1<?php 2 3/* 4 * This file is part of Twig. 5 * 6 * (c) Fabien Potencier 7 * 8 * For the full copyright and license information, please view the LICENSE 9 * file that was distributed with this source code. 10 */ 11 12namespace Twig\Node; 13 14use Twig\Compiler; 15 16/** 17 * @author Fabien Potencier <fabien@symfony.com> 18 */ 19class CheckSecurityNode extends Node 20{ 21 protected $usedFilters; 22 protected $usedTags; 23 protected $usedFunctions; 24 25 public function __construct(array $usedFilters, array $usedTags, array $usedFunctions) 26 { 27 $this->usedFilters = $usedFilters; 28 $this->usedTags = $usedTags; 29 $this->usedFunctions = $usedFunctions; 30 31 parent::__construct(); 32 } 33 34 public function compile(Compiler $compiler) 35 { 36 $tags = $filters = $functions = []; 37 foreach (['tags', 'filters', 'functions'] as $type) { 38 foreach ($this->{'used'.ucfirst($type)} as $name => $node) { 39 if ($node instanceof Node) { 40 ${$type}[$name] = $node->getTemplateLine(); 41 } else { 42 ${$type}[$node] = null; 43 } 44 } 45 } 46 47 $compiler 48 ->write("\$this->sandbox = \$this->env->getExtension('\Twig\Extension\SandboxExtension');\n") 49 ->write('$tags = ')->repr(array_filter($tags))->raw(";\n") 50 ->write('$filters = ')->repr(array_filter($filters))->raw(";\n") 51 ->write('$functions = ')->repr(array_filter($functions))->raw(";\n\n") 52 ->write("try {\n") 53 ->indent() 54 ->write("\$this->sandbox->checkSecurity(\n") 55 ->indent() 56 ->write(!$tags ? "[],\n" : "['".implode("', '", array_keys($tags))."'],\n") 57 ->write(!$filters ? "[],\n" : "['".implode("', '", array_keys($filters))."'],\n") 58 ->write(!$functions ? "[]\n" : "['".implode("', '", array_keys($functions))."']\n") 59 ->outdent() 60 ->write(");\n") 61 ->outdent() 62 ->write("} catch (SecurityError \$e) {\n") 63 ->indent() 64 ->write("\$e->setSourceContext(\$this->getSourceContext());\n\n") 65 ->write("if (\$e instanceof SecurityNotAllowedTagError && isset(\$tags[\$e->getTagName()])) {\n") 66 ->indent() 67 ->write("\$e->setTemplateLine(\$tags[\$e->getTagName()]);\n") 68 ->outdent() 69 ->write("} elseif (\$e instanceof SecurityNotAllowedFilterError && isset(\$filters[\$e->getFilterName()])) {\n") 70 ->indent() 71 ->write("\$e->setTemplateLine(\$filters[\$e->getFilterName()]);\n") 72 ->outdent() 73 ->write("} elseif (\$e instanceof SecurityNotAllowedFunctionError && isset(\$functions[\$e->getFunctionName()])) {\n") 74 ->indent() 75 ->write("\$e->setTemplateLine(\$functions[\$e->getFunctionName()]);\n") 76 ->outdent() 77 ->write("}\n\n") 78 ->write("throw \$e;\n") 79 ->outdent() 80 ->write("}\n\n") 81 ; 82 } 83} 84 85class_alias('Twig\Node\CheckSecurityNode', 'Twig_Node_CheckSecurity'); 86