Verzeichnisstruktur phpBB-3.1.0
- Veröffentlicht
- 27.10.2014
So funktioniert es
|
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
SecurityPolicy.php
001 <?php
002
003 /*
004 * This file is part of Twig.
005 *
006 * (c) 2009 Fabien Potencier
007 *
008 * For the full copyright and license information, please view the LICENSE
009 * file that was distributed with this source code.
010 */
011
012 /**
013 * Represents a security policy which need to be enforced when sandbox mode is enabled.
014 *
015 * @author Fabien Potencier <fabien@symfony.com>
016 */
017 class Twig_Sandbox_SecurityPolicy implements Twig_Sandbox_SecurityPolicyInterface
018 {
019 protected $allowedTags;
020 protected $allowedFilters;
021 protected $allowedMethods;
022 protected $allowedProperties;
023 protected $allowedFunctions;
024
025 public function __construct(array $allowedTags = array(), array $allowedFilters = array(), array $allowedMethods = array(), array $allowedProperties = array(), array $allowedFunctions = array())
026 {
027 $this->allowedTags = $allowedTags;
028 $this->allowedFilters = $allowedFilters;
029 $this->setAllowedMethods($allowedMethods);
030 $this->allowedProperties = $allowedProperties;
031 $this->allowedFunctions = $allowedFunctions;
032 }
033
034 public function setAllowedTags(array $tags)
035 {
036 $this->allowedTags = $tags;
037 }
038
039 public function setAllowedFilters(array $filters)
040 {
041 $this->allowedFilters = $filters;
042 }
043
044 public function setAllowedMethods(array $methods)
045 {
046 $this->allowedMethods = array();
047 foreach ($methods as $class => $m) {
048 $this->allowedMethods[$class] = array_map('strtolower', is_array($m) ? $m : array($m));
049 }
050 }
051
052 public function setAllowedProperties(array $properties)
053 {
054 $this->allowedProperties = $properties;
055 }
056
057 public function setAllowedFunctions(array $functions)
058 {
059 $this->allowedFunctions = $functions;
060 }
061
062 public function checkSecurity($tags, $filters, $functions)
063 {
064 foreach ($tags as $tag) {
065 if (!in_array($tag, $this->allowedTags)) {
066 throw new Twig_Sandbox_SecurityError(sprintf('Tag "%s" is not allowed.', $tag));
067 }
068 }
069
070 foreach ($filters as $filter) {
071 if (!in_array($filter, $this->allowedFilters)) {
072 throw new Twig_Sandbox_SecurityError(sprintf('Filter "%s" is not allowed.', $filter));
073 }
074 }
075
076 foreach ($functions as $function) {
077 if (!in_array($function, $this->allowedFunctions)) {
078 throw new Twig_Sandbox_SecurityError(sprintf('Function "%s" is not allowed.', $function));
079 }
080 }
081 }
082
083 public function checkMethodAllowed($obj, $method)
084 {
085 if ($obj instanceof Twig_TemplateInterface || $obj instanceof Twig_Markup) {
086 return true;
087 }
088
089 $allowed = false;
090 $method = strtolower($method);
091 foreach ($this->allowedMethods as $class => $methods) {
092 if ($obj instanceof $class) {
093 $allowed = in_array($method, $methods);
094
095 break;
096 }
097 }
098
099 if (!$allowed) {
100 throw new Twig_Sandbox_SecurityError(sprintf('Calling "%s" method on a "%s" object is not allowed.', $method, get_class($obj)));
101 }
102 }
103
104 public function checkPropertyAllowed($obj, $property)
105 {
106 $allowed = false;
107 foreach ($this->allowedProperties as $class => $properties) {
108 if ($obj instanceof $class) {
109 $allowed = in_array($property, is_array($properties) ? $properties : array($properties));
110
111 break;
112 }
113 }
114
115 if (!$allowed) {
116 throw new Twig_Sandbox_SecurityError(sprintf('Calling "%s" property on a "%s" object is not allowed.', $property, get_class($obj)));
117 }
118 }
119 }
120