Verzeichnisstruktur phpBB-3.3.15
- Veröffentlicht
- 28.08.2024
So funktioniert es
|
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
SandboxExtension.php
001 <?php
002
003 /*
004 * This file is part of Twig.
005 *
006 * (c) Fabien Potencier
007 *
008 * For the full copyright and license information, please view the LICENSE
009 * file that was distributed with this source code.
010 */
011
012 namespace Twig\Extension;
013
014 use Twig\NodeVisitor\SandboxNodeVisitor;
015 use Twig\Sandbox\SecurityNotAllowedMethodError;
016 use Twig\Sandbox\SecurityNotAllowedPropertyError;
017 use Twig\Sandbox\SecurityPolicyInterface;
018 use Twig\Sandbox\SourcePolicyInterface;
019 use Twig\Source;
020 use Twig\TokenParser\SandboxTokenParser;
021
022 final class SandboxExtension extends AbstractExtension
023 {
024 private $sandboxedGlobally;
025 private $sandboxed;
026 private $policy;
027 private $sourcePolicy;
028
029 public function __construct(SecurityPolicyInterface $policy, $sandboxed = false, SourcePolicyInterface $sourcePolicy = null)
030 {
031 $this->policy = $policy;
032 $this->sandboxedGlobally = $sandboxed;
033 $this->sourcePolicy = $sourcePolicy;
034 }
035
036 public function getTokenParsers()
037 {
038 return [new SandboxTokenParser()];
039 }
040
041 public function getNodeVisitors()
042 {
043 return [new SandboxNodeVisitor()];
044 }
045
046 public function enableSandbox()
047 {
048 $this->sandboxed = true;
049 }
050
051 public function disableSandbox()
052 {
053 $this->sandboxed = false;
054 }
055
056 public function isSandboxed(Source $source = null)
057 {
058 return $this->sandboxedGlobally || $this->sandboxed || $this->isSourceSandboxed($source);
059 }
060
061 public function isSandboxedGlobally()
062 {
063 return $this->sandboxedGlobally;
064 }
065
066 private function isSourceSandboxed(?Source $source): bool
067 {
068 if (null === $source || null === $this->sourcePolicy) {
069 return false;
070 }
071
072 return $this->sourcePolicy->enableSandbox($source);
073 }
074
075 public function setSecurityPolicy(SecurityPolicyInterface $policy)
076 {
077 $this->policy = $policy;
078 }
079
080 public function getSecurityPolicy()
081 {
082 return $this->policy;
083 }
084
085 public function checkSecurity($tags, $filters, $functions, Source $source = null)
086 {
087 if ($this->isSandboxed($source)) {
088 $this->policy->checkSecurity($tags, $filters, $functions);
089 }
090 }
091
092 public function checkMethodAllowed($obj, $method, int $lineno = -1, Source $source = null)
093 {
094 if ($this->isSandboxed($source)) {
095 try {
096 $this->policy->checkMethodAllowed($obj, $method);
097 } catch (SecurityNotAllowedMethodError $e) {
098 $e->setSourceContext($source);
099 $e->setTemplateLine($lineno);
100
101 throw $e;
102 }
103 }
104 }
105
106 public function checkPropertyAllowed($obj, $property, int $lineno = -1, Source $source = null)
107 {
108 if ($this->isSandboxed($source)) {
109 try {
110 $this->policy->checkPropertyAllowed($obj, $property);
111 } catch (SecurityNotAllowedPropertyError $e) {
112 $e->setSourceContext($source);
113 $e->setTemplateLine($lineno);
114
115 throw $e;
116 }
117 }
118 }
119
120 public function ensureToStringAllowed($obj, int $lineno = -1, Source $source = null)
121 {
122 if ($this->isSandboxed($source) && \is_object($obj) && method_exists($obj, '__toString')) {
123 try {
124 $this->policy->checkMethodAllowed($obj, '__toString');
125 } catch (SecurityNotAllowedMethodError $e) {
126 $e->setSourceContext($source);
127 $e->setTemplateLine($lineno);
128
129 throw $e;
130 }
131 }
132
133 return $obj;
134 }
135 }
136
137 class_alias('Twig\Extension\SandboxExtension', 'Twig_Extension_Sandbox');
138