mirror of
https://github.com/slawkens/myaac.git
synced 2025-10-14 09:44:55 +02:00
Update Twig to v2.15.4
This commit is contained in:
slawkens
@@ -15,13 +15,24 @@ namespace Twig\Sandbox;
|
||||
* Exception thrown when a not allowed filter is used in a template.
|
||||
*
|
||||
* @author Martin Hasoň <martin.hason@gmail.com>
|
||||
*
|
||||
* @final
|
||||
*/
|
||||
class SecurityNotAllowedFilterError extends SecurityError
|
||||
{
|
||||
private $filterName;
|
||||
|
||||
public function __construct($message, $functionName, $lineno = -1, $filename = null, \Exception $previous = null)
|
||||
public function __construct(string $message, string $functionName, int $lineno = -1, string $filename = null, \Exception $previous = null)
|
||||
{
|
||||
if (-1 !== $lineno) {
|
||||
@trigger_error(sprintf('Passing $lineno as a 3th argument of the %s constructor is deprecated since Twig 2.8.1.', __CLASS__), \E_USER_DEPRECATED);
|
||||
}
|
||||
if (null !== $filename) {
|
||||
@trigger_error(sprintf('Passing $filename as a 4th argument of the %s constructor is deprecated since Twig 2.8.1.', __CLASS__), \E_USER_DEPRECATED);
|
||||
}
|
||||
if (null !== $previous) {
|
||||
@trigger_error(sprintf('Passing $previous as a 5th argument of the %s constructor is deprecated since Twig 2.8.1.', __CLASS__), \E_USER_DEPRECATED);
|
||||
}
|
||||
parent::__construct($message, $lineno, $filename, $previous);
|
||||
$this->filterName = $functionName;
|
||||
}
|
||||
|
||||
@@ -15,13 +15,24 @@ namespace Twig\Sandbox;
|
||||
* Exception thrown when a not allowed function is used in a template.
|
||||
*
|
||||
* @author Martin Hasoň <martin.hason@gmail.com>
|
||||
*
|
||||
* @final
|
||||
*/
|
||||
class SecurityNotAllowedFunctionError extends SecurityError
|
||||
{
|
||||
private $functionName;
|
||||
|
||||
public function __construct($message, $functionName, $lineno = -1, $filename = null, \Exception $previous = null)
|
||||
public function __construct(string $message, string $functionName, int $lineno = -1, string $filename = null, \Exception $previous = null)
|
||||
{
|
||||
if (-1 !== $lineno) {
|
||||
@trigger_error(sprintf('Passing $lineno as a 3th argument of the %s constructor is deprecated since Twig 2.8.1.', __CLASS__), \E_USER_DEPRECATED);
|
||||
}
|
||||
if (null !== $filename) {
|
||||
@trigger_error(sprintf('Passing $filename as a 4th argument of the %s constructor is deprecated since Twig 2.8.1.', __CLASS__), \E_USER_DEPRECATED);
|
||||
}
|
||||
if (null !== $previous) {
|
||||
@trigger_error(sprintf('Passing $previous as a 5th argument of the %s constructor is deprecated since Twig 2.8.1.', __CLASS__), \E_USER_DEPRECATED);
|
||||
}
|
||||
parent::__construct($message, $lineno, $filename, $previous);
|
||||
$this->functionName = $functionName;
|
||||
}
|
||||
|
||||
@@ -15,14 +15,25 @@ namespace Twig\Sandbox;
|
||||
* Exception thrown when a not allowed class method is used in a template.
