vendor/twig/twig/lib/Twig/Extension/Sandbox.php

   1 <?php
   2
   3 /*
   4  * This file is part of Twig.
   5  *
   6  * (c) 2009 Fabien Potencier
   7  *
   8  * For the full copyright and license information, please view the LICENSE
   9  * file that was distributed with this source code.
  10  */
  11 class Twig_Extension_Sandbox extends Twig_Extension
  12 {
  13     protected $sandboxedGlobally;
  14     protected $sandboxed;
  15     protected $policy;
  16
  17     public function __construct(Twig_Sandbox_SecurityPolicyInterface $policy, $sandboxed = false)
  18     {
  19         $this->policy            = $policy;
  20         $this->sandboxedGlobally = $sandboxed;
  21     }
  22
  23     /**
  24      * Returns the token parser instances to add to the existing list.
  25      *
  26      * @return array An array of Twig_TokenParserInterface or Twig_TokenParserBrokerInterface instances
  27      */
  28     public function getTokenParsers()
  29     {
  30         return array(new Twig_TokenParser_Sandbox());
  31     }
  32
  33     /**
  34      * Returns the node visitor instances to add to the existing list.
  35      *
  36      * @return array An array of Twig_NodeVisitorInterface instances
  37      */
  38     public function getNodeVisitors()
  39     {
  40         return array(new Twig_NodeVisitor_Sandbox());
  41     }
  42
  43     public function enableSandbox()
  44     {
  45         $this->sandboxed = true;
  46     }
  47
  48     public function disableSandbox()
  49     {
  50         $this->sandboxed = false;
  51     }
  52
  53     public function isSandboxed()
  54     {
  55         return $this->sandboxedGlobally || $this->sandboxed;
  56     }
  57
  58     public function isSandboxedGlobally()
  59     {
  60         return $this->sandboxedGlobally;
  61     }
  62
  63     public function setSecurityPolicy(Twig_Sandbox_SecurityPolicyInterface $policy)
  64     {
  65         $this->policy = $policy;
  66     }
  67
  68     public function getSecurityPolicy()
  69     {
  70         return $this->policy;
  71     }
  72
  73     public function checkSecurity($tags, $filters, $functions)
  74     {
  75         if ($this->isSandboxed()) {
  76             $this->policy->checkSecurity($tags, $filters, $functions);
  77         }
  78     }
  79
  80     public function checkMethodAllowed($obj, $method)
  81     {
  82         if ($this->isSandboxed()) {
  83             $this->policy->checkMethodAllowed($obj, $method);
  84         }
  85     }
  86
  87     public function checkPropertyAllowed($obj, $method)
  88     {
  89         if ($this->isSandboxed()) {
  90             $this->policy->checkPropertyAllowed($obj, $method);
  91         }
  92     }
  93
  94     public function ensureToStringAllowed($obj)
  95     {
  96         if (is_object($obj)) {
  97             $this->policy->checkMethodAllowed($obj, '__toString');
  98         }
  99
 100         return $obj;
 101     }
 102
 103     /**
 104      * Returns the name of the extension.
 105      *
 106      * @return string The extension name
 107      */
 108     public function getName()
 109     {
 110         return 'sandbox';
 111     }
 112 }