vendor/twig/twig/lib/Twig/NodeVisitor/Sandbox.php

   1 <?php
   2
   3 /*
   4  * This file is part of Twig.
   5  *
   6  * (c) Fabien Potencier
   7  *
   8  * For the full copyright and license information, please view the LICENSE
   9  * file that was distributed with this source code.
  10  */
  11
  12 /**
  13  * Twig_NodeVisitor_Sandbox implements sandboxing.
  14  *
  15  * @final
  16  *
  17  * @author Fabien Potencier <fabien@symfony.com>
  18  */
  19 class Twig_NodeVisitor_Sandbox extends Twig_BaseNodeVisitor
  20 {
  21     protected $inAModule = false;
  22     protected $tags;
  23     protected $filters;
  24     protected $functions;
  25
  26     protected function doEnterNode(Twig_Node $node, Twig_Environment $env)
  27     {
  28         if ($node instanceof Twig_Node_Module) {
  29             $this->inAModule = true;
  30             $this->tags = array();
  31             $this->filters = array();
  32             $this->functions = array();
  33
  34             return $node;
  35         } elseif ($this->inAModule) {
  36             // look for tags
  37             if ($node->getNodeTag() && !isset($this->tags[$node->getNodeTag()])) {
  38                 $this->tags[$node->getNodeTag()] = $node;
  39             }
  40
  41             // look for filters
  42             if ($node instanceof Twig_Node_Expression_Filter && !isset($this->filters[$node->getNode('filter')->getAttribute('value')])) {
  43                 $this->filters[$node->getNode('filter')->getAttribute('value')] = $node;
  44             }
  45
  46             // look for functions
  47             if ($node instanceof Twig_Node_Expression_Function && !isset($this->functions[$node->getAttribute('name')])) {
  48                 $this->functions[$node->getAttribute('name')] = $node;
  49             }
  50
  51             // the .. operator is equivalent to the range() function
  52             if ($node instanceof Twig_Node_Expression_Binary_Range && !isset($this->functions['range'])) {
  53                 $this->functions['range'] = $node;
  54             }
  55
  56             // wrap print to check __toString() calls
  57             if ($node instanceof Twig_Node_Print) {
  58                 return new Twig_Node_SandboxedPrint($node->getNode('expr'), $node->getTemplateLine(), $node->getNodeTag());
  59             }
  60         }
  61
  62         return $node;
  63     }
  64
  65     protected function doLeaveNode(Twig_Node $node, Twig_Environment $env)
  66     {
  67         if ($node instanceof Twig_Node_Module) {
  68             $this->inAModule = false;
  69
  70             $node->setNode('display_start', new Twig_Node(array(new Twig_Node_CheckSecurity($this->filters, $this->tags, $this->functions), $node->getNode('display_start'))));
  71         }
  72
  73         return $node;
  74     }
  75
  76     public function getPriority()
  77     {
  78         return 0;
  79     }
  80 }
  81
  82 class_alias('Twig_NodeVisitor_Sandbox', 'Twig\NodeVisitor\SandboxNodeVisitor', false);