Twig_Tests_Extension_SandboxTest Class Reference

Inheritance diagram for Twig_Tests_Extension_SandboxTest:

Collaboration diagram for Twig_Tests_Extension_SandboxTest:

Public Member Functions
	testSandboxWithInheritance ()
	Twig_Sandbox_SecurityError Filter "json_encode" is not allowed in "1_child" at line 3. More...
	testSandboxGloballySet ()
	testSandboxUnallowedMethodAccessor ()
	testSandboxUnallowedFilter ()
	testSandboxUnallowedTag ()
	testSandboxUnallowedProperty ()
	testSandboxUnallowedToString ()
	testSandboxUnallowedToStringArray ()
	testSandboxUnallowedFunction ()
	testSandboxUnallowedRangeOperator ()
	testSandboxAllowMethodFoo ()
	testSandboxAllowMethodToString ()
	testSandboxAllowMethodToStringDisabled ()
	testSandboxAllowFilter ()
	testSandboxAllowTag ()
	testSandboxAllowProperty ()
	testSandboxAllowFunction ()
	testSandboxAllowRangeOperator ()
	testSandboxAllowFunctionsCaseInsensitive ()
	testSandboxLocallySetForAnInclude ()
	testMacrosInASandbox ()
	testSandboxDisabledAfterIncludeFunctionError ()

Protected Member Functions
	setUp ()
	getEnvironment ($sandboxed, $options, $templates, $tags=array(), $filters=array(), $methods=array(), $properties=array(), $functions=array())

Static Protected Attributes
static	$params
static	$templates

Detailed Description

Definition at line 12 of file SandboxTest.php.

Member Function Documentation

getEnvironment()

Twig_Tests_Extension_SandboxTest::getEnvironment (   $sandboxed,   $options,   $templates,   $tags = array(),   $filters = array(),   $methods = array(),   $properties = array(),   $functions = array()  )

protected

Definition at line 281 of file SandboxTest.php.

References $loader, $options, $tags, $templates, and array.

Referenced by testMacrosInASandbox(), testSandboxAllowFilter(), testSandboxAllowFunction(), testSandboxAllowFunctionsCaseInsensitive(), testSandboxAllowMethodFoo(), testSandboxAllowMethodToString(), testSandboxAllowMethodToStringDisabled(), testSandboxAllowProperty(), testSandboxAllowRangeOperator(), testSandboxAllowTag(), testSandboxDisabledAfterIncludeFunctionError(), testSandboxGloballySet(), testSandboxLocallySetForAnInclude(), testSandboxUnallowedFilter(), testSandboxUnallowedFunction(), testSandboxUnallowedMethodAccessor(), testSandboxUnallowedProperty(), testSandboxUnallowedRangeOperator(), testSandboxUnallowedTag(), testSandboxUnallowedToString(), testSandboxUnallowedToStringArray(), and testSandboxWithInheritance().

    {
        $loader = new Twig_Loader_Array($templates);
        $twig = new Twig_Environment($loader, array_merge(array('debug' => true, 'cache' => false, 'autoescape' => false), $options));
        $policy = new Twig_Sandbox_SecurityPolicy($tags, $filters, $methods, $properties, $functions);
        $twig->addExtension(new Twig_Extension_Sandbox($policy, $sandboxed));

        return $twig;
    }

Here is the caller graph for this function:

setUp()

Twig_Tests_Extension_SandboxTest::setUp ( )

protected

Definition at line 17 of file SandboxTest.php.

References $params, and array.

    {
        self::$params = array(
            'name' => 'Fabien',
            'obj' => new FooObject(),
            'arr' => array('obj' => new FooObject()),
        );

        self::$templates = array(
            '1_basic1' => '{{ obj.foo }}',
            '1_basic2' => '{{ name|upper }}',
            '1_basic3' => '{% if name %}foo{% endif %}',
            '1_basic4' => '{{ obj.bar }}',
            '1_basic5' => '{{ obj }}',
            '1_basic6' => '{{ arr.obj }}',
            '1_basic7' => '{{ cycle(["foo","bar"], 1) }}',
            '1_basic8' => '{{ obj.getfoobar }}{{ obj.getFooBar }}',
            '1_basic9' => '{{ obj.foobar }}{{ obj.fooBar }}',
            '1_basic' => '{% if obj.foo %}{{ obj.foo|upper }}{% endif %}',
            '1_layout' => '{% block content %}{% endblock %}',
            '1_child' => "{% extends \"1_layout\" %}\n{% block content %}\n{{ \"a\"|json_encode }}\n{% endblock %}",
            '1_include' => '{{ include("1_basic1", sandboxed=true) }}',
            '1_range_operator' => '{{ (1..2)[0] }}',
        );
    }

testMacrosInASandbox()

Twig_Tests_Extension_SandboxTest::testMacrosInASandbox

(

)

Definition at line 250 of file SandboxTest.php.

