bug twigphp#1382 Added isSandbox check around the __toString check in…

… Sandbox extension (Scott Smith, smitherz82)

This PR was merged into the 1.15-dev branch.

Discussion
----------

Added isSandbox check around the __toString check in Sandbox extension

The `__toString` policy check currently still happens when the sandbox is disabled

Commits
-------

3ce4202 Added test for sandbox __toString when not enabled
8dfa432 Added isSandbox check around the __toString check

lib/Twig/Extension/Sandbox.php

@@ -93,7 +93,7 @@ public function checkPropertyAllowed($obj, $method)
 
     public function ensureToStringAllowed($obj)
     {
-        if (is_object($obj)) {
+        if ($this->isSandboxed() && is_object($obj)) {
             $this->policy->checkMethodAllowed($obj, '__toString');
         }
 

test/Twig/Tests/Extension/SandboxTest.php

@@ -111,6 +111,11 @@ public function testSandboxGloballySet()
         $this->assertEquals('foo', $twig->loadTemplate('1_basic5')->render(self::$params), 'Sandbox allow some methods');
         $this->assertEquals(1, FooObject::$called['__toString'], 'Sandbox only calls method once');
 
+        $twig = $this->getEnvironment(false, array(), self::$templates);
+        FooObject::reset();
+        $this->assertEquals('foo', $twig->loadTemplate('1_basic5')->render(self::$params), 'Sandbox allows __toString when sandbox disabled');
+        $this->assertEquals(1, FooObject::$called['__toString'], 'Sandbox only calls method once');
+
         $twig = $this->getEnvironment(true, array(), self::$templates, array(), array('upper'));
         $this->assertEquals('FABIEN', $twig->loadTemplate('1_basic2')->render(self::$params), 'Sandbox allow some filters');