PageRenderTime 45ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 0ms

/modules/kohana-twig/vendor/Twig/lib/Twig/Sandbox/SecurityPolicy.php

https://bitbucket.org/sapphiriq/assets-example
PHP | 120 lines | 88 code | 18 blank | 14 comment | 9 complexity | d7a2ed0d9fdb9c561bd4a78fb09614fe MD5 | raw file
Possible License(s): BSD-3-Clause 
    

  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  * This file is part of Twig.
    5. 

  5.  *
    6. 

  6.  * (c) 2009 Fabien Potencier
    7. 

  7.  *
    8. 

  8.  * For the full copyright and license information, please view the LICENSE
    9. 

  9.  * file that was distributed with this source code.
    10. 

  10.  */
    11. 

  11. 

  12. /**
    13. 

  13.  * Represents a security policy which need to be enforced when sandbox mode is enabled.
    14. 

  14.  *
    15. 

  15.  * @package    twig
    16. 

  16.  * @author     Fabien Potencier <fabien@symfony.com>
    17. 

  17.  */
    18. 

  18. class Twig_Sandbox_SecurityPolicy implements Twig_Sandbox_SecurityPolicyInterface
    19. 

  19. {
    20. 

  20.     protected $allowedTags;
    21. 

  21.     protected $allowedFilters;
    22. 

  22.     protected $allowedMethods;
    23. 

  23.     protected $allowedProperties;
    24. 

  24.     protected $allowedFunctions;
    25. 

  25. 

  26.     public function __construct(array $allowedTags = array(), array $allowedFilters = array(), array $allowedMethods = array(), array $allowedProperties = array(), array $allowedFunctions = array())
    27. 

  27.     {
    28. 

  28.         $this->allowedTags = $allowedTags;
    29. 

  29.         $this->allowedFilters = $allowedFilters;
    30. 

  30.         $this->setAllowedMethods($allowedMethods);
    31. 

  31.         $this->allowedProperties = $allowedProperties;
    32. 

  32.         $this->allowedFunctions = $allowedFunctions;
    33. 

  33.     }
    34. 

  34. 

  35.     public function setAllowedTags(array $tags)
    36. 

  36.     {
    37. 

  37.         $this->allowedTags = $tags;
    38. 

  38.     }
    39. 

  39. 

  40.     public function setAllowedFilters(array $filters)
    41. 

  41.     {
    42. 

  42.         $this->allowedFilters = $filters;
    43. 

  43.     }
    44. 

  44. 

  45.     public function setAllowedMethods(array $methods)
    46. 

  46.     {
    47. 

  47.         $this->allowedMethods = array();
    48. 

  48.         foreach ($methods as $class => $m) {
    49. 

  49.             $this->allowedMethods[$class] = array_map('strtolower', is_array($m) ? $m : array($m));
    50. 

  50.         }
    51. 

  51.     }
    52. 

  52. 

  53.     public function setAllowedProperties(array $properties)
    54. 

  54.     {
    55. 

  55.         $this->allowedProperties = $properties;
    56. 

  56.     }
    57. 

  57. 

  58.     public function setAllowedFunctions(array $functions)
    59. 

  59.     {
    60. 

  60.         $this->allowedFunctions = $functions;
    61. 

  61.     }
    62. 

  62. 

  63.     public function checkSecurity($tags, $filters, $functions)
    64. 

  64.     {
    65. 

  65.         foreach ($tags as $tag) {
    66. 

  66.             if (!in_array($tag, $this->allowedTags)) {
    67. 

  67.                 throw new Twig_Sandbox_SecurityError(sprintf('Tag "%s" is not allowed.', $tag));
    68. 

  68.             }
    69. 

  69.         }
    70. 

  70. 

  71.         foreach ($filters as $filter) {
    72. 

  72.             if (!in_array($filter, $this->allowedFilters)) {
    73. 

  73.                 throw new Twig_Sandbox_SecurityError(sprintf('Filter "%s" is not allowed.', $filter));
    74. 

  74.             }
    75. 

  75.         }
    76. 

  76. 

  77.         foreach ($functions as $function) {
    78. 

  78.             if (!in_array($function, $this->allowedFunctions)) {
    79. 

  79.                 throw new Twig_Sandbox_SecurityError(sprintf('Function "%s" is not allowed.', $function));
    80. 

  80.             }
    81. 

  81.         }
    82. 

  82.     }
    83. 

  83. 

  84.     public function checkMethodAllowed($obj, $method)
    85. 

  85.     {
    86. 

  86.         if ($obj instanceof Twig_TemplateInterface || $obj instanceof Twig_Markup) {
    87. 

  87.             return true;
    88. 

  88.         }
    89. 

  89. 

  90.         $allowed = false;
    91. 

  91.         $method = strtolower($method);
    92. 

  92.         foreach ($this->allowedMethods as $class => $methods) {
    93. 

  93.             if ($obj instanceof $class) {
    94. 

  94.                 $allowed = in_array($method, $methods);
    95. 

  95. 

  96.                 break;
    97. 

  97.             }
    98. 

  98.         }
    99. 

  99. 

  100.         if (!$allowed) {
    101. 

  101.             throw new Twig_Sandbox_SecurityError(sprintf('Calling "%s" method on a "%s" object is not allowed.', $method, get_class($obj)));
    102. 

  102.         }
    103. 

  103.     }
    104. 

  104. 

  105.     public function checkPropertyAllowed($obj, $property)
    106. 

  106.     {
    107. 

  107.         $allowed = false;
    108. 

  108.         foreach ($this->allowedProperties as $class => $properties) {
    109. 

  109.             if ($obj instanceof $class) {
    110. 

  110.                 $allowed = in_array($property, is_array($properties) ? $properties : array($properties));
    111. 

  111. 

  112.                 break;
    113. 

  113.             }
    114. 

  114.         }
    115. 

  115. 

  116.         if (!$allowed) {
    117. 

  117.             throw new Twig_Sandbox_SecurityError(sprintf('Calling "%s" property on a "%s" object is not allowed.', $property, get_class($obj)));
    118. 

  118.         }
    119. 

  119.     }
    120. 

  120. }
    121. 

  121.