From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Mon, 4 Jul 2022 15:23:22 +0000 (+0200)
Subject: Remove the FetchCompilerTemplatePlugin
X-Git-Tag: 6.0.0_Alpha_1~1127^2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=a569475e8c9510f32038abe5611d1bbbd69c0cb5;p=GitHub%2FWoltLab%2FWCF.git

Remove the FetchCompilerTemplatePlugin

See 2a5ce139d53d3ec7232013d4492d6e322b262cfb (which deprecated `{fetch}`) and
bfddcab778b25ece1136eaff4b688812495b96d5 which always enabled the allow list of
template modifiers, preventing `file_get_contents` even outside of enterprise
mode.
---

diff --git a/com.woltlab.wcf/fileDelete.xml b/com.woltlab.wcf/fileDelete.xml
index bf3244ce8e..2db47c05ea 100644
--- a/com.woltlab.wcf/fileDelete.xml
+++ b/com.woltlab.wcf/fileDelete.xml
@@ -2517,6 +2517,7 @@
 		<file>lib/system/template/TemplatePluginModifier.class.php</file>
 		<file>lib/system/template/TemplatePluginPrefilter.class.php</file>
 		<file>lib/system/template/plugin/ArrayfromlistModifierTemplatePlugin.class.php</file>
+		<file>lib/system/template/plugin/FetchCompilerTemplatePlugin.class.php</file>
 		<file>lib/system/template/plugin/IconCompilerTemplatePlugin.class.php</file>
 		<file>lib/system/template/plugin/IconPrefilterTemplatePlugin.class.php</file>
 		<file>lib/system/template/plugin/StaticlangTemplatePluginCompiler.class.php</file>
diff --git a/wcfsetup/install/files/lib/system/template/plugin/FetchCompilerTemplatePlugin.class.php b/wcfsetup/install/files/lib/system/template/plugin/FetchCompilerTemplatePlugin.class.php
deleted file mode 100644
index 0b60cabc0a..0000000000
--- a/wcfsetup/install/files/lib/system/template/plugin/FetchCompilerTemplatePlugin.class.php
+++ /dev/null
@@ -1,65 +0,0 @@
-<?php
-
-namespace wcf\system\template\plugin;
-
-use wcf\system\exception\SystemException;
-use wcf\system\template\TemplateScriptingCompiler;
-
-/**
- * Template compiler plugin which fetches files from the local file system, http,
- * or ftp and displays the content.
- *
- * Usage:
- *  {fetch file='x.html'}
- *  {fetch file='x.html' assign=var}
- *
- * @author  Marcel Werk
- * @copyright   2001-2019 WoltLab GmbH
- * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
- * @package WoltLabSuite\Core\System\Template\Plugin
- * @deprecated 5.4 The {fetch} plugin allows reading arbitrary files for anyone capable of editing templates.
- */
-class FetchCompilerTemplatePlugin implements ICompilerTemplatePlugin
-{
-    /**
-     * @inheritDoc
-     */
-    public function executeStart($tagArgs, TemplateScriptingCompiler $compiler)
-    {
-        if (\ENABLE_ENTERPRISE_MODE) {
-            throw new SystemException(
-                'The {fetch} template plugin is deprecated and will be removed in a future version. It is not available in enterprise mode.'
-            );
-        }
-
-        if (!isset($tagArgs['file'])) {
-            throw new SystemException(
-                $compiler::formatSyntaxError(
-                    "missing 'file' argument in fetch tag",
-                    $compiler->getCurrentIdentifier(),
-                    $compiler->getCurrentLineNo()
-                )
-            );
-        }
-
-        if (isset($tagArgs['assign'])) {
-            return "<?php \$this->assign(" . $tagArgs['assign'] . ", @file_get_contents(" . $tagArgs['file'] . ")); ?>";
-        } else {
-            return "<?php echo @file_get_contents(" . $tagArgs['file'] . "); ?>";
-        }
-    }
-
-    /**
-     * @inheritDoc
-     */
-    public function executeEnd(TemplateScriptingCompiler $compiler)
-    {
-        throw new SystemException(
-            $compiler::formatSyntaxError(
-                "unknown tag {/fetch}",
-                $compiler->getCurrentIdentifier(),
-                $compiler->getCurrentLineNo()
-            )
-        );
-    }
-}