References array, EOF, and getEnvironment().

    {
        $twig = $this->getEnvironment(true, array('autoescape' => 'html'), array('index' => <<<EOF
{%- import _self as macros %}

{%- macro test(text) %}<p>{{ text }}</p>{% endmacro %}

{{- macros.test('username') }}
EOF
        ), array('macro', 'import'), array('escape'));

        $this->assertEquals('<p>username</p>', $twig->loadTemplate('index')->render(array()));
    }

Here is the call graph for this function:

testSandboxAllowFilter()

Twig_Tests_Extension_SandboxTest::testSandboxAllowFilter

(

)

Definition at line 183 of file SandboxTest.php.

References $params, array, and getEnvironment().

    {
        $twig = $this->getEnvironment(true, array(), self::$templates, array(), array('upper'));
        $this->assertEquals('FABIEN', $twig->loadTemplate('1_basic2')->render(self::$params), 'Sandbox allow some filters');
    }

Here is the call graph for this function:

testSandboxAllowFunction()

Twig_Tests_Extension_SandboxTest::testSandboxAllowFunction

(

)

Definition at line 201 of file SandboxTest.php.

References $params, array, and getEnvironment().

    {
        $twig = $this->getEnvironment(true, array(), self::$templates, array(), array(), array(), array(), array('cycle'));
        $this->assertEquals('bar', $twig->loadTemplate('1_basic7')->render(self::$params), 'Sandbox allow some functions');
    }

Here is the call graph for this function:

testSandboxAllowFunctionsCaseInsensitive()

Twig_Tests_Extension_SandboxTest::testSandboxAllowFunctionsCaseInsensitive

(

)

Definition at line 213 of file SandboxTest.php.

References FooObject\$called, $name, $params, array, getEnvironment(), and FooObject\reset().

    {
        foreach (array('getfoobar', 'getFoobar', 'getFooBar') as $name) {
            $twig = $this->getEnvironment(true, array(), self::$templates, array(), array(), array('FooObject' => $name));
            FooObject::reset();
            $this->assertEquals('foobarfoobar', $twig->loadTemplate('1_basic8')->render(self::$params), 'Sandbox allow methods in a case-insensitive way');
            $this->assertEquals(2, FooObject::$called['getFooBar'], 'Sandbox only calls method once');

            $this->assertEquals('foobarfoobar', $twig->loadTemplate('1_basic9')->render(self::$params), 'Sandbox allow methods via shortcut names (ie. without get/set)');
        }
    }

Here is the call graph for this function:

testSandboxAllowMethodFoo()

Twig_Tests_Extension_SandboxTest::testSandboxAllowMethodFoo

(

)

Definition at line 159 of file SandboxTest.php.

References FooObject\$called, $params, array, getEnvironment(), and FooObject\reset().

    {
        $twig = $this->getEnvironment(true, array(), self::$templates, array(), array(), array('FooObject' => 'foo'));
        FooObject::reset();
        $this->assertEquals('foo', $twig->loadTemplate('1_basic1')->render(self::$params), 'Sandbox allow some methods');
        $this->assertEquals(1, FooObject::$called['foo'], 'Sandbox only calls method once');
    }

Here is the call graph for this function:

testSandboxAllowMethodToString()

Twig_Tests_Extension_SandboxTest::testSandboxAllowMethodToString

(

)

Definition at line 167 of file SandboxTest.php.

References FooObject\$called, $params, array, getEnvironment(), and FooObject\reset().

