From eadcd41fde0c464045ce21b984026d102425b452 Mon Sep 17 00:00:00 2001 From: Olle Haerstedt Date: Mon, 12 Sep 2016 11:26:30 +0200 Subject: [PATCH] Dev: Add sandbox to Twig --- .../third_party/Twig/ETwigViewRenderer.php | 23 +++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/application/third_party/Twig/ETwigViewRenderer.php b/application/third_party/Twig/ETwigViewRenderer.php index 172e365f7c6..34a27e16200 100644 --- a/application/third_party/Twig/ETwigViewRenderer.php +++ b/application/third_party/Twig/ETwigViewRenderer.php @@ -49,7 +49,7 @@ class ETwigViewRenderer extends CApplicationComponent implements IViewRenderer * @var array Custom extensions * Example: array('Twig_Extension_Sandbox', 'Twig_Extension_Text') */ - public $extensions = array(); + public $extensions = array('Twig_Extension_Sandbox'); /** * @var array Twig lexer options * @see http://twig.sensiolabs.org/doc/recipes.html#customizing-the-syntax @@ -116,9 +116,24 @@ function init() $this->addFilters($this->filters); } // Adding custom extensions - if (!empty($this->extensions)) { - $this->addExtensions($this->extensions); - } + //if (!empty($this->extensions)) { + //$this->addExtensions($this->extensions); + //} + + // Add sandbox extension + $tags = array('if', 'for'); + $filters = array('upper', 'escape'); + $methods = array( + 'Article' => array('getTitle', 'getBody'), + ); + $properties = array( + 'Article' => array('title', 'body'), + ); + $functions = array('range'); + $policy = new Twig_Sandbox_SecurityPolicy($tags, $filters, $methods, $properties, $functions); + $sandbox = new Twig_Extension_Sandbox($policy, true); + $this->_twig->addExtension($sandbox); + // Change lexer syntax if (!empty($this->lexerOptions)) { $this->setLexerOptions($this->lexerOptions);