checks for valid macro/filter/function/block names

- deprecates macros names ~#%^& (BC break) - block name cannot be number (because there are type problems when used as key)
nette · Nov 12, 2020 · 9200047 · 9200047
1 parent bb74672
commit 9200047
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 5 deletions.
diff --git a/src/Latte/Compiler/Compiler.php b/src/Latte/Compiler/Compiler.php
@@ -105,8 +105,12 @@ class Compiler
 	 */
 	public function addMacro(string $name, Macro $macro, int $flags = null)
 	{
-		if (!isset($this->flags[$name])) {
+		if (!preg_match('#^[a-z_=][\w-]*$#iD', $name)) {
+			throw new \LogicException("Invalid tag name '$name'.");
+
+		} elseif (!isset($this->flags[$name])) {
 			$this->flags[$name] = $flags ?: Macro::DEFAULT_FLAGS;
+
 		} elseif ($flags && $this->flags[$name] !== $flags) {
 			throw new \LogicException("Incompatible flags for tag '$name'.");
 		}

diff --git a/src/Latte/Compiler/Parser.php b/src/Latte/Compiler/Parser.php
@@ -393,7 +393,7 @@ public function parseMacroTag(string $tag): ?array
 			(?P<closing>/?)
 			(
 				(?P<name>\?|[a-z]\w*+(?:[.:]\w+)*+(?!::|\(|\\\\))|   ## ?, name, /name, but not function( or class:: or namespace\
-				(?P<shortname>[=\~#%^&_]?)      ## expression, =expression, ...
+				(?P<shortname>[=_]?)      ## expression, =expression, ...
 			)(?P<args>(?:' . self::RE_STRING . '|[^\'"])*?)
 			(?P<modifiers>(?<!\|)\|[a-z](?P<modArgs>(?:' . self::RE_STRING . '|(?:\((?P>modArgs)\))|[^\'"/()]|/(?=.))*+))?
 			(?P<empty>/?$)

diff --git a/src/Latte/Engine.php b/src/Latte/Engine.php
@@ -267,6 +267,9 @@ public function getTemplateClass(string $name): string
 	 */
 	public function addFilter(?string $name, callable $callback)
 	{
+		if ($name !== null && !preg_match('#^[a-z]\w*$#iD', $name)) {
+			throw new \LogicException("Invalid filter name '$name'.");
+		}
 		$this->filters->add($name, $callback);
 		return $this;
 	}
@@ -309,6 +312,9 @@ public function addMacro(string $name, Macro $macro)
 	 */
 	public function addFunction(string $name, callable $callback)
 	{
+		if (!preg_match('#^[a-z]\w*$#iD', $name)) {
+			throw new \LogicException("Invalid function name '$name'.");
+		}
 		$this->functions->$name = $callback;
 		return $this;
 	}
@@ -336,6 +342,9 @@ public function invokeFunction(string $name, array $args)
 	 */
 	public function addProvider(string $name, $value)
 	{
+		if (!preg_match('#^[a-z]\w*$#iD', $name)) {
+			throw new \LogicException("Invalid provider name '$name'.");
+		}
 		$this->providers[$name] = $value;
 		return $this;
 	}

diff --git a/src/Latte/Macros/BlockMacros.php b/src/Latte/Macros/BlockMacros.php
@@ -268,8 +268,8 @@ public function macroBlock(MacroNode $node, PhpWriter $writer)
 					. "\$this->blockQueue[$fname][] = [\$this, '{$node->data->func}'];";
 			}
 
-		} elseif ($name[0] === '_') {
-			throw new CompileException("Block name '$name' must not start with an underscore.");
+		} elseif (!preg_match('#^[a-z]#iD', $name)) {
+			throw new CompileException("Block name must start with letter a-z, '$name' given.");
 		}
 
 		// static snippet/snippetArea

diff --git a/tests/Latte/BlockMacros.block5.phpt b/tests/Latte/BlockMacros.block5.phpt
@@ -29,4 +29,8 @@ Assert::match(
 
 Assert::exception(function () use ($latte) {
 	$latte->renderToString('{define _foobar}Hello{/define}');
-}, Latte\CompileException::class, "Block name '_foobar' must not start with an underscore.");
+}, Latte\CompileException::class, "Block name must start with letter a-z, '_foobar' given.");
+
+Assert::exception(function () use ($latte) {
+	$latte->renderToString('{define 123}Hello{/define}');
+}, Latte\CompileException::class, "Block name must start with letter a-z, '123' given.");