    {
        $twig = $this->getEnvironment(true, array(), self::$templates, array(), array(), array('FooObject' => '__toString'));
        FooObject::reset();
        $this->assertEquals('foo', $twig->loadTemplate('1_basic5')->render(self::$params), 'Sandbox allow some methods');
        $this->assertEquals(1, FooObject::$called['__toString'], 'Sandbox only calls method once');
    }

Here is the call graph for this function:

testSandboxAllowMethodToStringDisabled()

Twig_Tests_Extension_SandboxTest::testSandboxAllowMethodToStringDisabled

(

)

Definition at line 175 of file SandboxTest.php.

References FooObject\$called, $params, array, getEnvironment(), and FooObject\reset().

    {
        $twig = $this->getEnvironment(false, array(), self::$templates);
        FooObject::reset();
        $this->assertEquals('foo', $twig->loadTemplate('1_basic5')->render(self::$params), 'Sandbox allows __toString when sandbox disabled');
        $this->assertEquals(1, FooObject::$called['__toString'], 'Sandbox only calls method once');
    }

Here is the call graph for this function:

testSandboxAllowProperty()

Twig_Tests_Extension_SandboxTest::testSandboxAllowProperty

(

)

Definition at line 195 of file SandboxTest.php.

References $params, array, and getEnvironment().

    {
        $twig = $this->getEnvironment(true, array(), self::$templates, array(), array(), array(), array('FooObject' => 'bar'));
        $this->assertEquals('bar', $twig->loadTemplate('1_basic4')->render(self::$params), 'Sandbox allow some properties');
    }

Here is the call graph for this function:

testSandboxAllowRangeOperator()

Twig_Tests_Extension_SandboxTest::testSandboxAllowRangeOperator

(

)

Definition at line 207 of file SandboxTest.php.

References $params, array, and getEnvironment().

    {
        $twig = $this->getEnvironment(true, array(), self::$templates, array(), array(), array(), array(), array('range'));
        $this->assertEquals('1', $twig->loadTemplate('1_range_operator')->render(self::$params), 'Sandbox allow the range operator');
    }

Here is the call graph for this function:

testSandboxAllowTag()

Twig_Tests_Extension_SandboxTest::testSandboxAllowTag

(

)

Definition at line 189 of file SandboxTest.php.

References $params, array, and getEnvironment().

    {
        $twig = $this->getEnvironment(true, array(), self::$templates, array('if'));
        $this->assertEquals('foo', $twig->loadTemplate('1_basic3')->render(self::$params), 'Sandbox allow some tags');
    }

Here is the call graph for this function:

testSandboxDisabledAfterIncludeFunctionError()

Twig_Tests_Extension_SandboxTest::testSandboxDisabledAfterIncludeFunctionError

(

)

Definition at line 264 of file SandboxTest.php.

References $params, array, and getEnvironment().

    {
        $twig = $this->getEnvironment(false, array(), self::$templates);

        $e = null;
        try {
            $twig->loadTemplate('1_include')->render(self::$params);
        } catch (Throwable $e) {
        } catch (Exception $e) {
        }
        if (null === $e) {
            $this->fail('An exception should be thrown for this test to be valid.');
        }

        $this->assertFalse($twig->getExtension('Twig_Extension_Sandbox')->isSandboxed(), 'Sandboxed include() function call should not leave Sandbox enabled when an error occurs.');
    }

Here is the call graph for this function:

testSandboxGloballySet()

Twig_Tests_Extension_SandboxTest::testSandboxGloballySet

(

)

Definition at line 53 of file SandboxTest.php.

References $params, array, and getEnvironment().

    {
        $twig = $this->getEnvironment(false, array(), self::$templates);
        $this->assertEquals('FOO', $twig->loadTemplate('1_basic')->render(self::$params), 'Sandbox does nothing if it is disabled globally');
    }

Here is the call graph for this function:

testSandboxLocallySetForAnInclude()

Twig_Tests_Extension_SandboxTest::testSandboxLocallySetForAnInclude

(

)

Definition at line 225 of file SandboxTest.php.

References $params, array, and getEnvironment().