|
||||
*
|
||||
* @author Kit Burton-Senior <mail@kitbs.com>
|
||||
*
|
||||
* @final
|
||||
*/
|
||||
class SecurityNotAllowedMethodError extends SecurityError
|
||||
{
|
||||
private $className;
|
||||
private $methodName;
|
||||
|
||||
public function __construct($message, $className, $methodName, $lineno = -1, $filename = null, \Exception $previous = null)
|
||||
public function __construct(string $message, string $className, string $methodName, int $lineno = -1, string $filename = null, \Exception $previous = null)
|
||||
{
|
||||
if (-1 !== $lineno) {
|
||||
@trigger_error(sprintf('Passing $lineno as a 3th argument of the %s constructor is deprecated since Twig 2.8.1.', __CLASS__), \E_USER_DEPRECATED);
|
||||
}
|
||||
if (null !== $filename) {
|
||||
@trigger_error(sprintf('Passing $filename as a 4th argument of the %s constructor is deprecated since Twig 2.8.1.', __CLASS__), \E_USER_DEPRECATED);
|
||||
}
|
||||
if (null !== $previous) {
|
||||
@trigger_error(sprintf('Passing $previous as a 5th argument of the %s constructor is deprecated since Twig 2.8.1.', __CLASS__), \E_USER_DEPRECATED);
|
||||
}
|
||||
parent::__construct($message, $lineno, $filename, $previous);
|
||||
$this->className = $className;
|
||||
$this->methodName = $methodName;
|
||||
|
||||
@@ -15,14 +15,25 @@ namespace Twig\Sandbox;
|
||||
* Exception thrown when a not allowed class property is used in a template.
|
||||
*
|
||||
* @author Kit Burton-Senior <mail@kitbs.com>
|
||||
*
|
||||
* @final
|
||||
*/
|
||||
class SecurityNotAllowedPropertyError extends SecurityError
|
||||
{
|
||||
private $className;
|
||||
private $propertyName;
|
||||
|
||||
public function __construct($message, $className, $propertyName, $lineno = -1, $filename = null, \Exception $previous = null)
|
||||
public function __construct(string $message, string $className, string $propertyName, int $lineno = -1, string $filename = null, \Exception $previous = null)
|
||||
{
|
||||
if (-1 !== $lineno) {
|
||||
@trigger_error(sprintf('Passing $lineno as a 3th argument of the %s constructor is deprecated since Twig 2.8.1.', __CLASS__), \E_USER_DEPRECATED);
|
||||
}
|
||||
if (null !== $filename) {
|
||||
@trigger_error(sprintf('Passing $filename as a 4th argument of the %s constructor is deprecated since Twig 2.8.1.', __CLASS__), \E_USER_DEPRECATED);
|
||||
}
|
||||
if (null !== $previous) {
|
||||
@trigger_error(sprintf('Passing $previous as a 5th argument of the %s constructor is deprecated since Twig 2.8.1.', __CLASS__), \E_USER_DEPRECATED);
|
||||
}
|
||||
parent::__construct($message, $lineno, $filename, $previous);
|
||||
$this->className = $className;
|
||||
$this->propertyName = $propertyName;
|
||||
|
||||
@@ -15,13 +15,24 @@ namespace Twig\Sandbox;
|
||||
* Exception thrown when a not allowed tag is used in a template.
|
||||
*
|
||||
* @author Martin Hasoň <martin.hason@gmail.com>
|
||||
*
|
||||
* @final
|
||||
*/
|
||||
class SecurityNotAllowedTagError extends SecurityError
|
||||
{
|
||||
private $tagName;
|
||||
|
||||
public function __construct($message, $tagName, $lineno = -1, $filename = null, \Exception $previous = null)
|
||||
public function __construct(string $message, string $tagName, int $lineno = -1, string $filename = null, \Exception $previous = null)
|
||||
{
|
||||
if (-1 !== $lineno) {
|
||||
@trigger_error(sprintf('Passing $lineno as a 3th argument of the %s constructor is deprecated since Twig 2.8.1.', __CLASS__), \E_USER_DEPRECATED);
|
||||
}
|
||||
if (null !== $filename) {
|
||||
@trigger_error(sprintf('Passing $filename as a 4th argument of the %s constructor is deprecated since Twig 2.8.1.', __CLASS__), \E_USER_DEPRECATED);
|
||||
}
|
||||
if (null !== $previous) {
|
||||
@trigger_error(sprintf('Passing $previous as a 5th argument of the %s constructor is deprecated since Twig 2.8.1.', __CLASS__), \E_USER_DEPRECATED);
|
||||
}
|
||||
parent::__construct($message, $lineno, $filename, $previous);
|
||||
$this->tagName = $tagName;
|
||||
}
|
||||
|
||||
@@ -12,21 +12,20 @@
|
||||
namespace Twig\Sandbox;
|
||||
|
||||
use Twig\Markup;
|
||||
use Twig\Template;
|
||||
|
||||
/**
|
||||
* Represents a security policy which need to be enforced when sandbox mode is enabled.
