ホーム エクスプローラ ヘルプ
サインイン
jah
/
freepost
フォーク元 zPlus/freepost
Watch 1
Star 0
Fork 0
ファイル
ツリー: 0b6b874fe7
ブランチ タグ
freepost
/
template
/
Twig
/
Sandbox
/
SecurityPolicy.php

SecurityPolicy.php 3.7 KB
履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120 
  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  * This file is part of Twig.
    5. 

  5.  *
    6. 

  6.  * (c) 2009 Fabien Potencier
    7. 

  7.  *
    8. 

  8.  * For the full copyright and license information, please view the LICENSE
    9. 

  9.  * file that was distributed with this source code.
    10. 

  10.  */
    11. 

  11. 

  12. /**
    13. 

  13.  * Represents a security policy which need to be enforced when sandbox mode is enabled.
    14. 

  14.  *
    15. 

  15.  * @author Fabien Potencier <fabien@symfony.com>
    16. 

  16.  */
    17. 

  17. class Twig_Sandbox_SecurityPolicy implements Twig_Sandbox_SecurityPolicyInterface
    18. 

  18. {
    19. 

  19.     protected $allowedTags;
    20. 

  20.     protected $allowedFilters;
    21. 

  21.     protected $allowedMethods;
    22. 

  22.     protected $allowedProperties;
    23. 

  23.     protected $allowedFunctions;
    24. 

  24. 

  25.     public function __construct(array $allowedTags = array(), array $allowedFilters = array(), array $allowedMethods = array(), array $allowedProperties = array(), array $allowedFunctions = array())
    26. 

  26.     {
    27. 

  27.         $this->allowedTags = $allowedTags;
    28. 

  28.         $this->allowedFilters = $allowedFilters;
    29. 

  29.         $this->setAllowedMethods($allowedMethods);
    30. 

  30.         $this->allowedProperties = $allowedProperties;
    31. 

  31.         $this->allowedFunctions = $allowedFunctions;
    32. 

  32.     }
    33. 

  33. 

  34.     public function setAllowedTags(array $tags)
    35. 

  35.     {
    36. 

  36.         $this->allowedTags = $tags;
    37. 

  37.     }
    38. 

  38. 

  39.     public function setAllowedFilters(array $filters)
    40. 

  40.     {
    41. 

  41.         $this->allowedFilters = $filters;
    42. 

  42.     }
    43. 

  43. 

  44.     public function setAllowedMethods(array $methods)
    45. 

  45.     {
    46. 

  46.         $this->allowedMethods = array();
    47. 

  47.         foreach ($methods as $class => $m) {
    48. 

  48.             $this->allowedMethods[$class] = array_map('strtolower', is_array($m) ? $m : array($m));
    49. 

  49.         }
    50. 

  50.     }
    51. 

  51. 

  52.     public function setAllowedProperties(array $properties)
    53. 

  53.     {
    54. 

  54.         $this->allowedProperties = $properties;
    55. 

  55.     }
    56. 

  56. 

  57.     public function setAllowedFunctions(array $functions)
    58. 

  58.     {
    59. 

  59.         $this->allowedFunctions = $functions;
    60. 

  60.     }
    61. 

  61. 

  62.     public function checkSecurity($tags, $filters, $functions)
    63. 

  63.     {
    64. 

  64.         foreach ($tags as $tag) {
    65. 

  65.             if (!in_array($tag, $this->allowedTags)) {
    66. 

  66.                 throw new Twig_Sandbox_SecurityNotAllowedTagError(sprintf('Tag "%s" is not allowed.', $tag), $tag);
    67. 

  67.             }
    68. 

  68.         }
    69. 

  69. 

  70.         foreach ($filters as $filter) {
    71. 

  71.             if (!in_array($filter, $this->allowedFilters)) {
    72. 

  72.                 throw new Twig_Sandbox_SecurityNotAllowedFilterError(sprintf('Filter "%s" is not allowed.', $filter), $filter);
    73. 

  73.             }
    74. 

  74.         }
    75. 

  75. 

  76.         foreach ($functions as $function) {
    77. 

  77.             if (!in_array($function, $this->allowedFunctions)) {
    78. 

  78.                 throw new Twig_Sandbox_SecurityNotAllowedFunctionError(sprintf('Function "%s" is not allowed.', $function), $function);
    79. 

  79.             }
    80. 

  80.         }
    81. 

  81.     }
    82. 

  82. 

  83.     public function checkMethodAllowed($obj, $method)
    84. 

  84.     {
    85. 

  85.         if ($obj instanceof Twig_TemplateInterface || $obj instanceof Twig_Markup) {
    86. 

  86.             return true;
    87. 

  87.         }
    88. 

  88. 

  89.         $allowed = false;
    90. 

  90.         $method = strtolower($method);
    91. 

  91.         foreach ($this->allowedMethods as $class => $methods) {
    92. 

  92.             if ($obj instanceof $class) {
    93. 

  93.                 $allowed = in_array($method, $methods);
    94. 

  94. 

  95.                 break;
    96. 

  96.             }
    97. 

  97.         }
    98. 

  98. 

  99.         if (!$allowed) {
    100. 

  100.             throw new Twig_Sandbox_SecurityError(sprintf('Calling "%s" method on a "%s" object is not allowed.', $method, get_class($obj)));
    101. 

  101.         }
    102. 

  102.     }
    103. 

  103. 

  104.     public function checkPropertyAllowed($obj, $property)
    105. 

  105.     {
    106. 

  106.         $allowed = false;
    107. 

  107.         foreach ($this->allowedProperties as $class => $properties) {
    108. 

  108.             if ($obj instanceof $class) {
    109. 

  109.                 $allowed = in_array($property, is_array($properties) ? $properties : array($properties));
    110. 

  110. 

  111.                 break;
    112. 

  112.             }
    113. 

  113.         }
    114. 

  114. 

  115.         if (!$allowed) {
    116. 

  116.             throw new Twig_Sandbox_SecurityError(sprintf('Calling "%s" property on a "%s" object is not allowed.', $property, get_class($obj)));
    117. 

  117.         }
    118. 

  118.     }
    119. 

  119. }
    120. 

  120.