1<?php
2
3/*
4 * This file is part of Twig.
5 *
6 * (c) Fabien Potencier
7 *
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this source code.
10 */
11
12namespace Twig\Node;
13
14use Twig\Compiler;
15
16/**
17 * @author Fabien Potencier <fabien@symfony.com>
18 */
19class CheckSecurityNode extends Node
20{
21    protected $usedFilters;
22    protected $usedTags;
23    protected $usedFunctions;
24
25    public function __construct(array $usedFilters, array $usedTags, array $usedFunctions)
26    {
27        $this->usedFilters = $usedFilters;
28        $this->usedTags = $usedTags;
29        $this->usedFunctions = $usedFunctions;
30
31        parent::__construct();
32    }
33
34    public function compile(Compiler $compiler)
35    {
36        $tags = $filters = $functions = [];
37        foreach (['tags', 'filters', 'functions'] as $type) {
38            foreach ($this->{'used'.ucfirst($type)} as $name => $node) {
39                if ($node instanceof Node) {
40                    ${$type}[$name] = $node->getTemplateLine();
41                } else {
42                    ${$type}[$node] = null;
43                }
44            }
45        }
46
47        $compiler
48            ->write("\$this->sandbox = \$this->env->getExtension('\Twig\Extension\SandboxExtension');\n")
49            ->write('$tags = ')->repr(array_filter($tags))->raw(";\n")
50            ->write('$filters = ')->repr(array_filter($filters))->raw(";\n")
51            ->write('$functions = ')->repr(array_filter($functions))->raw(";\n\n")
52            ->write("try {\n")
53            ->indent()
54            ->write("\$this->sandbox->checkSecurity(\n")
55            ->indent()
56            ->write(!$tags ? "[],\n" : "['".implode("', '", array_keys($tags))."'],\n")
57            ->write(!$filters ? "[],\n" : "['".implode("', '", array_keys($filters))."'],\n")
58            ->write(!$functions ? "[]\n" : "['".implode("', '", array_keys($functions))."']\n")
59            ->outdent()
60            ->write(");\n")
61            ->outdent()
62            ->write("} catch (SecurityError \$e) {\n")
63            ->indent()
64            ->write("\$e->setSourceContext(\$this->getSourceContext());\n\n")
65            ->write("if (\$e instanceof SecurityNotAllowedTagError && isset(\$tags[\$e->getTagName()])) {\n")
66            ->indent()
67            ->write("\$e->setTemplateLine(\$tags[\$e->getTagName()]);\n")
68            ->outdent()
69            ->write("} elseif (\$e instanceof SecurityNotAllowedFilterError && isset(\$filters[\$e->getFilterName()])) {\n")
70            ->indent()
71            ->write("\$e->setTemplateLine(\$filters[\$e->getFilterName()]);\n")
72            ->outdent()
73            ->write("} elseif (\$e instanceof SecurityNotAllowedFunctionError && isset(\$functions[\$e->getFunctionName()])) {\n")
74            ->indent()
75            ->write("\$e->setTemplateLine(\$functions[\$e->getFunctionName()]);\n")
76            ->outdent()
77            ->write("}\n\n")
78            ->write("throw \$e;\n")
79            ->outdent()
80            ->write("}\n\n")
81        ;
82    }
83}
84
85class_alias('Twig\Node\CheckSecurityNode', 'Twig_Node_CheckSecurity');
86