '~^bz~i', '~^posix~i', '~^pcntl~i', '~^ob_~i', '~^sqlite~i', '~^getmy~i', '~^proc_~i', '~^apache_~i', '~^image~i', '~^ftp_~i', '~^read~i', '~^curl_~i', '~^stream~i', '~^ini_~i', '~^xmlrpc_~i', '~^mb_ereg~i', ); /** * This is an array of trusted PHP modifiers. * * If empty all modifiers are allowed. * To disable all modifier set $modifiers = null. * @var array */ protected $php_modifiers = array(); /** * This is an array of allowed tags. * * If empty no restriction by allowed_tags. * @var array */ protected $allowed_tags = array(); /** * This is an array of disabled tags. * * If empty no restriction by disabled_tags. * @var array */ protected $disabled_tags = array( 'setfilter' ); /** * This is an array of allowed modifier plugins. * * If empty no restriction by allowed_modifiers. * @var array */ protected $allowed_modifiers = array(); /** * This is an array of disabled modifier plugins. * * If empty no restriction by disabled_modifiers. * @var array */ protected $disabled_modifiers = array(); /** * This is an array of trusted streams. * * If empty all streams are allowed. * To disable all streams set $streams = null. * @var array */ protected $streams = array('file'); /** * + flag if constants can be accessed from template * @var boolean */ public $allow_constants = true; /** * + flag if super globals can be accessed from template * @var boolean */ public $allow_super_globals = true; /** * Cache for $resource_dir lookups * @var array */ protected $_resource_dir = null; /** * Cache for $template_dir lookups * @var array */ protected $_template_dir = null; /** * Cache for $config_dir lookups * @var array */ protected $_config_dir = null; /** * Cache for $secure_dir lookups * @var array */ protected $_secure_dir = null; /** * Cache for $php_resource_dir lookups * @var array */ protected $_php_resource_dir = null; /** * Cache for $trusted_dir lookups * @var array */ protected $_trusted_dir = null; /** * @param Smarty $smarty */ public function __construct($smarty) { $this->smarty = $smarty; $this->static_classes = array_map('strtolower', $this->static_classes); } /** * Check if PHP function is trusted. * * @param string $function_name * @param object $compiler compiler object * @return boolean true if function is trusted * @throws SmartyCompilerException if php function is not trusted */ public function isTrustedPhpFunction($function_name, $compiler) { $unsafe = in_array($function_name, $this->php_functions); if (!$unsafe) { foreach($this->php_function_masks as $mask) { if (preg_match($mask, $function_name)) { $unsafe = true; break; } } } if ($unsafe) { $compiler->trigger_template_error("PHP function '{$function_name}' not allowed by security setting"); return false; } return true; } /** * Check if static class is trusted. * * @param string $class_name * @param object $compiler compiler object * @return boolean true if class is trusted * @throws SmartyCompilerException if static class is not trusted */ public function isTrustedStaticClass($class_name, $compiler, $method = false) { $orig_class_name = $class_name; $class_name = strtolower($class_name); $method = substr(strtolower($method), 0, strpos($method, '(')); if (in_array($class_name, $this->static_classes) || in_array($class_name.'::'.$method, $this->static_classes) || substr($class_name, 0, 7) == 'smarty_') { $compiler->trigger_template_error("access to static class '{$orig_class_name}' not allowed by security setting"); return false; } if ($method == 'getactive' || $method == 'getappconfig' || $method == 'setdebug' || $method == 'systemoption') { $compiler->trigger_template_error("access to static class '{$orig_class_name}' not allowed by security setting"); return false; } return true; } /** * Check if PHP modifier is trusted. * * @param string $modifier_name * @param object $compiler compiler object * @return boolean true if modifier is trusted * @throws SmartyCompilerException if modifier is not trusted */ public function isTrustedPhpModifier($modifier_name, $compiler) { if (!$this->isTrustedPhpFunction($modifier_name, $compiler)) { $compiler->trigger_template_error("modifier '{$modifier_name}' not allowed by security setting"); return false; // should not, but who knows what happens to the compiler in the future? } if (isset($this->php_modifiers) && (empty($this->php_modifiers) || in_array($modifier_name, $this->php_modifiers))) { return true; } $compiler->trigger_template_error("modifier '{$modifier_name}' not allowed by security setting"); return false; // should not, but who knows what happens to the compiler in the future? } /** * Check if tag is trusted. * * @param string $tag_name * @param object $compiler compiler object * @return boolean true if tag is trusted * @throws SmartyCompilerException if modifier is not trusted */ public function isTrustedTag($tag_name, $compiler) { // check for internal always required tags if (in_array($tag_name, array('assign', 'call', 'private_filter', 'private_block_plugin', 'private_function_plugin', 'private_object_block_function', 'private_object_function', 'private_registered_function', 'private_registered_block', 'private_special_variable', 'private_print_expression', 'private_modifier'))) { return true; } // check security settings if (empty($this->allowed_tags)) { if (empty($this->disabled_tags) || !in_array($tag_name, $this->disabled_tags)) { return true; } else { $compiler->trigger_template_error("tag '{$tag_name}' disabled by security setting", $compiler->lex->taglineno); } } else if (in_array($tag_name, $this->allowed_tags) && !in_array($tag_name, $this->disabled_tags)) { return true; } else { $compiler->trigger_template_error("tag '{$tag_name}' not allowed by security setting", $compiler->lex->taglineno); } return false; // should not, but who knows what happens to the compiler in the future? } /** * Check if modifier plugin is trusted. * * @param string $modifier_name * @param object $compiler compiler object * @return boolean true if tag is trusted * @throws SmartyCompilerException if modifier is not trusted */ public function isTrustedModifier($modifier_name, $compiler) { // check for internal always allowed modifier if (in_array($modifier_name, array('default'))) { return true; } // check security settings if (empty($this->allowed_modifiers)) { if (empty($this->disabled_modifiers) || !in_array($modifier_name, $this->disabled_modifiers)) { return true; } else { $compiler->trigger_template_error("modifier '{$modifier_name}' disabled by security setting", $compiler->lex->taglineno); } } else if (in_array($modifier_name, $this->allowed_modifiers) && !in_array($modifier_name, $this->disabled_modifiers)) { return true; } else { $compiler->trigger_template_error("modifier '{$modifier_name}' not allowed by security setting", $compiler->lex->taglineno); } return false; // should not, but who knows what happens to the compiler in the future? } /** * Check if stream is trusted. * * @param string $stream_name * @return boolean true if stream is trusted * @throws SmartyException if stream is not trusted */ public function isTrustedStream($stream_name) { if (isset($this->streams) && (empty($this->streams) || in_array($stream_name, $this->streams))) { return true; } throw new SmartyException("stream '{$stream_name}' not allowed by security setting"); } /** * Check if directory of file resource is trusted. * * @param string $filepath * @return boolean true if directory is trusted * @throws SmartyException if directory is not trusted */ public function isTrustedResourceDir($filepath) { if (substr($filepath, -4) == '.php') { throw new SmartyException("file '".basename($filepath)."' not allowed by security setting"); } $config_path = waConfig::get('wa_path_config'); $_filepath = realpath($filepath); $directory = dirname($_filepath); while (true) { if ($directory == $config_path) { throw new SmartyException("directory '{$_filepath}' not allowed by security setting"); return false; } // abort if we've reached root if (($pos = strrpos($directory, DS)) === false || !isset($directory[1])) { break; } // bubble up one level $directory = substr($directory, 0, $pos); } } /** * Check if URI (e.g. {fetch} or {html_image}) is trusted * * To simplify things, isTrustedUri() resolves all input to "{$PROTOCOL}://{$HOSTNAME}". * So "http://username:password@hello.world.example.org:8080/some-path?some=query-string" * is reduced to "http://hello.world.example.org" prior to applying the patters from {@link $trusted_uri}. * @param string $uri * @return boolean true if URI is trusted * @throws SmartyException if URI is not trusted * @uses $trusted_uri for list of patterns to match against $uri */ public function isTrustedUri($uri) { $_uri = parse_url($uri); if (!empty($_uri['scheme']) && !empty($_uri['host'])) { $_uri = $_uri['scheme'] . '://' . $_uri['host']; foreach ($this->trusted_uri as $pattern) { if (preg_match($pattern, $_uri)) { return true; } } } throw new SmartyException("URI '{$uri}' not allowed by security setting"); } /** * Check if directory of file resource is trusted. * * @param string $filepath * @return boolean true if directory is trusted * @throws SmartyException if PHP directory is not trusted */ public function isTrustedPHPDir($filepath) { if (empty($this->trusted_dir)) { throw new SmartyException("directory '{$filepath}' not allowed by security setting (no trusted_dir specified)"); } // check if index is outdated if (!$this->_trusted_dir || $this->_trusted_dir !== $this->trusted_dir) { $this->_php_resource_dir = array(); $this->_trusted_dir = $this->trusted_dir; foreach ((array) $this->trusted_dir as $directory) { $directory = realpath($directory); $this->_php_resource_dir[$directory] = true; } } $_filepath = realpath($filepath); $directory = dirname($_filepath); $_directory = array(); while (true) { // remember the directory to add it to _resource_dir in case we're successful $_directory[] = $directory; // test if the directory is trusted if (isset($this->_php_resource_dir[$directory])) { // merge sub directories of current $directory into _resource_dir to speed up subsequent lookups $this->_php_resource_dir = array_merge($this->_php_resource_dir, $_directory); return true; } // abort if we've reached root if (($pos = strrpos($directory, DS)) === false || !isset($directory[2])) { break; } // bubble up one level $directory = substr($directory, 0, $pos); } throw new SmartyException("directory '{$_filepath}' not allowed by security setting"); } } ?>Спасибо огромное!!! Вы меня спасли!!!