Matthias Andreas Benkard | 12a5735 | 2021-12-28 18:02:04 +0100 | [diff] [blame^] | 1 | <?php |
| 2 | |
| 3 | /* |
| 4 | * This file is part of Twig. |
| 5 | * |
| 6 | * (c) Fabien Potencier |
| 7 | * |
| 8 | * For the full copyright and license information, please view the LICENSE |
| 9 | * file that was distributed with this source code. |
| 10 | */ |
| 11 | |
| 12 | namespace Twig\Node; |
| 13 | |
| 14 | use Twig\Compiler; |
| 15 | use Twig\Node\Expression\AbstractExpression; |
| 16 | |
| 17 | /** |
| 18 | * Checks if casting an expression to __toString() is allowed by the sandbox. |
| 19 | * |
| 20 | * For instance, when there is a simple Print statement, like {{ article }}, |
| 21 | * and if the sandbox is enabled, we need to check that the __toString() |
| 22 | * method is allowed if 'article' is an object. The same goes for {{ article|upper }} |
| 23 | * or {{ random(article) }} |
| 24 | * |
| 25 | * @author Fabien Potencier <fabien@symfony.com> |
| 26 | */ |
| 27 | class CheckToStringNode extends AbstractExpression |
| 28 | { |
| 29 | public function __construct(AbstractExpression $expr) |
| 30 | { |
| 31 | parent::__construct(['expr' => $expr], [], $expr->getTemplateLine(), $expr->getNodeTag()); |
| 32 | } |
| 33 | |
| 34 | public function compile(Compiler $compiler): void |
| 35 | { |
| 36 | $expr = $this->getNode('expr'); |
| 37 | $compiler |
| 38 | ->raw('$this->sandbox->ensureToStringAllowed(') |
| 39 | ->subcompile($expr) |
| 40 | ->raw(', ') |
| 41 | ->repr($expr->getTemplateLine()) |
| 42 | ->raw(', $this->source)') |
| 43 | ; |
| 44 | } |
| 45 | } |