Prevent magic bypass

octoberrain · Feb 8, 2022 · 7c6880e · 7c6880e
1 parent ac42fe4
commit 7c6880e
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/twig/SecurityPolicy.php b/twig/SecurityPolicy.php
@@ -18,6 +18,9 @@ final class SecurityPolicy implements SecurityPolicyInterface
      * @var array List of forbidden methods.
      */
     protected $blockedMethods = [
+        // Prevent magic bypass
+        '__call',
+
         // Prevent manipulating Twig itself
         'getTwig',