Fix potential security vector in emptiness check

- Fixes a similar security vector to those fixed in previous commits,
  instead caused by scalar strings used in sections, typically used
  to check for emptiness.
  - Now validates the callback to determine if it is valid; if not,
    processes it as a boolean check

library/Phly/Mustache/Renderer.php

@@ -141,7 +141,7 @@ public function render(array $tokens, $view, array $partials = null)
                             $rendered .= $renderedSection;
                             break;
                         }
-                    } elseif (is_callable($section)) {
+                    } elseif (is_callable($section) && $this->isValidCallback($section)) {
                         // Higher order section
                         // Execute the callback, passing it the section's template 
                         // string, as well as a renderer lambda.

tests/PhlyTest/Mustache/MustacheTest.php

@@ -586,6 +586,17 @@ public function testArrayValuesThatReferToStaticMethodsShouldNotCallThem()
         $this->assertEquals('DateTime::createFromFormat', trim($test));
     }
 
+    /**
+     * @group injection-issues
+     */
+    public function testStringValuesThatReferToFunctionsShouldNotCallThem()
+    {
+        $model = array('message' => 'time');
+        $this->mustache->getRenderer()->addPragma(new ImplicitIterator());
+        $test = $this->mustache->render('template-referencing-static-function-notempty', $model);
+        $this->assertEquals('time', trim($test));
+    }
+
     /**
      * @group injection-issues
      */

tests/PhlyTest/Mustache/templates/template-referencing-static-function-notempty.mustache

@@ -0,0 +1,3 @@
+{{#message}}
+{{message}}
+{{/message}}