Fix use of negative numbers in math equations. (#904)

Fixes #895

CHANGELOG.md

@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 - `|strip_tags` does not work if the input is 0 [#890](https://github.com/smarty-php/smarty/issues/890)
+- Use of negative numbers in {math} equations [#895](https://github.com/smarty-php/smarty/issues/895)
 
 ## [4.3.2] - 2023-07-19
 

libs/plugins/function.math.php

@@ -67,7 +67,7 @@ function smarty_function_math($params, $template)
     $equation = preg_replace('/\s+/', '', $equation);
 
     // Adapted from https://www.php.net/manual/en/function.eval.php#107377
-    $number = '(?:\d+(?:[,.]\d+)?|pi|π)'; // What is a number
+    $number = '-?(?:\d+(?:[,.]\d+)?|pi|π)'; // What is a number
     $functionsOrVars = '((?:0x[a-fA-F0-9]+)|([a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*))';
     $operators = '[,+\/*\^%-]'; // Allowed math operators
     $regexp = '/^(('.$number.'|'.$functionsOrVars.'|('.$functionsOrVars.'\s*\((?1)*\)|\((?1)*\)))(?:'.$operators.'(?1))?)+$/';

tests/UnitTests/TemplateSource/ValueTests/Math/MathTest.php

@@ -101,6 +101,14 @@ public function testFunctionFloat()
         $this->assertEquals($expected, $this->smarty->fetch($tpl));
     }
 
+    public function testNegativeNumbers()
+    {
+        $this->smarty->disableSecurity();
+        $expected = "-19 -- 4.1";
+        $tpl = $this->smarty->createTemplate('eval:{$x = 4}{$y = 5.5}{math equation="-2.0*(x+y)" x=$x y=$y} -- {math equation="-20.5 / -5"}');
+        $this->assertEquals($expected, $this->smarty->fetch($tpl));
+    }
+
     public function testSyntaxFormat()
     {
         $this->smarty->disableSecurity();