From: Fabien Potencier Date: Thu, 2 Dec 2010 07:52:42 +0000 (+0100) Subject: fixed sandbox extension when used with auto output escaping X-Git-Url: http://git.silmor.de/gitweb/?a=commitdiff_plain;h=c7dacdd6a08aa782544b53db966acf93d0215970;p=web%2Fkonrad%2Ftwig.git fixed sandbox extension when used with auto output escaping --- diff --git a/lib/Twig/Node/SandboxedPrint.php b/lib/Twig/Node/SandboxedPrint.php index 877838e..c24cee4 100644 --- a/lib/Twig/Node/SandboxedPrint.php +++ b/lib/Twig/Node/SandboxedPrint.php @@ -36,11 +36,10 @@ class Twig_Node_SandboxedPrint extends Twig_Node_Print { $compiler ->addDebugInfo($this) - ->write('$_tmp = ') - ->subcompile($this->getNode('expr')) - ->raw(";\n") ->write('if (is_object(') - ->raw('$_tmp)) {'."\n") + ->raw('$_tmp = ') + ->subcompile($this->removeNodeFilter($this->getNode('expr'))) + ->raw(')) {'."\n") ->indent() ->write('$this->env->getExtension(\'sandbox\')->checkMethodAllowed(') ->raw('$_tmp, \'__toString\');'."\n") @@ -50,4 +49,20 @@ class Twig_Node_SandboxedPrint extends Twig_Node_Print parent::compile($compiler); } + + /** + * Removes node filters. + * + * This is mostly needed when another visitor adds filters (like the escaper one). + * + * @param Twig_Node $node A Node + */ + protected function removeNodeFilter($node) + { + if ($node instanceof Twig_Node_Expression_Filter) { + return $this->removeNodeFilter($node->getNode('node')); + } + + return $node; + } }