Update

.gitattributes

@@ -7,14 +7,13 @@
 
 # exclude from git export
 /tests export-ignore
-/utilities/ export-ignore
-
+/utilities export-ignore
+/docker-compose.yml export-ignore
+/.github export-ignore
+/run_tests_for_all_php_versions.sh export-ignore
 /.gitattributes export-ignore
 /.gitignore export-ignore
-/.travis.yml export-ignore
-/error_reporting.ini export-ignore
 /make-release.sh export-ignore
 /phpunit.sh export-ignore
 /phpunit.xml export-ignore
 /TODO.md export-ignore
-/travis.ini export-ignore

.github/workflows/ci.yml

@@ -0,0 +1,79 @@
+# https://help.github.com/en/categories/automating-your-workflow-with-github-actions
+
+on:
+  pull_request:
+  push:
+    branches:
+      - 'master'
+
+name: CI
+
+jobs:
+  tests:
+    name: Tests
+
+    runs-on: ${{ matrix.os }}
+
+    env:
+      PHP_EXTENSIONS: dom, json, libxml, mbstring, pdo_sqlite, soap, xml, xmlwriter
+      PHP_INI_VALUES: assert.exception=1, zend.assertions=1
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - ubuntu-latest
+
+        php-version:
+          - "7.1"
+          - "7.2"
+          - "7.3"
+          - "7.4"
+          - "8.0"
+          - "8.1"
+
+        compiler:
+          - default
+
+        include:
+          - os: ubuntu-latest
+            php-version: "8.0"
+            compiler: jit
+          - os: ubuntu-latest
+            php-version: "8.1"
+            compiler: jit
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Override PHP ini values for JIT compiler
+      if: matrix.compiler == 'jit'
+      run: echo "PHP_INI_VALUES::assert.exception=1, zend.assertions=1, opcache.enable=1, opcache.enable_cli=1, opcache.optimization_level=-1, opcache.jit=1255, opcache.jit_buffer_size=32M" >> $GITHUB_ENV
+
+    - name: Install PHP with extensions
+      uses: shivammathur/setup-php@v2
+      with:
+        php-version: ${{ matrix.php-version }}
+        coverage: pcov
+        extensions: ${{ env.PHP_EXTENSIONS }}
+        ini-values: ${{ env.PHP_INI_VALUES }}
+
+    - name: Validate composer.json and composer.lock
+      run: composer validate
+
+    - name: Cache Composer packages
+      id: composer-cache
+      uses: actions/cache@v2
+      with:
+        path: vendor
+        key: ${{ runner.os }}-php-${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
+        restore-keys: |
+          ${{ runner.os }}-php-${{ matrix.php-version }}-
+
+    - name: Install dependencies
+      if: steps.composer-cache.outputs.cache-hit != 'true'
+      run: composer install --prefer-dist --no-progress --no-suggest
+
+    - name: Run tests with phpunit
+      run: ./phpunit.sh

.gitignore

@@ -5,9 +5,9 @@
 lexer/*.php
 lexer/*.php.bak
 lexer/*.out
-utilies/*.php
 
 # Dev
 phpunit*
+.phpunit.result.cache
 vendor/*
 composer.lock

CHANGELOG.md

@@ -7,10 +7,122 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 
 ### Changed
-- Travis unit tests now run for all php versions >= 5.3
+- Include docs and demo in the releases [#799](https://github.com/smarty-php/smarty/issues/799)
 
