fixed sandbox security issue

twigphp · Aug 12, 2015 · 30be077 · 30be077
1 parent 7b6c0e9
commit 30be077
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/lib/Twig/Template.php b/lib/Twig/Template.php
@@ -154,6 +154,11 @@ public function displayBlock($name, array $context, array $blocks = array(), $us
         }
 
         if (null !== $template) {
+            // avoid RCEs when sandbox is enabled
+            if (!$template instanceof Twig_Template) {
+                throw new \LogicException('A block must be a method on a Twig_Template instance.');
+            }
+
             try {
                 $template->$block($context, $blocks);
             } catch (Twig_Error $e) {

diff --git a/test/Twig/Tests/TemplateTest.php b/test/Twig/Tests/TemplateTest.php
@@ -10,6 +10,15 @@
  */
 class Twig_Tests_TemplateTest extends PHPUnit_Framework_TestCase
 {
+    /**
+     * @expectedException LogicException
+     */
+    public function testDisplayBlocksAcceptTemplateOnlyAsBlocks()
+    {
+        $template = $this->getMockForAbstractClass('Twig_Template', array(), '', false);
+        $template->displayBlock('foo', array(), array('foo' => array(new stdClass(), 'foo')));
+    }
+
     /**
      * @dataProvider getAttributeExceptions
      */