Hi This is what upstream uses at the moment: http://code.google.com/p/smarty-php/source/detail?r=2797&path=/trunk/libs/Smarty_Compiler.class.php
Also this issue has been given CVE-2008-4811 and CVE-2008-4810. I am trying to clarify the situation with other vendors. In the meanwhile, please have a look at the patch. I am not sure, whether it fixes all attack vectors, maybe you can state your opinion as well? Cheers Steffen
signature.asc
Description: This is a digitally signed message part.