 ### Fixed
-- PHP5.3 compatability fixes
+- Output buffer is now cleaned for internal PHP errors as well, not just for Exceptions [#514](https://github.com/smarty-php/smarty/issues/514)
+- Fixed recursion and out of memory errors when caching in complicated template set-ups using inheritance and includes [#801](https://github.com/smarty-php/smarty/pull/801)
+
+## [4.2.1] - 2022-09-14
+
+### Security
+- Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks [#454](https://github.com/smarty-php/smarty/issues/454)
+
+### Fixed
+- Fixed PHP8.1 deprecation errors in modifiers (upper, explode, number_format and replace) [#755](https://github.com/smarty-php/smarty/pull/755) and [#788](https://github.com/smarty-php/smarty/pull/788)
+- Fixed PHP8.1 deprecation errors in capitalize modifier [#789](https://github.com/smarty-php/smarty/issues/789)
+- Fixed use of `rand()` without a parameter in math function [#794](https://github.com/smarty-php/smarty/issues/794)
+- Fixed unselected year/month/day not working in html_select_date [#395](https://github.com/smarty-php/smarty/issues/395)
+
+## [4.2.0] - 2022-08-01
+
+### Fixed
+- Fixed problems with smarty_mb_str_replace [#549](https://github.com/smarty-php/smarty/issues/549)
+- Fixed second parameter of unescape modifier not working [#777](https://github.com/smarty-php/smarty/issues/777)
+
+### Changed
+- Updated HTML of the debug template [#599](https://github.com/smarty-php/smarty/pull/599)
+
+## [4.1.1] - 2022-05-17
+
+### Security
+- Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022-29221
+
+### Fixed
+- Exclude docs and demo from export and composer [#751](https://github.com/smarty-php/smarty/pull/751)
+- PHP 8.1 deprecation notices in demo/plugins/cacheresource.pdo.php [#706](https://github.com/smarty-php/smarty/issues/706)
+- PHP 8.1 deprecation notices in truncate modifier [#699](https://github.com/smarty-php/smarty/issues/699)
+- Math equation `max(x, y)` didn't work anymore [#721](https://github.com/smarty-php/smarty/issues/721)
+- Fix PHP 8.1 deprecated warning when calling rtrim [#743](https://github.com/smarty-php/smarty/pull/743)
+- PHP 8.1: fix deprecation in escape modifier [#727](https://github.com/smarty-php/smarty/pull/727)
+
+## [4.1.0] - 2022-02-06
+
+### Added
+- PHP8.1 compatibility [#713](https://github.com/smarty-php/smarty/pull/713)
+
+## [4.0.4] - 2022-01-18
+
+### Fixed
+- Fixed illegal characters bug in math function security check [#702](https://github.com/smarty-php/smarty/issues/702)
+
+## [4.0.3] - 2022-01-10
+
+### Security
+- Prevent evasion of the `static_classes` security policy. This addresses CVE-2021-21408
+
+## [4.0.2] - 2022-01-10
+
+### Security
+- Prevent arbitrary PHP code execution through maliciously crafted expression for the math function. This addresses CVE-2021-29454
+
+## [4.0.1] - 2022-01-09
+
+### Security
+- Rewrote the mailto function to not use `eval` when encoding with javascript
+
+## [4.0.0] - 2021-11-25
+
+## [4.0.0-rc.0] - 2021-10-13
+
+### Added
+- You can now use `$smarty->muteUndefinedOrNullWarnings()` to activate convert warnings about undefined or null template vars to notices when running PHP8
+
+### Changed
+- Switch CI from Travis to Github CI
+- Updated unit tests to avoid skipped and risky test warnings
+
+### Removed
+- Dropped support for PHP7.0 and below, so Smarty now requires PHP >=7.1
+- Dropped support for php asp tags in templates (removed from php since php7.0)
+- Dropped deprecated API calls that where only accessible through SmartyBC
+- Dropped support for {php} and {include_php} tags and embedded PHP in templates. Embedded PHP will now be passed through as is.
+- Removed all PHP_VERSION_ID and compare_version checks and conditional code blocks that are now no longer required
+- Dropped deprecated SMARTY_RESOURCE_CHAR_SET and SMARTY_RESOURCE_DATE_FORMAT constants
+- Dropped deprecated Smarty::muteExpectedErrors and Smarty::unmuteExpectedErrors API methods
+- Dropped deprecated $smarty->getVariable() method. Use $smarty->getTemplateVars() instead.
+- $smarty->registerResource() no longer accepts an array of callback functions
+
+## [3.1.40] - 2021-10-13
+
+### Changed
+- modifier escape now triggers a E_USER_NOTICE when an unsupported escape type is used https://github.com/smarty-php/smarty/pull/649
+
+### Security
+- More advanced javascript escaping to handle https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements thanks to m-haritonov
+
+## [3.1.39] - 2021-02-17
+
+### Security
+- Prevent access to `$smarty.template_object` in sandbox mode. This addresses CVE-2021-26119.
+- Fixed code injection vulnerability by using illegal function names in `{function name='blah'}{/function}`. This addresses CVE-2021-26120.
+
+## [3.1.38] - 2021-01-08
+
+### Fixed
+- Smarty::SMARTY_VERSION wasn't updated https://github.com/smarty-php/smarty/issues/628
+
+## [3.1.37] - 2021-01-07
+
+### Changed
+- Changed error handlers and handling of undefined constants for php8-compatibility (set $errcontext argument optional) https://github.com/smarty-php/smarty/issues/605
+- Changed expected error levels in unit tests for php8-compatibility
+- Travis unit tests now run for all php versions >= 5.3, including php8
+- Travis runs on Xenial where possible
+
+### Fixed
+- PHP5.3 compatibility fixes
+- Brought lexer source functionally up-to-date with compiled version
 
 ## [3.1.36] - 2020-04-14