    {
        self::$templates = array(
            '2_basic' => '{{ obj.foo }}{% include "2_included" %}{{ obj.foo }}',
            '2_included' => '{% if obj.foo %}{{ obj.foo|upper }}{% endif %}',
        );

        $twig = $this->getEnvironment(false, array(), self::$templates);
        $this->assertEquals('fooFOOfoo', $twig->loadTemplate('2_basic')->render(self::$params), 'Sandbox does nothing if disabled globally and sandboxed not used for the include');

        self::$templates = array(
            '3_basic' => '{{ obj.foo }}{% sandbox %}{% include "3_included" %}{% endsandbox %}{{ obj.foo }}',
            '3_included' => '{% if obj.foo %}{{ obj.foo|upper }}{% endif %}',
        );

        $twig = $this->getEnvironment(true, array(), self::$templates);
        try {
            $twig->loadTemplate('3_basic')->render(self::$params);
            $this->fail('Sandbox throws a SecurityError exception when the included file is sandboxed');
        } catch (Twig_Sandbox_SecurityError $e) {
            $this->assertInstanceOf('Twig_Sandbox_SecurityNotAllowedTagError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedTagError');
            $this->assertEquals('sandbox', $e->getTagName());
        }
    }

Here is the call graph for this function:

testSandboxUnallowedFilter()

Twig_Tests_Extension_SandboxTest::testSandboxUnallowedFilter

(

)

Definition at line 72 of file SandboxTest.php.

References $params, array, and getEnvironment().

    {
        $twig = $this->getEnvironment(true, array(), self::$templates);
        try {
            $twig->loadTemplate('1_basic2')->render(self::$params);
            $this->fail('Sandbox throws a SecurityError exception if an unallowed filter is called');
        } catch (Twig_Sandbox_SecurityError $e) {
            $this->assertInstanceOf('Twig_Sandbox_SecurityNotAllowedFilterError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedFilterError');
            $this->assertEquals('upper', $e->getFilterName(), 'Exception should be raised on the "upper" filter');
        }
    }

Here is the call graph for this function:

testSandboxUnallowedFunction()

Twig_Tests_Extension_SandboxTest::testSandboxUnallowedFunction

(

)

Definition at line 135 of file SandboxTest.php.

References $params, array, and getEnvironment().

    {
        $twig = $this->getEnvironment(true, array(), self::$templates);
        try {
            $twig->loadTemplate('1_basic7')->render(self::$params);
            $this->fail('Sandbox throws a SecurityError exception if an unallowed function is called in the template');
        } catch (Twig_Sandbox_SecurityError $e) {
            $this->assertInstanceOf('Twig_Sandbox_SecurityNotAllowedFunctionError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedFunctionError');
            $this->assertEquals('cycle', $e->getFunctionName(), 'Exception should be raised on the "cycle" function');
        }
    }

Here is the call graph for this function:

testSandboxUnallowedMethodAccessor()

Twig_Tests_Extension_SandboxTest::testSandboxUnallowedMethodAccessor

(

)

Definition at line 59 of file SandboxTest.php.

References $params, array, and getEnvironment().

    {
        $twig = $this->getEnvironment(true, array(), self::$templates);
        try {
            $twig->loadTemplate('1_basic1')->render(self::$params);
            $this->fail('Sandbox throws a SecurityError exception if an unallowed method is called');
        } catch (Twig_Sandbox_SecurityError $e) {
            $this->assertInstanceOf('Twig_Sandbox_SecurityNotAllowedMethodError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedMethodError');
            $this->assertEquals('FooObject', $e->getClassName(), 'Exception should be raised on the "FooObject" class');
            $this->assertEquals('foo', $e->getMethodName(), 'Exception should be raised on the "foo" method');
        }
    }

Here is the call graph for this function:

testSandboxUnallowedProperty()

Twig_Tests_Extension_SandboxTest::testSandboxUnallowedProperty

(

)

Definition at line 96 of file SandboxTest.php.

References $params, array, and getEnvironment().

    {
        $twig = $this->getEnvironment(true, array(), self::$templates);
        try {
            $twig->loadTemplate('1_basic4')->render(self::$params);
            $this->fail('Sandbox throws a SecurityError exception if an unallowed property is called in the template');
        } catch (Twig_Sandbox_SecurityError $e) {
            $this->assertInstanceOf('Twig_Sandbox_SecurityNotAllowedPropertyError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedPropertyError');
            $this->assertEquals('FooObject', $e->getClassName(), 'Exception should be raised on the "FooObject" class');
            $this->assertEquals('bar', $e->getPropertyName(), 'Exception should be raised on the "bar" property');
        }
    }

Here is the call graph for this function:

testSandboxUnallowedRangeOperator()

Twig_Tests_Extension_SandboxTest::testSandboxUnallowedRangeOperator

(

)

Definition at line 147 of file SandboxTest.php.

