PHPXRef 0.7.1 : phpBB-3.2.11-deutsch : /phpbb/template/twig/loader.php source

[Summary view] [Print] [Text view]
   1  <?php
   2  /**
   3  *
   4  * This file is part of the phpBB Forum Software package.
   5  *
   6  * @copyright (c) phpBB Limited <https://www.phpbb.com>
   7  * @license GNU General Public License, version 2 (GPL-2.0)
   8  *
   9  * For full copyright and license information, please see
  10  * the docs/CREDITS.txt file.
  11  *
  12  */
  13  
  14  namespace phpbb\template\twig;
  15  
  16  /**
  17  * Twig Template loader
  18  */
  19  class loader extends \Twig_Loader_Filesystem
  20  {
  21      protected $safe_directories = array();
  22  
  23      /**
  24       * @var \phpbb\filesystem\filesystem_interface
  25       */
  26      protected $filesystem;
  27  
  28      /**
  29       * Constructor
  30       *
  31       * @param \phpbb\filesystem\filesystem_interface $filesystem
  32       * @param string|array    $paths
  33       */
  34  	public function __construct(\phpbb\filesystem\filesystem_interface $filesystem, $paths = array())
  35      {
  36          $this->filesystem = $filesystem;
  37  
  38          parent::__construct($paths, $this->filesystem->realpath(dirname(__FILE__)));
  39      }
  40  
  41      /**
  42      * Set safe directories
  43      *
  44      * @param array $directories Array of directories that are safe (empty to clear)
  45      * @return \Twig_Loader_Filesystem
  46      */
  47  	public function setSafeDirectories($directories = array())
  48      {
  49          $this->safe_directories = array();
  50  
  51          if (!empty($directories))
  52          {
  53              foreach ($directories as $directory)
  54              {
  55                  $this->addSafeDirectory($directory);
  56              }
  57          }
  58  
  59          return $this;
  60      }
  61  
  62      /**
  63      * Add safe directory
  64      *
  65      * @param string $directory Directory that should be added
  66      * @return \Twig_Loader_Filesystem
  67      */
  68  	public function addSafeDirectory($directory)
  69      {
  70          $directory = $this->filesystem->realpath($directory);
  71  
  72          if ($directory !== false)
  73          {
  74              $this->safe_directories[] = $directory;
  75          }
  76  
  77          return $this;
  78      }
  79  
  80      /**
  81      * Get current safe directories
  82      *
  83      * @return array
  84      */
  85  	public function getSafeDirectories()
  86      {
  87          return $this->safe_directories;
  88      }
  89  
  90      /**
  91      * Override for parent::validateName()
  92      *
  93      * This is done because we added support for safe directories, and when Twig
  94      *    findTemplate() is called, validateName() is called first, which would
  95      *    always throw an exception if the file is outside of the configured
  96      *    template directories.
  97      */
  98  	protected function validateName($name)
  99      {
 100          return;
 101      }
 102  
 103      /**
 104       * Adds a realpath call to fix a BC break in Twig 1.26 (https://github.com/twigphp/Twig/issues/2145)
 105       *
 106       * {@inheritdoc}
 107       */
 108  	public function addPath($path, $namespace = self::MAIN_NAMESPACE)
 109      {
 110          return parent::addPath($this->filesystem->realpath($path), $namespace);
 111      }
 112  
 113      /**
 114      * Find the template
 115      *
 116      * Override for Twig_Loader_Filesystem::findTemplate to add support
 117      *    for loading from safe directories.
 118      */
 119  	protected function findTemplate($name)
 120      {
 121          $name = (string) $name;
 122  
 123          // normalize name
 124          $name = preg_replace('#/{2,}#', '/', strtr($name, '\\', '/'));
 125  
 126          // If this is in the cache we can skip the entire process below
 127          //    as it should have already been validated
 128          if (isset($this->cache[$name]))
 129          {
 130              return $this->cache[$name];
 131          }
 132  
 133          // First, find the template name. The override above of validateName
 134          //    causes the validateName process to be skipped for this call
 135          $file = parent::findTemplate($name);
 136  
 137          try
 138          {
 139              // Try validating the name (which may throw an exception)
 140              parent::validateName($name);
 141          }
 142          catch (\Twig_Error_Loader $e)
 143          {
 144              if (strpos($e->getRawMessage(), 'Looks like you try to load a template outside configured directories') === 0)
 145              {
 146                  // Ok, so outside of the configured template directories, we
 147                  //    can now check if we're within a "safe" directory
 148  
 149                  // Find the real path of the directory the file is in
 150                  $directory = $this->filesystem->realpath(dirname($file));
 151  
 152                  if ($directory === false)
 153                  {
 154                      // Some sort of error finding the actual path, must throw the exception
 155                      throw $e;
 156                  }
 157  
 158                  foreach ($this->safe_directories as $safe_directory)
 159                  {
 160                      if (strpos($directory, $safe_directory) === 0)
 161                      {
 162                          // The directory being loaded is below a directory
 163                          // that is "safe". We're good to load it!
 164                          return $file;
 165                      }
 166                  }
 167              }
 168  
 169              // Not within any safe directories
 170              throw $e;
 171          }
 172  
 173          // No exception from validateName, safe to load.
 174          return $file;
 175      }
 176  }
PHP Cross Reference of phpBB-3.2.11-deutsch

/phpbb/template/twig/ -> loader.php (source)
