[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /*
   4   * This file is part of Twig.
   5   *
   6   * (c) Fabien Potencier
   7   *
   8   * For the full copyright and license information, please view the LICENSE
   9   * file that was distributed with this source code.
  10   */
  11  
  12  namespace Twig\Node;
  13  
  14  use Twig\Compiler;
  15  
  16  /**
  17   * @author Fabien Potencier <fabien@symfony.com>
  18   */
  19  class CheckSecurityNode extends Node
  20  {
  21      protected $usedFilters;
  22      protected $usedTags;
  23      protected $usedFunctions;
  24  
  25      public function __construct(array $usedFilters, array $usedTags, array $usedFunctions)
  26      {
  27          $this->usedFilters = $usedFilters;
  28          $this->usedTags = $usedTags;
  29          $this->usedFunctions = $usedFunctions;
  30  
  31          parent::__construct();
  32      }
  33  
  34      public function compile(Compiler $compiler)
  35      {
  36          $tags = $filters = $functions = [];
  37          foreach (['tags', 'filters', 'functions'] as $type) {
  38              foreach ($this->{'used'.ucfirst($type)} as $name => $node) {
  39                  if ($node instanceof Node) {
  40                      ${$type}[$name] = $node->getTemplateLine();
  41                  } else {
  42                      ${$type}[$node] = null;
  43                  }
  44              }
  45          }
  46  
  47          $compiler
  48              ->write("\$this->sandbox = \$this->env->getExtension('\Twig\Extension\SandboxExtension');\n")
  49              ->write('$tags = ')->repr(array_filter($tags))->raw(";\n")
  50              ->write('$filters = ')->repr(array_filter($filters))->raw(";\n")
  51              ->write('$functions = ')->repr(array_filter($functions))->raw(";\n\n")
  52              ->write("try {\n")
  53              ->indent()
  54              ->write("\$this->sandbox->checkSecurity(\n")
  55              ->indent()
  56              ->write(!$tags ? "[],\n" : "['".implode("', '", array_keys($tags))."'],\n")
  57              ->write(!$filters ? "[],\n" : "['".implode("', '", array_keys($filters))."'],\n")
  58              ->write(!$functions ? "[]\n" : "['".implode("', '", array_keys($functions))."']\n")
  59              ->outdent()
  60              ->write(");\n")
  61              ->outdent()
  62              ->write("} catch (SecurityError \$e) {\n")
  63              ->indent()
  64              ->write("\$e->setSourceContext(\$this->getSourceContext());\n\n")
  65              ->write("if (\$e instanceof SecurityNotAllowedTagError && isset(\$tags[\$e->getTagName()])) {\n")
  66              ->indent()
  67              ->write("\$e->setTemplateLine(\$tags[\$e->getTagName()]);\n")
  68              ->outdent()
  69              ->write("} elseif (\$e instanceof SecurityNotAllowedFilterError && isset(\$filters[\$e->getFilterName()])) {\n")
  70              ->indent()
  71              ->write("\$e->setTemplateLine(\$filters[\$e->getFilterName()]);\n")
  72              ->outdent()
  73              ->write("} elseif (\$e instanceof SecurityNotAllowedFunctionError && isset(\$functions[\$e->getFunctionName()])) {\n")
  74              ->indent()
  75              ->write("\$e->setTemplateLine(\$functions[\$e->getFunctionName()]);\n")
  76              ->outdent()
  77              ->write("}\n\n")
  78              ->write("throw \$e;\n")
  79              ->outdent()
  80              ->write("}\n\n")
  81          ;
  82      }
  83  }
  84  
  85  class_alias('Twig\Node\CheckSecurityNode', 'Twig_Node_CheckSecurity');