4 * This file is part of Twig.
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this source code.
13 * Twig_NodeVisitor_Sandbox implements sandboxing.
17 * @author Fabien Potencier <fabien@symfony.com>
19 class Twig_NodeVisitor_Sandbox extends Twig_BaseNodeVisitor
21 protected $inAModule = false;
26 protected function doEnterNode(Twig_Node $node, Twig_Environment $env)
28 if ($node instanceof Twig_Node_Module) {
29 $this->inAModule = true;
30 $this->tags = array();
31 $this->filters = array();
32 $this->functions = array();
35 } elseif ($this->inAModule) {
37 if ($node->getNodeTag() && !isset($this->tags[$node->getNodeTag()])) {
38 $this->tags[$node->getNodeTag()] = $node;
42 if ($node instanceof Twig_Node_Expression_Filter && !isset($this->filters[$node->getNode('filter')->getAttribute('value')])) {
43 $this->filters[$node->getNode('filter')->getAttribute('value')] = $node;
47 if ($node instanceof Twig_Node_Expression_Function && !isset($this->functions[$node->getAttribute('name')])) {
48 $this->functions[$node->getAttribute('name')] = $node;
51 // the .. operator is equivalent to the range() function
52 if ($node instanceof Twig_Node_Expression_Binary_Range && !isset($this->functions['range'])) {
53 $this->functions['range'] = $node;
56 // wrap print to check __toString() calls
57 if ($node instanceof Twig_Node_Print) {
58 return new Twig_Node_SandboxedPrint($node->getNode('expr'), $node->getTemplateLine(), $node->getNodeTag());
65 protected function doLeaveNode(Twig_Node $node, Twig_Environment $env)
67 if ($node instanceof Twig_Node_Module) {
68 $this->inAModule = false;
70 $node->setNode('display_start', new Twig_Node(array(new Twig_Node_CheckSecurity($this->filters, $this->tags, $this->functions), $node->getNode('display_start'))));
76 public function getPriority()
82 class_alias('Twig_NodeVisitor_Sandbox', 'Twig\NodeVisitor\SandboxNodeVisitor', false);