Sandbox.php (1699B)
1 <?php 2 3 /* 4 * This file is part of Twig. 5 * 6 * (c) 2010 Fabien Potencier 7 * 8 * For the full copyright and license information, please view the LICENSE 9 * file that was distributed with this source code. 10 */ 11 12 /** 13 * Marks a section of a template as untrusted code that must be evaluated in the sandbox mode. 14 * 15 * <pre> 16 * {% sandbox %} 17 * {% include 'user.html' %} 18 * {% endsandbox %} 19 * </pre> 20 * 21 * @see http://www.twig-project.org/doc/api.html#sandbox-extension for details 22 */ 23 class Twig_TokenParser_Sandbox extends Twig_TokenParser 24 { 25 public function parse(Twig_Token $token) 26 { 27 $this->parser->getStream()->expect(Twig_Token::BLOCK_END_TYPE); 28 $body = $this->parser->subparse(array($this, 'decideBlockEnd'), true); 29 $this->parser->getStream()->expect(Twig_Token::BLOCK_END_TYPE); 30 31 // in a sandbox tag, only include tags are allowed 32 if (!$body instanceof Twig_Node_Include) { 33 foreach ($body as $node) { 34 if ($node instanceof Twig_Node_Text && ctype_space($node->getAttribute('data'))) { 35 continue; 36 } 37 38 if (!$node instanceof Twig_Node_Include) { 39 throw new Twig_Error_Syntax('Only "include" tags are allowed within a "sandbox" section.', $node->getLine(), $this->parser->getFilename()); 40 } 41 } 42 } 43 44 return new Twig_Node_Sandbox($body, $token->getLine(), $this->getTag()); 45 } 46 47 public function decideBlockEnd(Twig_Token $token) 48 { 49 return $token->test('endsandbox'); 50 } 51 52 public function getTag() 53 { 54 return 'sandbox'; 55 } 56 }