aboutsummaryrefslogtreecommitdiffhomepage
path: root/inc/3rdparty/Twig/Sandbox
diff options
context:
space:
mode:
Diffstat (limited to 'inc/3rdparty/Twig/Sandbox')
-rw-r--r--inc/3rdparty/Twig/Sandbox/SecurityError.php19
-rw-r--r--inc/3rdparty/Twig/Sandbox/SecurityPolicy.php119
-rw-r--r--inc/3rdparty/Twig/Sandbox/SecurityPolicyInterface.php24
3 files changed, 162 insertions, 0 deletions
diff --git a/inc/3rdparty/Twig/Sandbox/SecurityError.php b/inc/3rdparty/Twig/Sandbox/SecurityError.php
new file mode 100644
index 00000000..015bfaea
--- /dev/null
+++ b/inc/3rdparty/Twig/Sandbox/SecurityError.php
@@ -0,0 +1,19 @@
1<?php
2
3/*
4 * This file is part of Twig.
5 *
6 * (c) 2009 Fabien Potencier
7 *
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this source code.
10 */
11
12/**
13 * Exception thrown when a security error occurs at runtime.
14 *
15 * @author Fabien Potencier <fabien@symfony.com>
16 */
17class Twig_Sandbox_SecurityError extends Twig_Error
18{
19}
diff --git a/inc/3rdparty/Twig/Sandbox/SecurityPolicy.php b/inc/3rdparty/Twig/Sandbox/SecurityPolicy.php
new file mode 100644
index 00000000..66ee2332
--- /dev/null
+++ b/inc/3rdparty/Twig/Sandbox/SecurityPolicy.php
@@ -0,0 +1,119 @@
1<?php
2
3/*
4 * This file is part of Twig.
5 *
6 * (c) 2009 Fabien Potencier
7 *
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this source code.
10 */
11
12/**
13 * Represents a security policy which need to be enforced when sandbox mode is enabled.
14 *
15 * @author Fabien Potencier <fabien@symfony.com>
16 */
17class Twig_Sandbox_SecurityPolicy implements Twig_Sandbox_SecurityPolicyInterface
18{
19 protected $allowedTags;
20 protected $allowedFilters;
21 protected $allowedMethods;
22 protected $allowedProperties;
23 protected $allowedFunctions;
24
25 public function __construct(array $allowedTags = array(), array $allowedFilters = array(), array $allowedMethods = array(), array $allowedProperties = array(), array $allowedFunctions = array())
26 {
27 $this->allowedTags = $allowedTags;
28 $this->allowedFilters = $allowedFilters;
29 $this->setAllowedMethods($allowedMethods);
30 $this->allowedProperties = $allowedProperties;
31 $this->allowedFunctions = $allowedFunctions;
32 }
33
34 public function setAllowedTags(array $tags)
35 {
36 $this->allowedTags = $tags;
37 }
38
39 public function setAllowedFilters(array $filters)
40 {
41 $this->allowedFilters = $filters;
42 }
43
44 public function setAllowedMethods(array $methods)
45 {
46 $this->allowedMethods = array();
47 foreach ($methods as $class => $m) {
48 $this->allowedMethods[$class] = array_map('strtolower', is_array($m) ? $m : array($m));
49 }
50 }
51
52 public function setAllowedProperties(array $properties)
53 {
54 $this->allowedProperties = $properties;
55 }
56
57 public function setAllowedFunctions(array $functions)
58 {
59 $this->allowedFunctions = $functions;
60 }
61
62 public function checkSecurity($tags, $filters, $functions)
63 {
64 foreach ($tags as $tag) {
65 if (!in_array($tag, $this->allowedTags)) {
66 throw new Twig_Sandbox_SecurityError(sprintf('Tag "%s" is not allowed.', $tag));
67 }
68 }
69
70 foreach ($filters as $filter) {
71 if (!in_array($filter, $this->allowedFilters)) {
72 throw new Twig_Sandbox_SecurityError(sprintf('Filter "%s" is not allowed.', $filter));
73 }
74 }
75
76 foreach ($functions as $function) {
77 if (!in_array($function, $this->allowedFunctions)) {
78 throw new Twig_Sandbox_SecurityError(sprintf('Function "%s" is not allowed.', $function));
79 }
80 }
81 }
82
83 public function checkMethodAllowed($obj, $method)
84 {
85 if ($obj instanceof Twig_TemplateInterface || $obj instanceof Twig_Markup) {
86 return true;
87 }
88
89 $allowed = false;
90 $method = strtolower($method);
91 foreach ($this->allowedMethods as $class => $methods) {
92 if ($obj instanceof $class) {
93 $allowed = in_array($method, $methods);
94
95 break;
96 }
97 }
98
99 if (!$allowed) {
100 throw new Twig_Sandbox_SecurityError(sprintf('Calling "%s" method on a "%s" object is not allowed.', $method, get_class($obj)));
101 }
102 }
103
104 public function checkPropertyAllowed($obj, $property)
105 {
106 $allowed = false;
107 foreach ($this->allowedProperties as $class => $properties) {
108 if ($obj instanceof $class) {
109 $allowed = in_array($property, is_array($properties) ? $properties : array($properties));
110
111 break;
112 }
113 }
114
115 if (!$allowed) {
116 throw new Twig_Sandbox_SecurityError(sprintf('Calling "%s" property on a "%s" object is not allowed.', $property, get_class($obj)));
117 }
118 }
119}
diff --git a/inc/3rdparty/Twig/Sandbox/SecurityPolicyInterface.php b/inc/3rdparty/Twig/Sandbox/SecurityPolicyInterface.php
new file mode 100644
index 00000000..6ab48e3c
--- /dev/null
+++ b/inc/3rdparty/Twig/Sandbox/SecurityPolicyInterface.php
@@ -0,0 +1,24 @@
1<?php
2
3/*
4 * This file is part of Twig.
5 *
6 * (c) 2009 Fabien Potencier
7 *
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this source code.
10 */
11
12/**
13 * Interfaces that all security policy classes must implements.
14 *
15 * @author Fabien Potencier <fabien@symfony.com>
16 */
17interface Twig_Sandbox_SecurityPolicyInterface
18{
19 public function checkSecurity($tags, $filters, $functions);
20
21 public function checkMethodAllowed($obj, $method);
22
23 public function checkPropertyAllowed($obj, $method);
24}