Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

bug #1382 Added isSandbox check around the __toString check in Sandbo…

…x extension (Scott Smith, smitherz82)

This PR was merged into the 1.15-dev branch.

Discussion
----------

Added isSandbox check around the __toString check in Sandbox extension

The `__toString` policy check currently still happens when the sandbox is disabled

Commits
-------

3ce4202 Added test for sandbox __toString when not enabled
8dfa432 Added isSandbox check around the __toString check
  • Loading branch information...
commit 02b80626f093fd2c63af4b42d04a539eb611a5a7 2 parents e6156e2 + 3ce4202
@fabpot authored
View
2  lib/Twig/Extension/Sandbox.php
@@ -93,7 +93,7 @@ public function checkPropertyAllowed($obj, $method)
public function ensureToStringAllowed($obj)
{
- if (is_object($obj)) {
+ if ($this->isSandboxed() && is_object($obj)) {
$this->policy->checkMethodAllowed($obj, '__toString');
}
View
5 test/Twig/Tests/Extension/SandboxTest.php
@@ -111,6 +111,11 @@ public function testSandboxGloballySet()
$this->assertEquals('foo', $twig->loadTemplate('1_basic5')->render(self::$params), 'Sandbox allow some methods');
$this->assertEquals(1, FooObject::$called['__toString'], 'Sandbox only calls method once');
+ $twig = $this->getEnvironment(false, array(), self::$templates);
+ FooObject::reset();
+ $this->assertEquals('foo', $twig->loadTemplate('1_basic5')->render(self::$params), 'Sandbox allows __toString when sandbox disabled');
+ $this->assertEquals(1, FooObject::$called['__toString'], 'Sandbox only calls method once');
+
$twig = $this->getEnvironment(true, array(), self::$templates, array(), array('upper'));
$this->assertEquals('FABIEN', $twig->loadTemplate('1_basic2')->render(self::$params), 'Sandbox allow some filters');
Please sign in to comment.
Something went wrong with that request. Please try again.