Project

General

Profile

1
<?php
2

    
3
/*
4
 * This file is part of Twig.
5
 *
6
 * (c) 2015 Fabien Potencier
7
 *
8
 * For the full copyright and license information, please view the LICENSE
9
 * file that was distributed with this source code.
10
 */
11

    
12
/**
13
 * @author Fabien Potencier <fabien@symfony.com>
14
 */
15
class Twig_Node_CheckSecurity extends Twig_Node
16
{
17
    protected $usedFilters;
18
    protected $usedTags;
19
    protected $usedFunctions;
20

    
21
    public function __construct(array $usedFilters, array $usedTags, array $usedFunctions)
22
    {
23
        $this->usedFilters = $usedFilters;
24
        $this->usedTags = $usedTags;
25
        $this->usedFunctions = $usedFunctions;
26

    
27
        parent::__construct();
28
    }
29

    
30
    public function compile(Twig_Compiler $compiler)
31
    {
32
        $tags = $filters = $functions = array();
33
        foreach (array('tags', 'filters', 'functions') as $type) {
34
            foreach ($this->{'used'.ucfirst($type)} as $name => $node) {
35
                if ($node instanceof Twig_Node) {
36
                    ${$type}[$name] = $node->getLine();
37
                } else {
38
                    ${$type}[$node] = null;
39
                }
40
            }
41
        }
42

    
43
        $compiler
44
            ->write('$tags = ')->repr(array_filter($tags))->raw(";\n")
45
            ->write('$filters = ')->repr(array_filter($filters))->raw(";\n")
46
            ->write('$functions = ')->repr(array_filter($functions))->raw(";\n\n")
47
            ->write("try {\n")
48
            ->indent()
49
            ->write("\$this->env->getExtension('sandbox')->checkSecurity(\n")
50
            ->indent()
51
            ->write(!$tags ? "array(),\n" : "array('".implode("', '", array_keys($tags))."'),\n")
52
            ->write(!$filters ? "array(),\n" : "array('".implode("', '", array_keys($filters))."'),\n")
53
            ->write(!$functions ? "array()\n" : "array('".implode("', '", array_keys($functions))."')\n")
54
            ->outdent()
55
            ->write(");\n")
56
            ->outdent()
57
            ->write("} catch (Twig_Sandbox_SecurityError \$e) {\n")
58
            ->indent()
59
            ->write("\$e->setTemplateFile(\$this->getTemplateName());\n\n")
60
            ->write("if (\$e instanceof Twig_Sandbox_SecurityNotAllowedTagError && isset(\$tags[\$e->getTagName()])) {\n")
61
            ->indent()
62
            ->write("\$e->setTemplateLine(\$tags[\$e->getTagName()]);\n")
63
            ->outdent()
64
            ->write("} elseif (\$e instanceof Twig_Sandbox_SecurityNotAllowedFilterError && isset(\$filters[\$e->getFilterName()])) {\n")
65
            ->indent()
66
            ->write("\$e->setTemplateLine(\$filters[\$e->getFilterName()]);\n")
67
            ->outdent()
68
            ->write("} elseif (\$e instanceof Twig_Sandbox_SecurityNotAllowedFunctionError && isset(\$functions[\$e->getFunctionName()])) {\n")
69
            ->indent()
70
            ->write("\$e->setTemplateLine(\$functions[\$e->getFunctionName()]);\n")
71
            ->outdent()
72
            ->write("}\n\n")
73
            ->write("throw \$e;\n")
74
            ->outdent()
75
            ->write("}\n\n")
76
        ;
77
    }
78
}
(5-5/23)