|
||||
*
|
||||
* @final
|
||||
*
|
||||
* @author Fabien Potencier <fabien@symfony.com>
|
||||
*/
|
||||
class SecurityPolicy implements SecurityPolicyInterface
|
||||
final class SecurityPolicy implements SecurityPolicyInterface
|
||||
{
|
||||
protected $allowedTags;
|
||||
protected $allowedFilters;
|
||||
protected $allowedMethods;
|
||||
protected $allowedProperties;
|
||||
protected $allowedFunctions;
|
||||
private $allowedTags;
|
||||
private $allowedFilters;
|
||||
private $allowedMethods;
|
||||
private $allowedProperties;
|
||||
private $allowedFunctions;
|
||||
|
||||
public function __construct(array $allowedTags = [], array $allowedFilters = [], array $allowedMethods = [], array $allowedProperties = [], array $allowedFunctions = [])
|
||||
{
|
||||
@@ -51,7 +50,7 @@ class SecurityPolicy implements SecurityPolicyInterface
|
||||
{
|
||||
$this->allowedMethods = [];
|
||||
foreach ($methods as $class => $m) {
|
||||
$this->allowedMethods[$class] = array_map('strtolower', \is_array($m) ? $m : [$m]);
|
||||
$this->allowedMethods[$class] = array_map(function ($value) { return strtr($value, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'); }, \is_array($m) ? $m : [$m]);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -88,12 +87,12 @@ class SecurityPolicy implements SecurityPolicyInterface
|
||||
|
||||
public function checkMethodAllowed($obj, $method)
|
||||
{
|
||||
if ($obj instanceof \Twig_TemplateInterface || $obj instanceof Markup) {
|
||||
if ($obj instanceof Template || $obj instanceof Markup) {
|
||||
return;
|
||||
}
|
||||
|
||||
$allowed = false;
|
||||
$method = strtolower($method);
|
||||
$method = strtr($method, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz');
|
||||
foreach ($this->allowedMethods as $class => $methods) {
|
||||
if ($obj instanceof $class) {
|
||||
$allowed = \in_array($method, $methods);
|
||||
|
||||
@@ -18,11 +18,30 @@ namespace Twig\Sandbox;
|
||||
*/
|
||||
interface SecurityPolicyInterface
|
||||
{
|
||||
/**
|
||||
* @param string[] $tags
|
||||
* @param string[] $filters
|
||||
* @param string[] $functions
|
||||
*
|
||||
* @throws SecurityError
|
||||
*/
|
||||
public function checkSecurity($tags, $filters, $functions);
|
||||
|
||||
/**
|
||||
* @param object $obj
|
||||
* @param string $method
|
||||
*
|
||||
* @throws SecurityNotAllowedMethodError
|
||||
*/
|
||||
public function checkMethodAllowed($obj, $method);
|
||||
|
||||
public function checkPropertyAllowed($obj, $method);
|
||||
/**
|
||||
* @param object $obj
|
||||
* @param string $property
|
||||
*
|
||||
* @throws SecurityNotAllowedPropertyError
|
||||
*/
|
||||
public function checkPropertyAllowed($obj, $property);
|
||||
}
|
||||
|
||||
class_alias('Twig\Sandbox\SecurityPolicyInterface', 'Twig_Sandbox_SecurityPolicyInterface');
|
||||
|
||||
Reference in New Issue
Block a user