References $params, array, and getEnvironment().

    {
        $twig = $this->getEnvironment(true, array(), self::$templates);
        try {
            $twig->loadTemplate('1_range_operator')->render(self::$params);
            $this->fail('Sandbox throws a SecurityError exception if the unallowed range operator is called');
        } catch (Twig_Sandbox_SecurityError $e) {
            $this->assertInstanceOf('Twig_Sandbox_SecurityNotAllowedFunctionError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedFunctionError');
            $this->assertEquals('range', $e->getFunctionName(), 'Exception should be raised on the "range" function');
        }
    }

Here is the call graph for this function:

testSandboxUnallowedTag()

Twig_Tests_Extension_SandboxTest::testSandboxUnallowedTag

(

)

Definition at line 84 of file SandboxTest.php.

References $params, array, and getEnvironment().

    {
        $twig = $this->getEnvironment(true, array(), self::$templates);
        try {
            $twig->loadTemplate('1_basic3')->render(self::$params);
            $this->fail('Sandbox throws a SecurityError exception if an unallowed tag is used in the template');
        } catch (Twig_Sandbox_SecurityError $e) {
            $this->assertInstanceOf('Twig_Sandbox_SecurityNotAllowedTagError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedTagError');
            $this->assertEquals('if', $e->getTagName(), 'Exception should be raised on the "if" tag');
        }
    }

Here is the call graph for this function:

testSandboxUnallowedToString()

Twig_Tests_Extension_SandboxTest::testSandboxUnallowedToString

(

)

Definition at line 109 of file SandboxTest.php.

References $params, array, and getEnvironment().

    {
        $twig = $this->getEnvironment(true, array(), self::$templates);
        try {
            $twig->loadTemplate('1_basic5')->render(self::$params);
            $this->fail('Sandbox throws a SecurityError exception if an unallowed method (__toString()) is called in the template');
        } catch (Twig_Sandbox_SecurityError $e) {
            $this->assertInstanceOf('Twig_Sandbox_SecurityNotAllowedMethodError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedMethodError');
            $this->assertEquals('FooObject', $e->getClassName(), 'Exception should be raised on the "FooObject" class');
            $this->assertEquals('__tostring', $e->getMethodName(), 'Exception should be raised on the "__toString" method');
        }
    }

Here is the call graph for this function:

testSandboxUnallowedToStringArray()

Twig_Tests_Extension_SandboxTest::testSandboxUnallowedToStringArray

(

)

Definition at line 122 of file SandboxTest.php.

References $params, array, and getEnvironment().

    {
        $twig = $this->getEnvironment(true, array(), self::$templates);
        try {
            $twig->loadTemplate('1_basic6')->render(self::$params);
            $this->fail('Sandbox throws a SecurityError exception if an unallowed method (__toString()) is called in the template');
        } catch (Twig_Sandbox_SecurityError $e) {
            $this->assertInstanceOf('Twig_Sandbox_SecurityNotAllowedMethodError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedMethodError');
            $this->assertEquals('FooObject', $e->getClassName(), 'Exception should be raised on the "FooObject" class');
            $this->assertEquals('__tostring', $e->getMethodName(), 'Exception should be raised on the "__toString" method');
        }
    }

Here is the call graph for this function:

testSandboxWithInheritance()

Twig_Tests_Extension_SandboxTest::testSandboxWithInheritance

(

)

Twig_Sandbox_SecurityError Filter "json_encode" is not allowed in "1_child" at line 3.

Definition at line 47 of file SandboxTest.php.

References array, and getEnvironment().

    {
        $twig = $this->getEnvironment(true, array(), self::$templates, array('block'));
        $twig->loadTemplate('1_child')->render(array());
    }

Here is the call graph for this function:

Field Documentation

$params

Twig_Tests_Extension_SandboxTest::$params

staticprotected

Definition at line 14 of file SandboxTest.php.

$templates

Twig_Tests_Extension_SandboxTest::$templates

staticprotected

Definition at line 15 of file SandboxTest.php.

Referenced by getEnvironment().

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/twig/twig/test/Twig/Tests/Extension/SandboxTest.php