Fixed C extension sandbox behavior

diff --git a/CHANGELOG b/CHANGELOG
index a158f27..0cc9805 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,6 @@
 * 1.14.3 (2013-XX-XX)
 
- * n/a
+ * fixed the C extension sandbox behavior when get or set is prepend to method name
 
 * 1.14.2 (2013-10-30)
 

diff --git a/ext/twig/twig.c b/ext/twig/twig.c
index 2086014..7c62d7e 100644 (file)
--- a/ext/twig/twig.c
+++ b/ext/twig/twig.c
@@ -961,6 +961,7 @@ PHP_FUNCTION(twig_template_get_attributes)
                char *method = NULL;
                char *tmp_method_name_get;
                char *tmp_method_name_is;
+               zval *zmethod;
                zval *tmp_methods;
 
                lcItem_length = strlen(lcItem);
@@ -1023,13 +1024,16 @@ PHP_FUNCTION(twig_template_get_attributes)
                $this->env->getExtension('sandbox')->checkMethodAllowed($object, $method);
        }
 */
+               MAKE_STD_ZVAL(zmethod);
+               ZVAL_STRING(zmethod, method, 1);
                if (TWIG_CALL_SB(TWIG_PROPERTY_CHAR(template, "env" TSRMLS_CC), "hasExtension", "sandbox" TSRMLS_CC)) {
-                       TWIG_CALL_ZZ(TWIG_CALL_S(TWIG_PROPERTY_CHAR(template, "env" TSRMLS_CC), "getExtension", "sandbox" TSRMLS_CC), "checkMethodAllowed", object, zitem TSRMLS_CC);
+                       TWIG_CALL_ZZ(TWIG_CALL_S(TWIG_PROPERTY_CHAR(template, "env" TSRMLS_CC), "getExtension", "sandbox" TSRMLS_CC), "checkMethodAllowed", object, zmethod TSRMLS_CC);
                }
                if (EG(exception)) {
                        efree(tmp_method_name_get);
                        efree(tmp_method_name_is);
                        efree(lcItem);
+                       zval_ptr_dtor(&zmethod);
                        return;
                }
 /*
@@ -1040,6 +1044,7 @@ PHP_FUNCTION(twig_template_get_attributes)
                efree(tmp_method_name_get);
                efree(tmp_method_name_is);
                efree(lcItem);
+               zval_ptr_dtor(&zmethod);
        }
 /*
        // useful when calling a template method from a template

diff --git a/test/Twig/Tests/Extension/SandboxTest.php b/test/Twig/Tests/Extension/SandboxTest.php
index 72253c8..e4746cb 100644 (file)
--- a/test/Twig/Tests/Extension/SandboxTest.php
+++ b/test/Twig/Tests/Extension/SandboxTest.php
@@ -30,6 +30,7 @@ class Twig_Tests_Extension_SandboxTest extends PHPUnit_Framework_TestCase
             '1_basic6' => '{{ arr.obj }}',
             '1_basic7' => '{{ cycle(["foo","bar"], 1) }}',
             '1_basic8' => '{{ obj.getfoobar }}{{ obj.getFooBar }}',
+            '1_basic9' => '{{ obj.foobar }}{{ obj.fooBar }}',
             '1_basic'  => '{% if obj.foo %}{{ obj.foo|upper }}{% endif %}',
             '1_layout' => '{% block content %}{% endblock %}',
             '1_child'  => '{% extends "1_layout" %}{% block content %}{{ "a"|json_encode }}{% endblock %}',
@@ -127,6 +128,8 @@ class Twig_Tests_Extension_SandboxTest extends PHPUnit_Framework_TestCase
             FooObject::reset();
             $this->assertEquals('foobarfoobar', $twig->loadTemplate('1_basic8')->render(self::$params), 'Sandbox allow methods in a case-insensitive way');
             $this->assertEquals(2, FooObject::$called['getFooBar'], 'Sandbox only calls method once');
+
+            $this->assertEquals('foobarfoobar', $twig->loadTemplate('1_basic9')->render(self::$params), 'Sandbox allow methods via shortcut names (ie. without get/set)');
         }
     }