ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Protected Attributes
Twig_Sandbox_SecurityPolicy Class Reference

Represents a security policy which need to be enforced when sandbox mode is enabled. More...

+ Inheritance diagram for Twig_Sandbox_SecurityPolicy:
+ Collaboration diagram for Twig_Sandbox_SecurityPolicy:

Public Member Functions

 __construct (array $allowedTags=array(), array $allowedFilters=array(), array $allowedMethods=array(), array $allowedProperties=array(), array $allowedFunctions=array())
 
 setAllowedTags (array $tags)
 
 setAllowedFilters (array $filters)
 
 setAllowedMethods (array $methods)
 
 setAllowedProperties (array $properties)
 
 setAllowedFunctions (array $functions)
 
 checkSecurity ($tags, $filters, $functions)
 
 checkMethodAllowed ($obj, $method)
 
 checkPropertyAllowed ($obj, $property)
 

Protected Attributes

 $allowedTags
 
 $allowedFilters
 
 $allowedMethods
 
 $allowedProperties
 
 $allowedFunctions
 

Detailed Description

Represents a security policy which need to be enforced when sandbox mode is enabled.

Author
Fabien Potencier fabie.nosp@m.n@sy.nosp@m.mfony.nosp@m..com

Definition at line 19 of file SecurityPolicy.php.

Constructor & Destructor Documentation

◆ __construct()

Twig_Sandbox_SecurityPolicy::__construct ( array  $allowedTags = array(),
array  $allowedFilters = array(),
array  $allowedMethods = array(),
array  $allowedProperties = array(),
array  $allowedFunctions = array() 
)

Definition at line 27 of file SecurityPolicy.php.

References $allowedFilters, $allowedFunctions, $allowedMethods, $allowedProperties, $allowedTags, and setAllowedMethods().

28  {
29  $this->allowedTags = $allowedTags;
30  $this->allowedFilters = $allowedFilters;
31  $this->setAllowedMethods($allowedMethods);
32  $this->allowedProperties = $allowedProperties;
33  $this->allowedFunctions = $allowedFunctions;
34  }
Twig_Sandbox_SecurityPolicy\$allowedFilters
$allowedFilters
Definition: SecurityPolicy.php:22
Twig_Sandbox_SecurityPolicy\$allowedProperties
$allowedProperties
Definition: SecurityPolicy.php:24
Twig_Sandbox_SecurityPolicy\$allowedMethods
$allowedMethods
Definition: SecurityPolicy.php:23
Twig_Sandbox_SecurityPolicy\$allowedTags
$allowedTags
Definition: SecurityPolicy.php:21
Twig_Sandbox_SecurityPolicy\setAllowedMethods
setAllowedMethods(array $methods)
Definition: SecurityPolicy.php:46
Twig_Sandbox_SecurityPolicy\$allowedFunctions
$allowedFunctions
Definition: SecurityPolicy.php:25
+ Here is the call graph for this function:

Member Function Documentation

◆ checkMethodAllowed()

Twig_Sandbox_SecurityPolicy::checkMethodAllowed (   $obj,
  $method 
)

Implements Twig_Sandbox_SecurityPolicyInterface.

Definition at line 85 of file SecurityPolicy.php.

86  {
87  if ($obj instanceof Twig_TemplateInterface || $obj instanceof Twig_Markup) {
88  return true;
89  }
90 
91  $allowed = false;
92  $method = strtolower($method);
93  foreach ($this->allowedMethods as $class => $methods) {
94  if ($obj instanceof $class) {
95  $allowed = in_array($method, $methods);
96 
97  break;
98  }
99  }
100 
101  if (!$allowed) {
102  $class = get_class($obj);
103  throw new Twig_Sandbox_SecurityNotAllowedMethodError(sprintf('Calling "%s" method on a "%s" object is not allowed.', $method, $class), $class, $method);
104  }
105  }
Twig_TemplateInterface
Interface implemented by all compiled templates.
Definition: TemplateInterface.php:19
Twig_Sandbox_SecurityNotAllowedMethodError
Exception thrown when a not allowed class method is used in a template.
Definition: SecurityNotAllowedMethodError.php:17
Twig_Markup
Marks a content as safe.
Definition: Markup.php:17

◆ checkPropertyAllowed()

Twig_Sandbox_SecurityPolicy::checkPropertyAllowed (   $obj,
  $property 
)

Implements Twig_Sandbox_SecurityPolicyInterface.

Definition at line 107 of file SecurityPolicy.php.

References array.

