A super easy PHP Framework for web development!
https://github.com/exacti/phacil-framework
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
153 lines
4.9 KiB
153 lines
4.9 KiB
6 years ago
|
<?php
|
||
|
|
||
|
/*
|
||
|
* This file is part of Twig.
|
||
|
*
|
||
|
* (c) Fabien Potencier
|
||
|
*
|
||
|
* For the full copyright and license information, please view the LICENSE
|
||
|
* file that was distributed with this source code.
|
||
|
*/
|
||
|
|
||
|
/**
|
||
|
* Twig_NodeVisitor_Escaper implements output escaping.
|
||
|
*
|
||
|
* @author Fabien Potencier <fabien@symfony.com>
|
||
|
*/
|
||
|
final class Twig_NodeVisitor_Escaper extends Twig_BaseNodeVisitor
|
||
|
{
|
||
|
private $statusStack = array();
|
||
|
private $blocks = array();
|
||
|
private $safeAnalysis;
|
||
|
private $traverser;
|
||
|
private $defaultStrategy = false;
|
||
|
private $safeVars = array();
|
||
|
|
||
|
public function __construct()
|
||
|
{
|
||
|
$this->safeAnalysis = new Twig_NodeVisitor_SafeAnalysis();
|
||
|
}
|
||
|
|
||
|
protected function doEnterNode(Twig_Node $node, Twig_Environment $env)
|
||
|
{
|
||
|
if ($node instanceof Twig_Node_Module) {
|
||
|
if ($env->hasExtension('Twig_Extension_Escaper') && $defaultStrategy = $env->getExtension('Twig_Extension_Escaper')->getDefaultStrategy($node->getTemplateName())) {
|
||
|
$this->defaultStrategy = $defaultStrategy;
|
||
|
}
|
||
|
$this->safeVars = array();
|
||
|
$this->blocks = array();
|
||
|
} elseif ($node instanceof Twig_Node_AutoEscape) {
|
||
|
$this->statusStack[] = $node->getAttribute('value');
|
||
|
} elseif ($node instanceof Twig_Node_Block) {
|
||
|
$this->statusStack[] = isset($this->blocks[$node->getAttribute('name')]) ? $this->blocks[$node->getAttribute('name')] : $this->needEscaping($env);
|
||
|
} elseif ($node instanceof Twig_Node_Import) {
|
||
|
$this->safeVars[] = $node->getNode('var')->getAttribute('name');
|
||
|
}
|
||
|
|
||
|
return $node;
|
||
|
}
|
||
|
|
||
|
protected function doLeaveNode(Twig_Node $node, Twig_Environment $env)
|
||
|
{
|
||
|
if ($node instanceof Twig_Node_Module) {
|
||
|
$this->defaultStrategy = false;
|
||
|
$this->safeVars = array();
|
||
|
$this->blocks = array();
|
||
|
} elseif ($node instanceof Twig_Node_Expression_Filter) {
|
||
|
return $this->preEscapeFilterNode($node, $env);
|
||
|
} elseif ($node instanceof Twig_Node_Print) {
|
||
|
return $this->escapePrintNode($node, $env, $this->needEscaping($env));
|
||
|
}
|
||
|
|
||
|
if ($node instanceof Twig_Node_AutoEscape || $node instanceof Twig_Node_Block) {
|
||
|
array_pop($this->statusStack);
|
||
|
} elseif ($node instanceof Twig_Node_BlockReference) {
|
||
|
$this->blocks[$node->getAttribute('name')] = $this->needEscaping($env);
|
||
|
}
|
||
|
|
||
|
return $node;
|
||
|
}
|
||
|
|
||
|
private function escapePrintNode(Twig_Node_Print $node, Twig_Environment $env, $type)
|
||
|
{
|
||
|
if (false === $type) {
|
||
|
return $node;
|
||
|
}
|
||
|
|
||
|
$expression = $node->getNode('expr');
|
||
|
|
||
|
if ($this->isSafeFor($type, $expression, $env)) {
|
||
|
return $node;
|
||
|
}
|
||
|
|
||
|
$class = get_class($node);
|
||
|
|
||
|
return new $class(
|
||
|
$this->getEscaperFilter($type, $expression),
|
||
|
$node->getTemplateLine()
|
||
|
);
|
||
|
}
|
||
|
|
||
|
private function preEscapeFilterNode(Twig_Node_Expression_Filter $filter, Twig_Environment $env)
|
||
|
{
|
||
|
$name = $filter->getNode('filter')->getAttribute('value');
|
||
|
|
||
|
$type = $env->getFilter($name)->getPreEscape();
|
||
|
if (null === $type) {
|
||
|
return $filter;
|
||
|
}
|
||
|
|
||
|
$node = $filter->getNode('node');
|
||
|
if ($this->isSafeFor($type, $node, $env)) {
|
||
|
return $filter;
|
||
|
}
|
||
|
|
||
|
$filter->setNode('node', $this->getEscaperFilter($type, $node));
|
||
|
|
||
|
return $filter;
|
||
|
}
|
||
|
|
||
|
private function isSafeFor($type, Twig_Node $expression, $env)
|
||
|
{
|
||
|
$safe = $this->safeAnalysis->getSafe($expression);
|
||
|
|
||
|
if (null === $safe) {
|
||
|
if (null === $this->traverser) {
|
||
|
$this->traverser = new Twig_NodeTraverser($env, array($this->safeAnalysis));
|
||
|
}
|
||
|
|
||
|
$this->safeAnalysis->setSafeVars($this->safeVars);
|
||
|
|
||
|
$this->traverser->traverse($expression);
|
||
|
$safe = $this->safeAnalysis->getSafe($expression);
|
||
|
}
|
||
|
|
||
|
return in_array($type, $safe) || in_array('all', $safe);
|
||
|
}
|
||
|
|
||
|
private function needEscaping(Twig_Environment $env)
|
||
|
{
|
||
|
if (count($this->statusStack)) {
|
||
|
return $this->statusStack[count($this->statusStack) - 1];
|
||
|
}
|
||
|
|
||
|
return $this->defaultStrategy ? $this->defaultStrategy : false;
|
||
|
}
|
||
|
|
||
|
private function getEscaperFilter($type, Twig_Node $node)
|
||
|
{
|
||
|
$line = $node->getTemplateLine();
|
||
|
$name = new Twig_Node_Expression_Constant('escape', $line);
|
||
|
$args = new Twig_Node(array(new Twig_Node_Expression_Constant((string) $type, $line), new Twig_Node_Expression_Constant(null, $line), new Twig_Node_Expression_Constant(true, $line)));
|
||
|
|
||
|
return new Twig_Node_Expression_Filter($node, $name, $args, $line);
|
||
|
}
|
||
|
|
||
|
public function getPriority()
|
||
|
{
|
||
|
return 0;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
class_alias('Twig_NodeVisitor_Escaper', 'Twig\NodeVisitor\EscaperNodeVisitor', false);
|