Mercurial > hg > isophonics-drupal-site
comparison core/lib/Drupal/Core/Template/TwigSandboxPolicy.php @ 0:4c8ae668cc8c
Initial import (non-working)
| author | Chris Cannam |
|---|---|
| date | Wed, 29 Nov 2017 16:09:58 +0000 |
| parents | |
| children | c2387f117808 |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:4c8ae668cc8c |
|---|---|
| 1 <?php | |
| 2 | |
| 3 namespace Drupal\Core\Template; | |
| 4 | |
| 5 use Drupal\Core\Site\Settings; | |
| 6 | |
| 7 /** | |
| 8 * Default sandbox policy for Twig templates. | |
| 9 * | |
| 10 * Twig's sandbox extension is usually used to evaluate untrusted code by | |
| 11 * limiting access to potentially unsafe properties or methods. Since we do not | |
| 12 * use ViewModels when passing objects to Twig templates, we limit what those | |
| 13 * objects can do by whitelisting certain classes, method names, and method | |
| 14 * names with an allowed prefix. All object properties may be accessed. | |
| 15 */ | |
| 16 class TwigSandboxPolicy implements \Twig_Sandbox_SecurityPolicyInterface { | |
| 17 | |
| 18 /** | |
| 19 * An array of whitelisted methods in the form of methodName => TRUE. | |
| 20 */ | |
| 21 protected $whitelisted_methods = NULL; | |
| 22 | |
| 23 /** | |
| 24 * An array of whitelisted method prefixes -- any method starting with one of | |
| 25 * these prefixes will be allowed. | |
| 26 */ | |
| 27 protected $whitelisted_prefixes = NULL; | |
| 28 | |
| 29 /** | |
| 30 * An array of class names for which any method calls are allowed. | |
| 31 */ | |
| 32 protected $whitelisted_classes = NULL; | |
| 33 | |
| 34 /** | |
| 35 * Constructs a new TwigSandboxPolicy object. | |
| 36 */ | |
| 37 public function __construct() { | |
| 38 // Allow settings.php to override our default whitelisted classes, methods, | |
| 39 // and prefixes. | |
| 40 $whitelisted_classes = Settings::get('twig_sandbox_whitelisted_classes', [ | |
| 41 // Allow any operations on the Attribute object as it is intended to be | |
| 42 // changed from a Twig template, for example calling addClass(). | |
| 43 'Drupal\Core\Template\Attribute', | |
| 44 ]); | |
| 45 // Flip the arrays so we can check using isset(). | |
| 46 $this->whitelisted_classes = array_flip($whitelisted_classes); | |
| 47 | |
| 48 $whitelisted_methods = Settings::get('twig_sandbox_whitelisted_methods', [ | |
| 49 // Only allow idempotent methods. | |
| 50 'id', | |
| 51 'label', | |
| 52 'bundle', | |
| 53 'get', | |
| 54 '__toString', | |
| 55 'toString', | |
| 56 ]); | |
| 57 $this->whitelisted_methods = array_flip($whitelisted_methods); | |
| 58 | |
| 59 $this->whitelisted_prefixes = Settings::get('twig_sandbox_whitelisted_prefixes', [ | |
| 60 'get', | |
| 61 'has', | |
| 62 'is', | |
| 63 ]); | |
| 64 } | |
| 65 | |
| 66 /** | |
| 67 * {@inheritdoc} | |
| 68 */ | |
| 69 public function checkSecurity($tags, $filters, $functions) {} | |
| 70 | |
| 71 /** | |
| 72 * {@inheritdoc} | |
| 73 */ | |
| 74 public function checkPropertyAllowed($obj, $property) {} | |
| 75 | |
| 76 /** | |
| 77 * {@inheritdoc} | |
| 78 */ | |
| 79 public function checkMethodAllowed($obj, $method) { | |
| 80 foreach ($this->whitelisted_classes as $class => $key) { | |
| 81 if ($obj instanceof $class) { | |
| 82 return TRUE; | |
| 83 } | |
| 84 } | |
| 85 | |
| 86 // Return quickly for an exact match of the method name. | |
| 87 if (isset($this->whitelisted_methods[$method])) { | |
| 88 return TRUE; | |
| 89 } | |
| 90 | |
| 91 // If the method name starts with a whitelisted prefix, allow it. | |
| 92 // Note: strpos() is between 3x and 7x faster than preg_match in this case. | |
| 93 foreach ($this->whitelisted_prefixes as $prefix) { | |
| 94 if (strpos($method, $prefix) === 0) { | |
| 95 return TRUE; | |
| 96 } | |
| 97 } | |
| 98 | |
| 99 throw new \Twig_Sandbox_SecurityError(sprintf('Calling "%s" method on a "%s" object is not allowed.', $method, get_class($obj))); | |
| 100 } | |
| 101 | |
| 102 } |