|
1 <?php |
|
2 |
|
3 /* |
|
4 * This file is part of Twig. |
|
5 * |
|
6 * (c) 2009 Fabien Potencier |
|
7 * |
|
8 * For the full copyright and license information, please view the LICENSE |
|
9 * file that was distributed with this source code. |
|
10 */ |
|
11 class Twig_Extension_Sandbox extends Twig_Extension |
|
12 { |
|
13 protected $sandboxedGlobally; |
|
14 protected $sandboxed; |
|
15 protected $policy; |
|
16 |
|
17 public function __construct(Twig_Sandbox_SecurityPolicyInterface $policy, $sandboxed = false) |
|
18 { |
|
19 $this->policy = $policy; |
|
20 $this->sandboxedGlobally = $sandboxed; |
|
21 } |
|
22 |
|
23 /** |
|
24 * Returns the token parser instances to add to the existing list. |
|
25 * |
|
26 * @return array An array of Twig_TokenParserInterface or Twig_TokenParserBrokerInterface instances |
|
27 */ |
|
28 public function getTokenParsers() |
|
29 { |
|
30 return array(new Twig_TokenParser_Sandbox()); |
|
31 } |
|
32 |
|
33 /** |
|
34 * Returns the node visitor instances to add to the existing list. |
|
35 * |
|
36 * @return array An array of Twig_NodeVisitorInterface instances |
|
37 */ |
|
38 public function getNodeVisitors() |
|
39 { |
|
40 return array(new Twig_NodeVisitor_Sandbox()); |
|
41 } |
|
42 |
|
43 public function enableSandbox() |
|
44 { |
|
45 $this->sandboxed = true; |
|
46 } |
|
47 |
|
48 public function disableSandbox() |
|
49 { |
|
50 $this->sandboxed = false; |
|
51 } |
|
52 |
|
53 public function isSandboxed() |
|
54 { |
|
55 return $this->sandboxedGlobally || $this->sandboxed; |
|
56 } |
|
57 |
|
58 public function isSandboxedGlobally() |
|
59 { |
|
60 return $this->sandboxedGlobally; |
|
61 } |
|
62 |
|
63 public function setSecurityPolicy(Twig_Sandbox_SecurityPolicyInterface $policy) |
|
64 { |
|
65 $this->policy = $policy; |
|
66 } |
|
67 |
|
68 public function getSecurityPolicy() |
|
69 { |
|
70 return $this->policy; |
|
71 } |
|
72 |
|
73 public function checkSecurity($tags, $filters, $functions) |
|
74 { |
|
75 if ($this->isSandboxed()) { |
|
76 $this->policy->checkSecurity($tags, $filters, $functions); |
|
77 } |
|
78 } |
|
79 |
|
80 public function checkMethodAllowed($obj, $method) |
|
81 { |
|
82 if ($this->isSandboxed()) { |
|
83 $this->policy->checkMethodAllowed($obj, $method); |
|
84 } |
|
85 } |
|
86 |
|
87 public function checkPropertyAllowed($obj, $method) |
|
88 { |
|
89 if ($this->isSandboxed()) { |
|
90 $this->policy->checkPropertyAllowed($obj, $method); |
|
91 } |
|
92 } |
|
93 |
|
94 public function ensureToStringAllowed($obj) |
|
95 { |
|
96 if (is_object($obj)) { |
|
97 $this->policy->checkMethodAllowed($obj, '__toString'); |
|
98 } |
|
99 |
|
100 return $obj; |
|
101 } |
|
102 |
|
103 /** |
|
104 * Returns the name of the extension. |
|
105 * |
|
106 * @return string The extension name |
|
107 */ |
|
108 public function getName() |
|
109 { |
|
110 return 'sandbox'; |
|
111 } |
|
112 } |