1<?php 2 3/* 4 * This file is part of Twig. 5 * 6 * (c) 2015 Fabien Potencier 7 * 8 * For the full copyright and license information, please view the LICENSE 9 * file that was distributed with this source code. 10 */ 11 12/** 13 * @author Fabien Potencier <fabien@symfony.com> 14 */ 15class Twig_Node_CheckSecurity extends Twig_Node 16{ 17 protected $usedFilters; 18 protected $usedTags; 19 protected $usedFunctions; 20 21 public function __construct(array $usedFilters, array $usedTags, array $usedFunctions) 22 { 23 $this->usedFilters = $usedFilters; 24 $this->usedTags = $usedTags; 25 $this->usedFunctions = $usedFunctions; 26 27 parent::__construct(); 28 } 29 30 public function compile(Twig_Compiler $compiler) 31 { 32 $tags = $filters = $functions = array(); 33 foreach (array('tags', 'filters', 'functions') as $type) { 34 foreach ($this->{'used'.ucfirst($type)} as $name => $node) { 35 if ($node instanceof Twig_Node) { 36 ${$type}[$name] = $node->getTemplateLine(); 37 } else { 38 ${$type}[$node] = null; 39 } 40 } 41 } 42 43 $compiler 44 ->write('$tags = ')->repr(array_filter($tags))->raw(";\n") 45 ->write('$filters = ')->repr(array_filter($filters))->raw(";\n") 46 ->write('$functions = ')->repr(array_filter($functions))->raw(";\n\n") 47 ->write("try {\n") 48 ->indent() 49 ->write("\$this->env->getExtension('Twig_Extension_Sandbox')->checkSecurity(\n") 50 ->indent() 51 ->write(!$tags ? "array(),\n" : "array('".implode("', '", array_keys($tags))."'),\n") 52 ->write(!$filters ? "array(),\n" : "array('".implode("', '", array_keys($filters))."'),\n") 53 ->write(!$functions ? "array()\n" : "array('".implode("', '", array_keys($functions))."')\n") 54 ->outdent() 55 ->write(");\n") 56 ->outdent() 57 ->write("} catch (Twig_Sandbox_SecurityError \$e) {\n") 58 ->indent() 59 ->write("\$e->setSourceContext(\$this->getSourceContext());\n\n") 60 ->write("if (\$e instanceof Twig_Sandbox_SecurityNotAllowedTagError && isset(\$tags[\$e->getTagName()])) {\n") 61 ->indent() 62 ->write("\$e->setTemplateLine(\$tags[\$e->getTagName()]);\n") 63 ->outdent() 64 ->write("} elseif (\$e instanceof Twig_Sandbox_SecurityNotAllowedFilterError && isset(\$filters[\$e->getFilterName()])) {\n") 65 ->indent() 66 ->write("\$e->setTemplateLine(\$filters[\$e->getFilterName()]);\n") 67 ->outdent() 68 ->write("} elseif (\$e instanceof Twig_Sandbox_SecurityNotAllowedFunctionError && isset(\$functions[\$e->getFunctionName()])) {\n") 69 ->indent() 70 ->write("\$e->setTemplateLine(\$functions[\$e->getFunctionName()]);\n") 71 ->outdent() 72 ->write("}\n\n") 73 ->write("throw \$e;\n") 74 ->outdent() 75 ->write("}\n\n") 76 ; 77 } 78} 79