@@ -34,7 +34,6 @@ protected function setUp()
3434 '1_basic3 ' => '{% if name %}foo{% endif %} ' ,
3535 '1_basic4 ' => '{{ obj.bar }} ' ,
3636 '1_basic5 ' => '{{ obj }} ' ,
37- '1_basic6 ' => '{{ arr.obj }} ' ,
3837 '1_basic7 ' => '{{ cycle(["foo","bar"], 1) }} ' ,
3938 '1_basic8 ' => '{{ obj.getfoobar }}{{ obj.getFooBar }} ' ,
4039 '1_basic9 ' => '{{ obj.foobar }}{{ obj.fooBar }} ' ,
@@ -112,11 +111,14 @@ public function testSandboxUnallowedProperty()
112111 }
113112 }
114113
115- public function testSandboxUnallowedToString ()
114+ /**
115+ * @dataProvider getSandboxUnallowedToStringTests
116+ */
117+ public function testSandboxUnallowedToString ($ template )
116118 {
117- $ twig = $ this ->getEnvironment (true , [], self :: $ templates );
119+ $ twig = $ this ->getEnvironment (true , [], [ ' index ' => $ template ], [], [ ' upper ' ], [ ' FooObject ' => ' getAnotherFooObject ' ], [], [ ' random ' ] );
118120 try {
119- $ twig ->load ( ' 1_basic5 ' )->render (self ::$ params );
121+ $ twig ->loadTemplate ( ' index ' )->render (self ::$ params );
120122 $ this ->fail ('Sandbox throws a SecurityError exception if an unallowed method (__toString()) is called in the template ' );
121123 } catch (SecurityError $ e ) {
122124 $ this ->assertInstanceOf ('\Twig\Sandbox\SecurityNotAllowedMethodError ' , $ e , 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedMethodError ' );
@@ -125,17 +127,61 @@ public function testSandboxUnallowedToString()
125127 }
126128 }
127129
128- public function testSandboxUnallowedToStringArray ()
130+ public function getSandboxUnallowedToStringTests ()
129131 {
130- $ twig = $ this ->getEnvironment (true , [], self ::$ templates );
131- try {
132- $ twig ->load ('1_basic6 ' )->render (self ::$ params );
133- $ this ->fail ('Sandbox throws a SecurityError exception if an unallowed method (__toString()) is called in the template ' );
134- } catch (SecurityError $ e ) {
135- $ this ->assertInstanceOf ('\Twig\Sandbox\SecurityNotAllowedMethodError ' , $ e , 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedMethodError ' );
136- $ this ->assertEquals ('FooObject ' , $ e ->getClassName (), 'Exception should be raised on the "FooObject" class ' );
137- $ this ->assertEquals ('__tostring ' , $ e ->getMethodName (), 'Exception should be raised on the "__toString" method ' );
138- }
132+ return [
133+ 'simple ' => ['{{ obj }} ' ],
134+ 'object_from_array ' => ['{{ arr.obj }} ' ],
135+ 'object_chain ' => ['{{ obj.anotherFooObject }} ' ],
136+ 'filter ' => ['{{ obj|upper }} ' ],
137+ 'filter_from_array ' => ['{{ arr.obj|upper }} ' ],
138+ 'function ' => ['{{ random(obj) }} ' ],
139+ 'function_from_array ' => ['{{ random(arr.obj) }} ' ],
140+ 'function_and_filter ' => ['{{ random(obj|upper) }} ' ],
141+ 'function_and_filter_from_array ' => ['{{ random(arr.obj|upper) }} ' ],
142+ 'object_chain_and_filter ' => ['{{ obj.anotherFooObject|upper }} ' ],
143+ 'object_chain_and_function ' => ['{{ random(obj.anotherFooObject) }} ' ],
144+ 'concat ' => ['{{ obj ~ "" }} ' ],
145+ 'concat_again ' => ['{{ "" ~ obj }} ' ],
146+ ];
147+ }
148+
149+ /**
150+ * @dataProvider getSandboxAllowedToStringTests
151+ */
152+ public function testSandboxAllowedToString ($ template , $ output )
153+ {
