From 40bba0e447d68f7e3478bbeb4bf6c3e52d5ce908 Mon Sep 17 00:00:00 2001 From: Tugdual Saunier Date: Thu, 31 Oct 2013 11:13:00 +0000 Subject: [PATCH] Fixed C extension sandbox behavior --- CHANGELOG | 2 +- ext/twig/twig.c | 7 ++++++- test/Twig/Tests/Extension/SandboxTest.php | 3 +++ 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index a158f27..0cc9805 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,6 @@ * 1.14.3 (2013-XX-XX) - * n/a + * fixed the C extension sandbox behavior when get or set is prepend to method name * 1.14.2 (2013-10-30) diff --git a/ext/twig/twig.c b/ext/twig/twig.c index 2086014..7c62d7e 100644 --- a/ext/twig/twig.c +++ b/ext/twig/twig.c @@ -961,6 +961,7 @@ PHP_FUNCTION(twig_template_get_attributes) char *method = NULL; char *tmp_method_name_get; char *tmp_method_name_is; + zval *zmethod; zval *tmp_methods; lcItem_length = strlen(lcItem); @@ -1023,13 +1024,16 @@ PHP_FUNCTION(twig_template_get_attributes) $this->env->getExtension('sandbox')->checkMethodAllowed($object, $method); } */ + MAKE_STD_ZVAL(zmethod); + ZVAL_STRING(zmethod, method, 1); if (TWIG_CALL_SB(TWIG_PROPERTY_CHAR(template, "env" TSRMLS_CC), "hasExtension", "sandbox" TSRMLS_CC)) { - TWIG_CALL_ZZ(TWIG_CALL_S(TWIG_PROPERTY_CHAR(template, "env" TSRMLS_CC), "getExtension", "sandbox" TSRMLS_CC), "checkMethodAllowed", object, zitem TSRMLS_CC); + TWIG_CALL_ZZ(TWIG_CALL_S(TWIG_PROPERTY_CHAR(template, "env" TSRMLS_CC), "getExtension", "sandbox" TSRMLS_CC), "checkMethodAllowed", object, zmethod TSRMLS_CC); } if (EG(exception)) { efree(tmp_method_name_get); efree(tmp_method_name_is); efree(lcItem); + zval_ptr_dtor(&zmethod); return; } /* @@ -1040,6 +1044,7 @@ PHP_FUNCTION(twig_template_get_attributes) efree(tmp_method_name_get); efree(tmp_method_name_is); efree(lcItem); + zval_ptr_dtor(&zmethod); } /* // useful when calling a template method from a template diff --git a/test/Twig/Tests/Extension/SandboxTest.php b/test/Twig/Tests/Extension/SandboxTest.php index 72253c8..e4746cb 100644 --- a/test/Twig/Tests/Extension/SandboxTest.php +++ b/test/Twig/Tests/Extension/SandboxTest.php @@ -30,6 +30,7 @@ class Twig_Tests_Extension_SandboxTest extends PHPUnit_Framework_TestCase '1_basic6' => '{{ arr.obj }}', '1_basic7' => '{{ cycle(["foo","bar"], 1) }}', '1_basic8' => '{{ obj.getfoobar }}{{ obj.getFooBar }}', + '1_basic9' => '{{ obj.foobar }}{{ obj.fooBar }}', '1_basic' => '{% if obj.foo %}{{ obj.foo|upper }}{% endif %}', '1_layout' => '{% block content %}{% endblock %}', '1_child' => '{% extends "1_layout" %}{% block content %}{{ "a"|json_encode }}{% endblock %}', @@ -127,6 +128,8 @@ class Twig_Tests_Extension_SandboxTest extends PHPUnit_Framework_TestCase FooObject::reset(); $this->assertEquals('foobarfoobar', $twig->loadTemplate('1_basic8')->render(self::$params), 'Sandbox allow methods in a case-insensitive way'); $this->assertEquals(2, FooObject::$called['getFooBar'], 'Sandbox only calls method once'); + + $this->assertEquals('foobarfoobar', $twig->loadTemplate('1_basic9')->render(self::$params), 'Sandbox allow methods via shortcut names (ie. without get/set)'); } } -- 1.7.2.5