From: Fabien Potencier Date: Thu, 14 Jun 2012 15:00:28 +0000 (+0200) Subject: fixed escaping when a project defines a function named html or js (closes #724) X-Git-Url: http://git.silmor.de/gitweb/?a=commitdiff_plain;h=0d5dbedef51a23b0ef4384c0f9fc58c7cc48cc2a;p=web%2Fkonrad%2Ftwig.git fixed escaping when a project defines a function named html or js (closes #724) --- diff --git a/CHANGELOG b/CHANGELOG index 83d512d..dbd1c96 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,6 @@ * 1.8.3 (2012-XX-XX) + * fixed escaping when a project defines a function named html or js * fixed chmod mode to apply the umask correctly * 1.8.2 (2012-05-30) diff --git a/doc/api.rst b/doc/api.rst index 96bb6ed..a462066 100644 --- a/doc/api.rst +++ b/doc/api.rst @@ -98,7 +98,8 @@ The following options are available: for all templates (default to ``true``). As of Twig 1.8, you can set the escaping strategy to use (``html``, ``js``, ``false`` to disable, or a PHP callback that takes the template "filename" and must return the escaping - strategy to use). + strategy to use -- the callback cannot be a function name to avoid collision + with built-in escaping strategies). * ``optimizations``: A flag that indicates which optimizations to apply (default to ``-1`` -- all optimizations are enabled; set it to ``0`` to diff --git a/lib/Twig/Extension/Escaper.php b/lib/Twig/Extension/Escaper.php index b0aa8b1..c02c3a8 100644 --- a/lib/Twig/Extension/Escaper.php +++ b/lib/Twig/Extension/Escaper.php @@ -76,7 +76,9 @@ class Twig_Extension_Escaper extends Twig_Extension */ public function getDefaultStrategy($filename) { - if (is_callable($this->defaultStrategy)) { + // disable string callables to avoid calling a function named html or js, + // or any other upcoming escaping strategy + if (!is_string($this->defaultStrategy) && is_callable($this->defaultStrategy)) { return call_user_func($this->defaultStrategy, $filename); } diff --git a/test/Twig/Tests/integrationTest.php b/test/Twig/Tests/integrationTest.php index 18aba2a..b905b56 100644 --- a/test/Twig/Tests/integrationTest.php +++ b/test/Twig/Tests/integrationTest.php @@ -9,6 +9,13 @@ * file that was distributed with this source code. */ +// This function is defined to check that escaping strategies +// like html works even if a function with the same name is defined. +function html() +{ + return 'foo'; +} + class Twig_Tests_IntegrationTest extends PHPUnit_Framework_TestCase { public function getTests()