1 |
1686
|
darkviper
|
<?php
|
2 |
|
|
|
3 |
|
|
/*
|
4 |
|
|
* This file is part of Twig.
|
5 |
|
|
*
|
6 |
|
|
* (c) 2009 Fabien Potencier
|
7 |
|
|
*
|
8 |
|
|
* For the full copyright and license information, please view the LICENSE
|
9 |
|
|
* file that was distributed with this source code.
|
10 |
|
|
*/
|
11 |
|
|
class Twig_Extension_Sandbox extends Twig_Extension
|
12 |
|
|
{
|
13 |
|
|
protected $sandboxedGlobally;
|
14 |
|
|
protected $sandboxed;
|
15 |
|
|
protected $policy;
|
16 |
|
|
|
17 |
|
|
public function __construct(Twig_Sandbox_SecurityPolicyInterface $policy, $sandboxed = false)
|
18 |
|
|
{
|
19 |
|
|
$this->policy = $policy;
|
20 |
|
|
$this->sandboxedGlobally = $sandboxed;
|
21 |
|
|
}
|
22 |
|
|
|
23 |
|
|
/**
|
24 |
|
|
* Returns the token parser instances to add to the existing list.
|
25 |
|
|
*
|
26 |
|
|
* @return array An array of Twig_TokenParserInterface or Twig_TokenParserBrokerInterface instances
|
27 |
|
|
*/
|
28 |
|
|
public function getTokenParsers()
|
29 |
|
|
{
|
30 |
|
|
return array(new Twig_TokenParser_Sandbox());
|
31 |
|
|
}
|
32 |
|
|
|
33 |
|
|
/**
|
34 |
|
|
* Returns the node visitor instances to add to the existing list.
|
35 |
|
|
*
|
36 |
|
|
* @return array An array of Twig_NodeVisitorInterface instances
|
37 |
|
|
*/
|
38 |
|
|
public function getNodeVisitors()
|
39 |
|
|
{
|
40 |
|
|
return array(new Twig_NodeVisitor_Sandbox());
|
41 |
|
|
}
|
42 |
|
|
|
43 |
|
|
public function enableSandbox()
|
44 |
|
|
{
|
45 |
|
|
$this->sandboxed = true;
|
46 |
|
|
}
|
47 |
|
|
|
48 |
|
|
public function disableSandbox()
|
49 |
|
|
{
|
50 |
|
|
$this->sandboxed = false;
|
51 |
|
|
}
|
52 |
|
|
|
53 |
|
|
public function isSandboxed()
|
54 |
|
|
{
|
55 |
|
|
return $this->sandboxedGlobally || $this->sandboxed;
|
56 |
|
|
}
|
57 |
|
|
|
58 |
|
|
public function isSandboxedGlobally()
|
59 |
|
|
{
|
60 |
|
|
return $this->sandboxedGlobally;
|
61 |
|
|
}
|
62 |
|
|
|
63 |
|
|
public function setSecurityPolicy(Twig_Sandbox_SecurityPolicyInterface $policy)
|
64 |
|
|
{
|
65 |
|
|
$this->policy = $policy;
|
66 |
|
|
}
|
67 |
|
|
|
68 |
|
|
public function getSecurityPolicy()
|
69 |
|
|
{
|
70 |
|
|
return $this->policy;
|
71 |
|
|
}
|
72 |
|
|
|
73 |
|
|
public function checkSecurity($tags, $filters, $functions)
|
74 |
|
|
{
|
75 |
|
|
if ($this->isSandboxed()) {
|
76 |
|
|
$this->policy->checkSecurity($tags, $filters, $functions);
|
77 |
|
|
}
|
78 |
|
|
}
|
79 |
|
|
|
80 |
|
|
public function checkMethodAllowed($obj, $method)
|
81 |
|
|
{
|
82 |
|
|
if ($this->isSandboxed()) {
|
83 |
|
|
$this->policy->checkMethodAllowed($obj, $method);
|
84 |
|
|
}
|
85 |
|
|
}
|
86 |
|
|
|
87 |
|
|
public function checkPropertyAllowed($obj, $method)
|
88 |
|
|
{
|
89 |
|
|
if ($this->isSandboxed()) {
|
90 |
|
|
$this->policy->checkPropertyAllowed($obj, $method);
|
91 |
|
|
}
|
92 |
|
|
}
|
93 |
|
|
|
94 |
|
|
public function ensureToStringAllowed($obj)
|
95 |
|
|
{
|
96 |
|
|
if (is_object($obj)) {
|
97 |
|
|
$this->policy->checkMethodAllowed($obj, '__toString');
|
98 |
|
|
}
|
99 |
|
|
|
100 |
|
|
return $obj;
|
101 |
|
|
}
|
102 |
|
|
|
103 |
|
|
/**
|
104 |
|
|
* Returns the name of the extension.
|
105 |
|
|
*
|
106 |
|
|
* @return string The extension name
|
107 |
|
|
*/
|
108 |
|
|
public function getName()
|
109 |
|
|
{
|
110 |
|
|
return 'sandbox';
|
111 |
|
|
}
|
112 |
|
|
}
|