1<?php 2 3/* 4 * This file is part of Twig. 5 * 6 * (c) Fabien Potencier 7 * 8 * For the full copyright and license information, please view the LICENSE 9 * file that was distributed with this source code. 10 */ 11 12namespace Twig\Node; 13 14use Twig\Compiler; 15use Twig\Node\Expression\ConstantExpression; 16use Twig\Node\Expression\FilterExpression; 17 18/** 19 * Adds a check for the __toString() method when the variable is an object and the sandbox is activated. 20 * 21 * When there is a simple Print statement, like {{ article }}, 22 * and if the sandbox is enabled, we need to check that the __toString() 23 * method is allowed if 'article' is an object. 24 * 25 * Not used anymore, to be deprecated in 2.x and removed in 3.0 26 * 27 * @author Fabien Potencier <fabien@symfony.com> 28 */ 29class SandboxedPrintNode extends PrintNode 30{ 31 public function compile(Compiler $compiler) 32 { 33 $compiler 34 ->addDebugInfo($this) 35 ->write('echo ') 36 ; 37 $expr = $this->getNode('expr'); 38 if ($expr instanceof ConstantExpression) { 39 $compiler 40 ->subcompile($expr) 41 ->raw(";\n") 42 ; 43 } else { 44 $compiler 45 ->write('$this->env->getExtension(\'\Twig\Extension\SandboxExtension\')->ensureToStringAllowed(') 46 ->subcompile($expr) 47 ->raw(");\n") 48 ; 49 } 50 } 51 52 /** 53 * Removes node filters. 54 * 55 * This is mostly needed when another visitor adds filters (like the escaper one). 56 * 57 * @return Node 58 */ 59 protected function removeNodeFilter(Node $node) 60 { 61 if ($node instanceof FilterExpression) { 62 return $this->removeNodeFilter($node->getNode('node')); 63 } 64 65 return $node; 66 } 67} 68 69class_alias('Twig\Node\SandboxedPrintNode', 'Twig_Node_SandboxedPrint'); 70