| [ Index ] |
PHP Cross Reference of phpBB-3.1.12-deutsch |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * 4 * This file is part of the phpBB Forum Software package. 5 * 6 * @copyright (c) phpBB Limited <https://www.phpbb.com> 7 * @license GNU General Public License, version 2 (GPL-2.0) 8 * 9 * For full copyright and license information, please see 10 * the docs/CREDITS.txt file. 11 * 12 */ 13 14 namespace phpbb\template\twig; 15 16 /** 17 * Twig Template loader 18 */ 19 class loader extends \Twig_Loader_Filesystem 20 { 21 protected $safe_directories = array(); 22 23 /** 24 * Set safe directories 25 * 26 * @param array $directories Array of directories that are safe (empty to clear) 27 * @return \Twig_Loader_Filesystem 28 */ 29 public function setSafeDirectories($directories = array()) 30 { 31 $this->safe_directories = array(); 32 33 if (!empty($directories)) 34 { 35 foreach ($directories as $directory) 36 { 37 $this->addSafeDirectory($directory); 38 } 39 } 40 41 return $this; 42 } 43 44 /** 45 * Add safe directory 46 * 47 * @param string $directory Directory that should be added 48 * @return \Twig_Loader_Filesystem 49 */ 50 public function addSafeDirectory($directory) 51 { 52 $directory = phpbb_realpath($directory); 53 54 if ($directory !== false) 55 { 56 $this->safe_directories[] = $directory; 57 } 58 59 return $this; 60 } 61 62 /** 63 * Get current safe directories 64 * 65 * @return array 66 */ 67 public function getSafeDirectories() 68 { 69 return $this->safe_directories; 70 } 71 72 /** 73 * Override for parent::validateName() 74 * 75 * This is done because we added support for safe directories, and when Twig 76 * findTemplate() is called, validateName() is called first, which would 77 * always throw an exception if the file is outside of the configured 78 * template directories. 79 */ 80 protected function validateName($name) 81 { 82 return; 83 } 84 85 /** 86 * Find the template 87 * 88 * Override for Twig_Loader_Filesystem::findTemplate to add support 89 * for loading from safe directories. 90 */ 91 protected function findTemplate($name) 92 { 93 $name = (string) $name; 94 95 // normalize name 96 $name = preg_replace('#/{2,}#', '/', strtr($name, '\\', '/')); 97 98 // If this is in the cache we can skip the entire process below 99 // as it should have already been validated 100 if (isset($this->cache[$name])) 101 { 102 return $this->cache[$name]; 103 } 104 105 // First, find the template name. The override above of validateName 106 // causes the validateName process to be skipped for this call 107 $file = parent::findTemplate($name); 108 109 try 110 { 111 // Try validating the name (which may throw an exception) 112 parent::validateName($name); 113 } 114 catch (\Twig_Error_Loader $e) 115 { 116 if (strpos($e->getRawMessage(), 'Looks like you try to load a template outside configured directories') === 0) 117 { 118 // Ok, so outside of the configured template directories, we 119 // can now check if we're within a "safe" directory 120 121 // Find the real path of the directory the file is in 122 $directory = phpbb_realpath(dirname($file)); 123 124 if ($directory === false) 125 { 126 // Some sort of error finding the actual path, must throw the exception 127 throw $e; 128 } 129 130 foreach ($this->safe_directories as $safe_directory) 131 { 132 if (strpos($directory, $safe_directory) === 0) 133 { 134 // The directory being loaded is below a directory 135 // that is "safe". We're good to load it! 136 return $file; 137 } 138 } 139 } 140 141 // Not within any safe directories 142 throw $e; 143 } 144 145 // No exception from validateName, safe to load. 146 return $file; 147 } 148 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Jan 11 00:25:41 2018 | Cross-referenced by PHPXref 0.7.1 |