154+ $ twig = $ this ->getEnvironment (true , [], ['index ' => $ template ], ['set ' ], [], ['FooObject ' => ['foo ' , 'getAnotherFooObject ' ]]);
155+ $ this ->assertEquals ($ output , $ twig ->load ('index ' )->render (self ::$ params ));
156+ }
157+
158+ public function getSandboxAllowedToStringTests ()
159+ {
160+ return [
161+ 'constant_test ' => ['{{ obj is constant("PHP_INT_MAX") }} ' , '' ],
162+ 'set_object ' => ['{% set a = obj.anotherFooObject %}{{ a.foo }} ' , 'foo ' ],
163+ 'is_defined ' => ['{{ obj.anotherFooObject is defined }} ' , '1 ' ],
164+ 'is_null ' => ['{{ obj is null }} ' , '' ],
165+ 'is_sameas ' => ['{{ obj is same as(obj) }} ' , '1 ' ],
166+ 'is_sameas_from_array ' => ['{{ arr.obj is same as(arr.obj) }} ' , '1 ' ],
167+ 'is_sameas_from_another_method ' => ['{{ obj.anotherFooObject is same as(obj.anotherFooObject) }} ' , '' ],
168+ ];
169+ }
170+
171+ public function testSandboxAllowMethodToString ()
172+ {
173+ $ twig = $ this ->getEnvironment (true , [], self ::$ templates , [], [], ['FooObject ' => '__toString ' ]);
174+ FooObject::reset ();
175+ $ this ->assertEquals ('foo ' , $ twig ->load ('1_basic5 ' )->render (self ::$ params ), 'Sandbox allow some methods ' );
176+ $ this ->assertEquals (1 , FooObject::$ called ['__toString ' ], 'Sandbox only calls method once ' );
177+ }
178+
179+ public function testSandboxAllowMethodToStringDisabled ()
180+ {
181+ $ twig = $ this ->getEnvironment (false , [], self ::$ templates );
182+ FooObject::reset ();
183+ $ this ->assertEquals ('foo ' , $ twig ->load ('1_basic5 ' )->render (self ::$ params ), 'Sandbox allows __toString when sandbox disabled ' );
184+ $ this ->assertEquals (1 , FooObject::$ called ['__toString ' ], 'Sandbox only calls method once ' );
139185 }
140186
141187 public function testSandboxUnallowedFunction ()
@@ -170,22 +216,6 @@ public function testSandboxAllowMethodFoo()
170216 $ this ->assertEquals (1 , FooObject::$ called ['foo ' ], 'Sandbox only calls method once ' );
171217 }
172218
173- public function testSandboxAllowMethodToString ()
174- {
175- $ twig = $ this ->getEnvironment (true , [], self ::$ templates , [], [], ['FooObject ' => '__toString ' ]);
176- FooObject::reset ();
177- $ this ->assertEquals ('foo ' , $ twig ->load ('1_basic5 ' )->render (self ::$ params ), 'Sandbox allow some methods ' );
178- $ this ->assertEquals (1 , FooObject::$ called ['__toString ' ], 'Sandbox only calls method once ' );
179- }
180-
181- public function testSandboxAllowMethodToStringDisabled ()
182- {
183- $ twig = $ this ->getEnvironment (false , [], self ::$ templates );
184- FooObject::reset ();
185- $ this ->assertEquals ('foo ' , $ twig ->load ('1_basic5 ' )->render (self ::$ params ), 'Sandbox allows __toString when sandbox disabled ' );
186- $ this ->assertEquals (1 , FooObject::$ called ['__toString ' ], 'Sandbox only calls method once ' );
187- }
188-
189219 public function testSandboxAllowFilter ()
190220 {
191221 $ twig = $ this ->getEnvironment (true , [], self ::$ templates , [], ['upper ' ]);
@@ -326,4 +356,9 @@ public function getFooBar()
326356
327357 return 'foobar ' ;
328358 }
359+
360+ public function getAnotherFooObject ()
361+ {
362+ return new self ();
363+ }
329364}
0 commit comments