[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /*
   4   * This file is part of Twig.
   5   *
   6   * (c) Fabien Potencier
   7   *
   8   * For the full copyright and license information, please view the LICENSE
   9   * file that was distributed with this source code.
  10   */
  11  
  12  namespace Twig\Node;
  13  
  14  use Twig\Compiler;
  15  
  16  /**
  17   * @author Fabien Potencier <fabien@symfony.com>
  18   */
  19  class CheckSecurityNode extends Node
  20  {
  21      private $usedFilters;
  22      private $usedTags;
  23      private $usedFunctions;
  24  
  25      public function __construct(array $usedFilters, array $usedTags, array $usedFunctions)
  26      {
  27          $this->usedFilters = $usedFilters;
  28          $this->usedTags = $usedTags;
  29          $this->usedFunctions = $usedFunctions;
  30  
  31          parent::__construct();
  32      }
  33  
  34      public function compile(Compiler $compiler)
  35      {
  36          $tags = $filters = $functions = [];
  37          foreach (['tags', 'filters', 'functions'] as $type) {
  38              foreach ($this->{'used'.ucfirst($type)} as $name => $node) {
  39                  if ($node instanceof Node) {
  40                      ${$type}[$name] = $node->getTemplateLine();
  41                  } else {
  42                      ${$type}[$node] = null;
  43                  }
  44              }
  45          }
  46  
  47          $compiler
  48              ->write("\n")
  49              ->write("public function checkSecurity()\n")
  50              ->write("{\n")
  51              ->indent()
  52              ->write('static $tags = ')->repr(array_filter($tags))->raw(";\n")
  53              ->write('static $filters = ')->repr(array_filter($filters))->raw(";\n")
  54              ->write('static $functions = ')->repr(array_filter($functions))->raw(";\n\n")
  55              ->write("try {\n")
  56              ->indent()
  57              ->write("\$this->sandbox->checkSecurity(\n")
  58              ->indent()
  59              ->write(!$tags ? "[],\n" : "['".implode("', '", array_keys($tags))."'],\n")
  60              ->write(!$filters ? "[],\n" : "['".implode("', '", array_keys($filters))."'],\n")
  61              ->write(!$functions ? "[]\n" : "['".implode("', '", array_keys($functions))."']\n")
  62              ->outdent()
  63              ->write(");\n")
  64              ->outdent()
  65              ->write("} catch (SecurityError \$e) {\n")
  66              ->indent()
  67              ->write("\$e->setSourceContext(\$this->source);\n\n")
  68              ->write("if (\$e instanceof SecurityNotAllowedTagError && isset(\$tags[\$e->getTagName()])) {\n")
  69              ->indent()
  70              ->write("\$e->setTemplateLine(\$tags[\$e->getTagName()]);\n")
  71              ->outdent()
  72              ->write("} elseif (\$e instanceof SecurityNotAllowedFilterError && isset(\$filters[\$e->getFilterName()])) {\n")
  73              ->indent()
  74              ->write("\$e->setTemplateLine(\$filters[\$e->getFilterName()]);\n")
  75              ->outdent()
  76              ->write("} elseif (\$e instanceof SecurityNotAllowedFunctionError && isset(\$functions[\$e->getFunctionName()])) {\n")
  77              ->indent()
  78              ->write("\$e->setTemplateLine(\$functions[\$e->getFunctionName()]);\n")
  79              ->outdent()
  80              ->write("}\n\n")
  81              ->write("throw \$e;\n")
  82              ->outdent()
  83              ->write("}\n\n")
  84              ->outdent()
  85              ->write("}\n")
  86          ;
  87      }
  88  }
  89  
  90  class_alias('Twig\Node\CheckSecurityNode', 'Twig_Node_CheckSecurity');