From f4ff8cd81edbd5c0836ec99fab96f1f040b1d9d2 Mon Sep 17 00:00:00 2001
From: rGaillard <remi.gaillard@prestashop.com>
Date: Wed, 6 Jun 2012 17:10:24 +0000
Subject: [PATCH] // small fix

---
 classes/controller/FrontController.php | 2 +-
 tools/smarty/Smarty.class.php          | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/classes/controller/FrontController.php b/classes/controller/FrontController.php
index 2476d046c..6d0c84725 100755
--- a/classes/controller/FrontController.php
+++ b/classes/controller/FrontController.php
@@ -322,7 +322,7 @@ class FrontControllerCore extends Controller
 			'modules_dir' => _MODULE_DIR_,
 			'mail_dir' => _MAIL_DIR_,
 			'lang_iso' => $this->context->language->iso_code,
-			'come_from' => Tools::getHttpHost(true, true).Tools::htmlentitiesUTF8(str_replace('\'', '', urldecode($_SERVER['REQUEST_URI']))),
+			'come_from' => Tools::getHttpHost(true, true).Tools::htmlentitiesUTF8(str_replace(array('\'', '\\'), '', urldecode($_SERVER['REQUEST_URI']))),
 			'cart_qties' => (int)$cart->nbProducts(),
 			'currencies' => Currency::getCurrencies(),
 			'languages' => $languages,
diff --git a/tools/smarty/Smarty.class.php b/tools/smarty/Smarty.class.php
index c1e081eed..b8a10c5d0 100644
--- a/tools/smarty/Smarty.class.php
+++ b/tools/smarty/Smarty.class.php
@@ -1502,8 +1502,8 @@ function smartyAutoload($class)
         'smarty_resource_recompiled' => true,
     );
 
-    if (!strncmp($_class, 'smarty_internal_', 16) || isset($_classes[$_class])) {
-        include SMARTY_SYSPLUGINS_DIR . $_class . '.php';
+    if (preg_match('/^[0-9a-z_-]+$/i', $_class) && !strncmp($_class, 'smarty_internal_', 16) || isset($_classes[$_class])) {
+       include SMARTY_SYSPLUGINS_DIR . $_class . '.php';
     }
 }