Revision 1852
Added by darkviper over 11 years ago
SafeAnalysis.php | ||
---|---|---|
3 | 3 |
class Twig_NodeVisitor_SafeAnalysis implements Twig_NodeVisitorInterface |
4 | 4 |
{ |
5 | 5 |
protected $data = array(); |
6 |
protected $safeVars = array(); |
|
6 | 7 |
|
8 |
public function setSafeVars($safeVars) |
|
9 |
{ |
|
10 |
$this->safeVars = $safeVars; |
|
11 |
} |
|
12 |
|
|
7 | 13 |
public function getSafe(Twig_NodeInterface $node) |
8 | 14 |
{ |
9 | 15 |
$hash = spl_object_hash($node); |
10 | 16 |
if (isset($this->data[$hash])) { |
11 |
foreach($this->data[$hash] as $bucket) { |
|
17 |
foreach ($this->data[$hash] as $bucket) {
|
|
12 | 18 |
if ($bucket['key'] === $node) { |
13 | 19 |
return $bucket['value']; |
14 | 20 |
} |
... | ... | |
22 | 28 |
{ |
23 | 29 |
$hash = spl_object_hash($node); |
24 | 30 |
if (isset($this->data[$hash])) { |
25 |
foreach($this->data[$hash] as &$bucket) { |
|
31 |
foreach ($this->data[$hash] as &$bucket) {
|
|
26 | 32 |
if ($bucket['key'] === $node) { |
27 | 33 |
$bucket['value'] = $safe; |
28 | 34 |
|
... | ... | |
85 | 91 |
} else { |
86 | 92 |
$this->setSafe($node, array()); |
87 | 93 |
} |
94 |
} elseif ($node instanceof Twig_Node_Expression_GetAttr && $node->getNode('node') instanceof Twig_Node_Expression_Name) { |
|
95 |
$name = $node->getNode('node')->getAttribute('name'); |
|
96 |
// attributes on template instances are safe |
|
97 |
if ('_self' == $name || in_array($name, $this->safeVars)) { |
|
98 |
$this->setSafe($node, array('all')); |
|
99 |
} else { |
|
100 |
$this->setSafe($node, array()); |
|
101 |
} |
|
88 | 102 |
} else { |
89 | 103 |
$this->setSafe($node, array()); |
90 | 104 |
} |
Also available in: Unified diff
updated Twig template engine to stable version 1.11.1 step2