]> git.immae.eu Git - github/wallabag/wallabag.git/blob - inc/Twig/Sandbox/SecurityPolicy.php
projects / github / wallabag / wallabag.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
delete some files
[github/wallabag/wallabag.git] / inc / Twig / Sandbox / SecurityPolicy.php
1 <?php
2
3 /*
4 * This file is part of Twig.
5 *
6 * (c) 2009 Fabien Potencier
7 *
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this source code.
10 */
11
12 /**
13 * Represents a security policy which need to be enforced when sandbox mode is enabled.
14 *
15 * @author Fabien Potencier <fabien@symfony.com>
16 */
17 class Twig_Sandbox_SecurityPolicy implements Twig_Sandbox_SecurityPolicyInterface
18 {
19 protected $allowedTags;
20 protected $allowedFilters;
21 protected $allowedMethods;
22 protected $allowedProperties;
23 protected $allowedFunctions;
24
25 public function __construct(array $allowedTags = array(), array $allowedFilters = array(), array $allowedMethods = array(), array $allowedProperties = array(), array $allowedFunctions = array())
26 {
27 $this->allowedTags = $allowedTags;
28 $this->allowedFilters = $allowedFilters;
29 $this->setAllowedMethods($allowedMethods);
30 $this->allowedProperties = $allowedProperties;
31 $this->allowedFunctions = $allowedFunctions;
32 }
33
34 public function setAllowedTags(array $tags)
35 {
36 $this->allowedTags = $tags;
37 }
38
39 public function setAllowedFilters(array $filters)
40 {
41 $this->allowedFilters = $filters;
42 }
43
44 public function setAllowedMethods(array $methods)
45 {
46 $this->allowedMethods = array();
47 foreach ($methods as $class => $m) {
48 $this->allowedMethods[$class] = array_map('strtolower', is_array($m) ? $m : array($m));
49 }
50 }
51
52 public function setAllowedProperties(array $properties)
53 {
54 $this->allowedProperties = $properties;
55 }
56
57 public function setAllowedFunctions(array $functions)
58 {
59 $this->allowedFunctions = $functions;
60 }
61
62 public function checkSecurity($tags, $filters, $functions)
63 {
64 foreach ($tags as $tag) {
65 if (!in_array($tag, $this->allowedTags)) {
66 throw new Twig_Sandbox_SecurityError(sprintf('Tag "%s" is not allowed.', $tag));
67 }
68 }
69
70 foreach ($filters as $filter) {
71 if (!in_array($filter, $this->allowedFilters)) {
72 throw new Twig_Sandbox_SecurityError(sprintf('Filter "%s" is not allowed.', $filter));
73 }
74 }
75
76 foreach ($functions as $function) {
77 if (!in_array($function, $this->allowedFunctions)) {
78 throw new Twig_Sandbox_SecurityError(sprintf('Function "%s" is not allowed.', $function));
79 }
80 }
81 }
82
83 public function checkMethodAllowed($obj, $method)
84 {
85 if ($obj instanceof Twig_TemplateInterface || $obj instanceof Twig_Markup) {
86 return true;
87 }
88
89 $allowed = false;
90 $method = strtolower($method);
91 foreach ($this->allowedMethods as $class => $methods) {
92 if ($obj instanceof $class) {
93 $allowed = in_array($method, $methods);
94
95 break;
96 }
97 }
98
99 if (!$allowed) {
100 throw new Twig_Sandbox_SecurityError(sprintf('Calling "%s" method on a "%s" object is not allowed.', $method, get_class($obj)));
101 }
102 }
103
104 public function checkPropertyAllowed($obj, $property)
105 {
106 $allowed = false;
107 foreach ($this->allowedProperties as $class => $properties) {
108 if ($obj instanceof $class) {
109 $allowed = in_array($property, is_array($properties) ? $properties : array($properties));
110
111 break;
112 }
113 }
114
115 if (!$allowed) {
116 throw new Twig_Sandbox_SecurityError(sprintf('Calling "%s" property on a "%s" object is not allowed.', $property, get_class($obj)));
117 }
118 }
119 }
A self hostable application for saving web pages: Save and classify articles. Read them later. Freely.