Permalink
Show file tree
Hide file tree
5 changes: 5 additions & 0 deletions
5
bundles/CoreBundle/DependencyInjection/PimcoreCoreExtension.php
14 changes: 14 additions & 0 deletions
14
...ation/05_Objects/01_Object_Classes/03_Layout_Elements/01_Dynamic_Text_Labels.md
14 changes: 14 additions & 0 deletions
14
...ent_Documentation/19_Development_Tools_and_Details/25_Email_Framework/README.md
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
[Mail] Renderer email content twig templates in a sandbox (#13347)
* [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * [Mail] Renderer email content twig templates in a sandbox * Apply suggestions from code review Co-authored-by: Sebastian Blank <blank@data-factory.net> * Update lib/Templating/TwigDefaultDelegatingEngine.php Co-authored-by: Jacob Dreesen <j.dreesen@neusta.de> * [Twig] Renderer user controlled twig templates in a sandbox - review changes #13347 * [Twig] Renderer user controlled twig templates in a sandbox - use custom security policy to whitelist object properties and methods execution by default #13347 * [Twig] Renderer user controlled twig templates in a sandbox - review changes #13347 * [Twig] Renderer user controlled twig templates in a sandbox - fix phpstan #13347 * [Twig] Renderer user controlled twig templates in a sandbox - fix service definition #13347 * [Twig] Renderer user controlled twig templates in a sandbox - docs typo #13347 Co-authored-by: Sebastian Blank <blank@data-factory.net> Co-authored-by: Jacob Dreesen <j.dreesen@neusta.de>
- Loading branch information
1 parent
c07e8ab
commit 43aa34e
Showing
11 changed files
with
238 additions
and
28 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 12 additions & 0 deletions
12
...evelopment_Documentation/23_Installation_and_Upgrade/09_Upgrade_Notes/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,91 @@ | ||
| <?php | ||
|
|
||
| declare(strict_types=1); | ||
|
|
||
| /** | ||
| * Pimcore | ||
| * | ||
| * This source file is available under two different licenses: | ||
| * - GNU General Public License version 3 (GPLv3) | ||
| * - Pimcore Commercial License (PCL) | ||
| * Full copyright and license information is available in | ||
| * LICENSE.md which is distributed with this source code. | ||
| * | ||
| * @copyright Copyright (c) Pimcore GmbH (http://www.pimcore.org) | ||
| * @license http://www.pimcore.org/license GPLv3 and PCL | ||
| */ | ||
|
|
||
| namespace Pimcore\Twig\Sandbox; | ||
|
|
||
| use Twig\Sandbox\SecurityNotAllowedFilterError; | ||
| use Twig\Sandbox\SecurityNotAllowedFunctionError; | ||
| use Twig\Sandbox\SecurityNotAllowedTagError; | ||
| use Twig\Sandbox\SecurityPolicyInterface; | ||
|
|
||
| /** | ||
| * Note: Reused to disable checks on object methods and properties. | ||
| * | ||
| * Represents a security policy which need to be enforced when sandbox mode is enabled. | ||
| * | ||
| * @author Fabien Potencier <fabien@symfony.com> | ||
| */ | ||
| final class SecurityPolicy implements SecurityPolicyInterface | ||
| { | ||
| private array $allowedTags; | ||
| private array $allowedFilters; | ||
| private array $allowedFunctions; | ||
|
|
||
| public function __construct(array $allowedTags = [], array $allowedFilters = [], array $allowedFunctions = []) | ||
| { | ||
| $this->allowedTags = $allowedTags; | ||
| $this->allowedFilters = $allowedFilters; | ||
| $this->allowedFunctions = $allowedFunctions; | ||
| } | ||
|
|
||
| public function setAllowedTags(array $tags) | ||
| { | ||
| $this->allowedTags = $tags; | ||
| } | ||
|
|
||
| public function setAllowedFilters(array $filters) | ||
| { | ||
| $this->allowedFilters = $filters; | ||
| } | ||
|
|
||
| public function setAllowedFunctions(array $functions) | ||
| { | ||
| $this->allowedFunctions = $functions; | ||
| } | ||
|
|
||
| public function checkSecurity($tags, $filters, $functions): void | ||
| { | ||
| foreach ($tags as $tag) { | ||
| if (!\in_array($tag, $this->allowedTags)) { | ||
| throw new SecurityNotAllowedTagError(sprintf('Tag "%s" is not allowed.', $tag), $tag); | ||
| } | ||
| } | ||
|
|
||
| foreach ($filters as $filter) { | ||
| if (!\in_array($filter, $this->allowedFilters)) { | ||
| throw new SecurityNotAllowedFilterError(sprintf('Filter "%s" is not allowed.', $filter), $filter); | ||
| } | ||
| } | ||
|
|
||
| foreach ($functions as $function) { | ||
| //check if a function is allowed or a pimcore twig functions | ||
| if (!\in_array($function, $this->allowedFunctions) && !str_starts_with($function, 'pimcore_')) { | ||
| throw new SecurityNotAllowedFunctionError(sprintf('Function "%s" is not allowed.', $function), $function); | ||
| } | ||
| } | ||
| } | ||
|
|
||
| public function checkMethodAllowed($obj, $method): void | ||
| { | ||
| //do not perform any checks | ||
| } | ||
|
|
||
| public function checkPropertyAllowed($obj, $method): void | ||
| { | ||
| //do not perform any checks | ||
| } | ||
| } |
Oops, something went wrong.