4 * This file is part of Twig.
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this source code.
13 * Represents a security policy which need to be enforced when sandbox mode is enabled.
17 * @author Fabien Potencier <fabien@symfony.com>
19 class Twig_Sandbox_SecurityPolicy implements Twig_Sandbox_SecurityPolicyInterface
21 protected $allowedTags;
22 protected $allowedFilters;
23 protected $allowedMethods;
24 protected $allowedProperties;
25 protected $allowedFunctions;
27 public function __construct(array $allowedTags = array(), array $allowedFilters = array(), array $allowedMethods = array(), array $allowedProperties = array(), array $allowedFunctions = array())
29 $this->allowedTags = $allowedTags;
30 $this->allowedFilters = $allowedFilters;
31 $this->setAllowedMethods($allowedMethods);
32 $this->allowedProperties = $allowedProperties;
33 $this->allowedFunctions = $allowedFunctions;
36 public function setAllowedTags(array $tags)
38 $this->allowedTags = $tags;
41 public function setAllowedFilters(array $filters)
43 $this->allowedFilters = $filters;
46 public function setAllowedMethods(array $methods)
48 $this->allowedMethods = array();
49 foreach ($methods as $class => $m) {
50 $this->allowedMethods[$class] = array_map('strtolower', is_array($m) ? $m : array($m));
54 public function setAllowedProperties(array $properties)
56 $this->allowedProperties = $properties;
59 public function setAllowedFunctions(array $functions)
61 $this->allowedFunctions = $functions;
64 public function checkSecurity($tags, $filters, $functions)
66 foreach ($tags as $tag) {
67 if (!in_array($tag, $this->allowedTags)) {
68 throw new Twig_Sandbox_SecurityNotAllowedTagError(sprintf('Tag "%s" is not allowed.', $tag), $tag);
72 foreach ($filters as $filter) {
73 if (!in_array($filter, $this->allowedFilters)) {
74 throw new Twig_Sandbox_SecurityNotAllowedFilterError(sprintf('Filter "%s" is not allowed.', $filter), $filter);
78 foreach ($functions as $function) {
79 if (!in_array($function, $this->allowedFunctions)) {
80 throw new Twig_Sandbox_SecurityNotAllowedFunctionError(sprintf('Function "%s" is not allowed.', $function), $function);
85 public function checkMethodAllowed($obj, $method)
87 if ($obj instanceof Twig_TemplateInterface || $obj instanceof Twig_Markup) {
92 $method = strtolower($method);
93 foreach ($this->allowedMethods as $class => $methods) {
94 if ($obj instanceof $class) {
95 $allowed = in_array($method, $methods);
102 $class = get_class($obj);
103 throw new Twig_Sandbox_SecurityNotAllowedMethodError(sprintf('Calling "%s" method on a "%s" object is not allowed.', $method, $class), $class, $method);
107 public function checkPropertyAllowed($obj, $property)
110 foreach ($this->allowedProperties as $class => $properties) {
111 if ($obj instanceof $class) {
112 $allowed = in_array($property, is_array($properties) ? $properties : array($properties));
119 $class = get_class($obj);
120 throw new Twig_Sandbox_SecurityNotAllowedPropertyError(sprintf('Calling "%s" property on a "%s" object is not allowed.', $property, $class), $class, $property);
125 class_alias('Twig_Sandbox_SecurityPolicy', 'Twig\Sandbox\SecurityPolicy', false);