<?php /* * This file is part of Twig. * * (c) 2009 Fabien Potencier * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ /** * Twig_NodeVisitor_Sandbox implements sandboxing. * * @author Fabien Potencier <fabien@symfony.com> */ class Twig_NodeVisitor_Sandbox implements Twig_NodeVisitorInterface { protected $inAModule = false; protected $tags; protected $filters; protected $functions; /** * Called before child nodes are visited. * * @param Twig_NodeInterface $node The node to visit * @param Twig_Environment $env The Twig environment instance * * @return Twig_NodeInterface The modified node */ public function enterNode(Twig_NodeInterface $node, Twig_Environment $env) { if ($node instanceof Twig_Node_Module) { $this->inAModule = true; $this->tags = array(); $this->filters = array(); $this->functions = array(); return $node; } elseif ($this->inAModule) { // look for tags if ($node->getNodeTag()) { $this->tags[] = $node->getNodeTag(); } // look for filters if ($node instanceof Twig_Node_Expression_Filter) { $this->filters[] = $node->getNode('filter')->getAttribute('value'); } // look for functions if ($node instanceof Twig_Node_Expression_Function) { $this->functions[] = $node->getAttribute('name'); } // wrap print to check __toString() calls if ($node instanceof Twig_Node_Print) { return new Twig_Node_SandboxedPrint($node->getNode('expr'), $node->getLine(), $node->getNodeTag()); } } return $node; } /** * Called after child nodes are visited. * * @param Twig_NodeInterface $node The node to visit * @param Twig_Environment $env The Twig environment instance * * @return Twig_NodeInterface The modified node */ public function leaveNode(Twig_NodeInterface $node, Twig_Environment $env) { if ($node instanceof Twig_Node_Module) { $this->inAModule = false; return new Twig_Node_SandboxedModule($node, array_unique($this->filters), array_unique($this->tags), array_unique($this->functions)); } return $node; } /** * {@inheritdoc} */ public function getPriority() { return 0; } }