Revision 1852
Added by darkviper over 11 years ago
| SafeAnalysis.php | ||
|---|---|---|
| 3 | 3 |
class Twig_NodeVisitor_SafeAnalysis implements Twig_NodeVisitorInterface |
| 4 | 4 |
{
|
| 5 | 5 |
protected $data = array(); |
| 6 |
protected $safeVars = array(); |
|
| 6 | 7 |
|
| 8 |
public function setSafeVars($safeVars) |
|
| 9 |
{
|
|
| 10 |
$this->safeVars = $safeVars; |
|
| 11 |
} |
|
| 12 |
|
|
| 7 | 13 |
public function getSafe(Twig_NodeInterface $node) |
| 8 | 14 |
{
|
| 9 | 15 |
$hash = spl_object_hash($node); |
| 10 | 16 |
if (isset($this->data[$hash])) {
|
| 11 |
foreach($this->data[$hash] as $bucket) {
|
|
| 17 |
foreach ($this->data[$hash] as $bucket) {
|
|
| 12 | 18 |
if ($bucket['key'] === $node) {
|
| 13 | 19 |
return $bucket['value']; |
| 14 | 20 |
} |
| ... | ... | |
| 22 | 28 |
{
|
| 23 | 29 |
$hash = spl_object_hash($node); |
| 24 | 30 |
if (isset($this->data[$hash])) {
|
| 25 |
foreach($this->data[$hash] as &$bucket) {
|
|
| 31 |
foreach ($this->data[$hash] as &$bucket) {
|
|
| 26 | 32 |
if ($bucket['key'] === $node) {
|
| 27 | 33 |
$bucket['value'] = $safe; |
| 28 | 34 |
|
| ... | ... | |
| 85 | 91 |
} else {
|
| 86 | 92 |
$this->setSafe($node, array()); |
| 87 | 93 |
} |
| 94 |
} elseif ($node instanceof Twig_Node_Expression_GetAttr && $node->getNode('node') instanceof Twig_Node_Expression_Name) {
|
|
| 95 |
$name = $node->getNode('node')->getAttribute('name');
|
|
| 96 |
// attributes on template instances are safe |
|
| 97 |
if ('_self' == $name || in_array($name, $this->safeVars)) {
|
|
| 98 |
$this->setSafe($node, array('all'));
|
|
| 99 |
} else {
|
|
| 100 |
$this->setSafe($node, array()); |
|
| 101 |
} |
|
| 88 | 102 |
} else {
|
| 89 | 103 |
$this->setSafe($node, array()); |
| 90 | 104 |
} |
Also available in: Unified diff
updated Twig template engine to stable version 1.11.1 step2