108  {
109  $allowed = false;
110  foreach ($this->allowedProperties as $class => $properties) {
111  if ($obj instanceof $class) {
112  $allowed = in_array($property, is_array($properties) ? $properties : array($properties));
113 
114  break;
115  }
116  }
117 
118  if (!$allowed) {
119  $class = get_class($obj);
120  throw new Twig_Sandbox_SecurityNotAllowedPropertyError(sprintf('Calling "%s" property on a "%s" object is not allowed.', $property, $class), $class, $property);
121  }
122  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
Twig_Sandbox_SecurityNotAllowedPropertyError
Exception thrown when a not allowed class property is used in a template.
Definition: SecurityNotAllowedPropertyError.php:17

◆ checkSecurity()

Twig_Sandbox_SecurityPolicy::checkSecurity (   $tags,
  $filters,
  $functions 
)

Implements Twig_Sandbox_SecurityPolicyInterface.

Definition at line 64 of file SecurityPolicy.php.

References $function, $tag, and $tags.

65  {
66  foreach ($tags as $tag) {
67  if (!in_array($tag, $this->allowedTags)) {
68  throw new Twig_Sandbox_SecurityNotAllowedTagError(sprintf('Tag "%s" is not allowed.', $tag), $tag);
69  }
70  }
71 
72  foreach ($filters as $filter) {
73  if (!in_array($filter, $this->allowedFilters)) {
74  throw new Twig_Sandbox_SecurityNotAllowedFilterError(sprintf('Filter "%s" is not allowed.', $filter), $filter);
75  }
76  }
77 
78  foreach ($functions as $function) {
79  if (!in_array($function, $this->allowedFunctions)) {
80  throw new Twig_Sandbox_SecurityNotAllowedFunctionError(sprintf('Function "%s" is not allowed.', $function), $function);
81  }
82  }
83  }
$tags
$tags
Definition: croninfo.php:19
Twig_Sandbox_SecurityNotAllowedFunctionError
Exception thrown when a not allowed function is used in a template.
Definition: SecurityNotAllowedFunctionError.php:17
Twig_Sandbox_SecurityNotAllowedTagError
Exception thrown when a not allowed tag is used in a template.
Definition: SecurityNotAllowedTagError.php:17
$function
$function
Definition: cas.php:28
Twig_Sandbox_SecurityNotAllowedFilterError
Exception thrown when a not allowed filter is used in a template.
Definition: SecurityNotAllowedFilterError.php:17
$tag
if(function_exists('posix_getuid') &&posix_getuid()===0) if(!array_key_exists('t', $options)) $tag
Definition: cron.php:35

◆ setAllowedFilters()

Twig_Sandbox_SecurityPolicy::setAllowedFilters ( array  $filters)

Definition at line 41 of file SecurityPolicy.php.

42  {
43  $this->allowedFilters = $filters;
44  }

◆ setAllowedFunctions()

Twig_Sandbox_SecurityPolicy::setAllowedFunctions ( array  $functions)

Definition at line 59 of file SecurityPolicy.php.

60  {
61  $this->allowedFunctions = $functions;
62  }

◆ setAllowedMethods()

Twig_Sandbox_SecurityPolicy::setAllowedMethods ( array  $methods)

Definition at line 46 of file SecurityPolicy.php.

References $m, and array.

Referenced by __construct().

47  {
48  $this->allowedMethods = array();
49  foreach ($methods as $class => $m) {
50  $this->allowedMethods[$class] = array_map('strtolower', is_array($m) ? $m : array($m));
51  }
52  }
$m
$m
Definition: show_metadata.php:25
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
+ Here is the caller graph for this function:

◆ setAllowedProperties()

Twig_Sandbox_SecurityPolicy::setAllowedProperties ( array  $properties)

Definition at line 54 of file SecurityPolicy.php.

55  {
56  $this->allowedProperties = $properties;
57  }

◆ setAllowedTags()

Twig_Sandbox_SecurityPolicy::setAllowedTags ( array  $tags)

Definition at line 36 of file SecurityPolicy.php.

References $tags.

37  {
38  $this->allowedTags = $tags;
39  }
$tags
$tags
Definition: croninfo.php:19

Field Documentation

◆ $allowedFilters

Twig_Sandbox_SecurityPolicy::$allowedFilters
protected

Definition at line 22 of file SecurityPolicy.php.

Referenced by __construct().

◆ $allowedFunctions

Twig_Sandbox_SecurityPolicy::$allowedFunctions
protected

Definition at line 25 of file SecurityPolicy.php.

Referenced by __construct().

◆ $allowedMethods

Twig_Sandbox_SecurityPolicy::$allowedMethods
protected

Definition at line 23 of file SecurityPolicy.php.

Referenced by __construct().

◆ $allowedProperties

Twig_Sandbox_SecurityPolicy::$allowedProperties
protected

Definition at line 24 of file SecurityPolicy.php.

Referenced by __construct().

◆ $allowedTags

Twig_Sandbox_SecurityPolicy::$allowedTags
protected

Definition at line 21 of file SecurityPolicy.php.

Referenced by __construct().

The documentation for this class was generated from the following file: