Twig_Sandbox_SecurityPolicy Class Reference

Represents a security policy which need to be enforced when sandbox mode is enabled. More...

Inheritance diagram for Twig_Sandbox_SecurityPolicy:

Collaboration diagram for Twig_Sandbox_SecurityPolicy:

Public Member Functions
	__construct (array $allowedTags=array(), array $allowedFilters=array(), array $allowedMethods=array(), array $allowedProperties=array(), array $allowedFunctions=array())
	setAllowedTags (array $tags)
	setAllowedFilters (array $filters)
	setAllowedMethods (array $methods)
	setAllowedProperties (array $properties)
	setAllowedFunctions (array $functions)
	checkSecurity ($tags, $filters, $functions)
	checkMethodAllowed ($obj, $method)
	checkPropertyAllowed ($obj, $property)
	checkSecurity ($tags, $filters, $functions)
	checkMethodAllowed ($obj, $method)
	checkPropertyAllowed ($obj, $method)

Protected Attributes
	$allowedTags
	$allowedFilters
	$allowedMethods
	$allowedProperties
	$allowedFunctions

Detailed Description

Represents a security policy which need to be enforced when sandbox mode is enabled.

@final

Author

Fabien Potencier fabie.nosp@m.n@sy.nosp@m.mfony.nosp@m..com

Definition at line 19 of file SecurityPolicy.php.

Constructor & Destructor Documentation

__construct()

Twig_Sandbox_SecurityPolicy::__construct	(	array	$allowedTags = array(),
		array	$allowedFilters = array(),
		array	$allowedMethods = array(),
		array	$allowedProperties = array(),
		array	$allowedFunctions = array()
	)

Definition at line 27 of file SecurityPolicy.php.

    {
        $this->allowedTags = $allowedTags;
        $this->allowedFilters = $allowedFilters;
        $this->setAllowedMethods($allowedMethods);
        $this->allowedProperties = $allowedProperties;
        $this->allowedFunctions = $allowedFunctions;
    }

References $allowedFilters, $allowedFunctions, $allowedMethods, $allowedProperties, $allowedTags, and setAllowedMethods().

Here is the call graph for this function:

Member Function Documentation

checkMethodAllowed()

Twig_Sandbox_SecurityPolicy::checkMethodAllowed	(		$obj,
			$method
	)

Implements Twig_Sandbox_SecurityPolicyInterface.

Definition at line 85 of file SecurityPolicy.php.

    {
        if ($obj instanceof Twig_TemplateInterface || $obj instanceof Twig_Markup) {
            return true;
        }
 
        $allowed = false;
        $method = strtolower($method);
        foreach ($this->allowedMethods as $class => $methods) {
            if ($obj instanceof $class) {
                $allowed = in_array($method, $methods);
 
                break;
            }
        }
 
        if (!$allowed) {
            $class = get_class($obj);
            throw new Twig_Sandbox_SecurityNotAllowedMethodError(sprintf('Calling "%s" method on a "%s" object is not allowed.', $method, $class), $class, $method);
        }
    }

References sprintf.

checkPropertyAllowed()

Twig_Sandbox_SecurityPolicy::checkPropertyAllowed	(		$obj,
			$property
	)

Implements Twig_Sandbox_SecurityPolicyInterface.

Definition at line 107 of file SecurityPolicy.php.

    {
        $allowed = false;
        foreach ($this->allowedProperties as $class => $properties) {
            if ($obj instanceof $class) {
                $allowed = in_array($property, is_array($properties) ? $properties : array($properties));
 
                break;
            }
        }
 
        if (!$allowed) {
            $class = get_class($obj);
            throw new Twig_Sandbox_SecurityNotAllowedPropertyError(sprintf('Calling "%s" property on a "%s" object is not allowed.', $property, $class), $class, $property);
        }
    }

References sprintf.

checkSecurity()

Twig_Sandbox_SecurityPolicy::checkSecurity	(		$tags,
			$filters,
			$functions
	)

Implements Twig_Sandbox_SecurityPolicyInterface.

Definition at line 64 of file SecurityPolicy.php.

    {
        foreach ($tags as $tag) {
            if (!in_array($tag, $this->allowedTags)) {
                throw new Twig_Sandbox_SecurityNotAllowedTagError(sprintf('Tag "%s" is not allowed.', $tag), $tag);
            }
        }
 
        foreach ($filters as $filter) {
            if (!in_array($filter, $this->allowedFilters)) {
                throw new Twig_Sandbox_SecurityNotAllowedFilterError(sprintf('Filter "%s" is not allowed.', $filter), $filter);
            }
        }
 
        foreach ($functions as $function) {
            if (!in_array($function, $this->allowedFunctions)) {
                throw new Twig_Sandbox_SecurityNotAllowedFunctionError(sprintf('Function "%s" is not allowed.', $function), $function);
            }
        }
    }

References $function, $tag, $tags, and sprintf.

setAllowedFilters()

Twig_Sandbox_SecurityPolicy::setAllowedFilters

(

array

$filters

)

Definition at line 41 of file SecurityPolicy.php.

    {
        $this->allowedFilters = $filters;
    }

setAllowedFunctions()

Twig_Sandbox_SecurityPolicy::setAllowedFunctions

(

array

$functions

)

Definition at line 59 of file SecurityPolicy.php.

    {
        $this->allowedFunctions = $functions;
    }

setAllowedMethods()

Twig_Sandbox_SecurityPolicy::setAllowedMethods

(

array

$methods

)

Definition at line 46 of file SecurityPolicy.php.

    {
        $this->allowedMethods = array();
        foreach ($methods as $class => $m) {
            $this->allowedMethods[$class] = array_map('strtolower', is_array($m) ? $m : array($m));
        }
    }

References $m.

Referenced by __construct().

Here is the caller graph for this function:

setAllowedProperties()

Twig_Sandbox_SecurityPolicy::setAllowedProperties

(

array

$properties

)

Definition at line 54 of file SecurityPolicy.php.

    {
        $this->allowedProperties = $properties;
    }

setAllowedTags()

Twig_Sandbox_SecurityPolicy::setAllowedTags

(

array

$tags

)

Definition at line 36 of file SecurityPolicy.php.

    {
        $this->allowedTags = $tags;
    }

References $tags.

Field Documentation

$allowedFilters

Twig_Sandbox_SecurityPolicy::$allowedFilters

protected

Definition at line 22 of file SecurityPolicy.php.

Referenced by __construct().

$allowedFunctions

Twig_Sandbox_SecurityPolicy::$allowedFunctions

protected

Definition at line 25 of file SecurityPolicy.php.

Referenced by __construct().

$allowedMethods

Twig_Sandbox_SecurityPolicy::$allowedMethods

protected

Definition at line 23 of file SecurityPolicy.php.

Referenced by __construct().

$allowedProperties

Twig_Sandbox_SecurityPolicy::$allowedProperties

protected

Definition at line 24 of file SecurityPolicy.php.

Referenced by __construct().

$allowedTags

Twig_Sandbox_SecurityPolicy::$allowedTags

protected

Definition at line 21 of file SecurityPolicy.php.

Referenced by __construct().

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/twig/twig/lib/Twig/Sandbox/SecurityPolicy.php