Merge remote-tracking branch 'github-phpbb/develop' into ticket/11700

* github-phpbb/develop: (586 commits) [ticket/11735] Display disabled checkbox in subsilver for read notifications [ticket/11735] Display disabled checkbox when notification is already read [ticket/11844] update acp/authentication language var [ticket/11795] Remove PM popup [ticket/11795] Remove outdated comment from forum_fn.js [ticket/11795] Move find user JS to forum_fn [ticket/11795] Replace TWIG with phpBB syntax in ACP [ticket/11795] Move MSN scripts to forum_fn.js [ticket/11795] Use phpBB template syntax instead of TWIG [ticket/11795] Move PM popup JS to forum_fn.js [ticket/11795] Get rid of pagination JS variables [ticket/11795] Get rid of onload_functions [ticket/11795] Use data-reset-on-edit attr to reset elements [ticket/11795] Redo form elements auto-focus [ticket/11811] Remove outline on :focus [ticket/11836] Fix subsilver fatal error [ticket/11837] Replace escaped single quote with utf-8 single quote [ticket/11836] Fix fatal error on unsupported provider for auth link [ticket/11837] Translate UCP_AUTH_LINK_NOT_SUPPORTED [ticket/11809] Ensure code.js is first script included after jQuery ... Conflicts: phpBB/config/services.yml phpBB/develop/create_schema_files.php phpBB/develop/mysql_upgrader.php phpBB/download/file.php phpBB/includes/bbcode.php phpBB/includes/functions_container.php phpBB/install/database_update.php phpBB/install/index.php phpBB/phpbb/controller/helper.php phpBB/phpbb/controller/resolver.php phpBB/phpbb/request/request_interface.php phpBB/phpbb/session.php phpBB/phpbb/style/extension_path_provider.php phpBB/phpbb/style/path_provider.php phpBB/phpbb/style/path_provider_interface.php phpBB/phpbb/style/resource_locator.php phpBB/phpbb/style/style.php phpBB/phpbb/template/locator.php phpBB/phpbb/template/template.php phpBB/phpbb/template/twig/node/includeasset.php phpBB/phpbb/template/twig/node/includecss.php phpBB/phpbb/template/twig/node/includejs.php phpBB/phpbb/template/twig/twig.php tests/controller/helper_url_test.php tests/di/create_container_test.php tests/extension/style_path_provider_test.php tests/notification/notification_test.php tests/session/continue_test.php tests/session/creation_test.php tests/template/template_events_test.php tests/template/template_test_case.php tests/template/template_test_case_with_tree.php tests/test_framework/phpbb_functional_test_case.php
author: Nils Adermann <naderman@naderman.de> 2013-09-16 01:24:05 +0200
committer: Nils Adermann <naderman@naderman.de> 2013-09-16 01:24:05 +0200
commit: 21bbb5850349326464204bdb1bea7ecf5a88c10a (patch)
tree: c2e2ce66583cf94367301fab73e308c9dd8eddb9 /phpBB/phpbb/template/twig/loader.php
parent: bb395bbc50df53bf2e005d95d45f34c7c8934ff0 (diff)
parent: ae6f37d559a71fb115cdb954452ebab5fb8fc69f (diff)
download: forums-21bbb5850349326464204bdb1bea7ecf5a88c10a.tar
forums-21bbb5850349326464204bdb1bea7ecf5a88c10a.tar.gz
forums-21bbb5850349326464204bdb1bea7ecf5a88c10a.tar.bz2
forums-21bbb5850349326464204bdb1bea7ecf5a88c10a.tar.xz
forums-21bbb5850349326464204bdb1bea7ecf5a88c10a.zip
1 files changed, 150 insertions, 0 deletions
diff --git a/phpBB/phpbb/template/twig/loader.php b/phpBB/phpbb/template/twig/loader.php
new file mode 100644
index 0000000000..0829e519f7
--- /dev/null
+++ b/phpBB/phpbb/template/twig/loader.php
@@ -0,0 +1,150 @@
+<?php
+/**
+*
+* @package phpBB3
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+/**
+* @ignore
+*/
+if (!defined('IN_PHPBB'))
+{
+	exit;
+}
+
+/**
+* Twig Template loader
+* @package phpBB3
+*/
+class phpbb_template_twig_loader extends Twig_Loader_Filesystem
+{
+	protected $safe_directories = array();
+
+	/**
+	* Set safe directories
+	*
+	* @param array $directories Array of directories that are safe (empty to clear)
+	* @return Twig_Loader_Filesystem
+	*/
+	public function setSafeDirectories($directories = array())
+	{
+		$this->safe_directories = array();
+
+		if (!empty($directories))
+		{
+			foreach ($directories as $directory)
+			{
+				$this->addSafeDirectory($directory);
+			}
+		}
+
+		return $this;
+	}
+
+	/**
+	* Add safe directory
+	*
+	* @param string $directory Directory that should be added
+	* @return Twig_Loader_Filesystem
+	*/
+	public function addSafeDirectory($directory)
+	{
+		$directory = phpbb_realpath($directory);
+
+		if ($directory !== false)
+		{
+			$this->safe_directories[] = $directory;
+		}
+
+		return $this;
+	}
+
+	/**
+	* Get current safe directories
+	*
+	* @return array
+	*/
+	public function getSafeDirectories()
+	{
+		return $this->safe_directories;
+	}
+
+	/**
+	* Override for parent::validateName()
+	*
+	* This is done because we added support for safe directories, and when Twig
+	*	findTemplate() is called, validateName() is called first, which would
+	*	always throw an exception if the file is outside of the configured
+	*	template directories.
+	*/
+	protected function validateName($name)
+	{
+		return;
+	}
+
+	/**
+	* Find the template
+	*
+	* Override for Twig_Loader_Filesystem::findTemplate to add support
+	*	for loading from safe directories.
+	*/
+	protected function findTemplate($name)
+	{
+		$name = (string) $name;
+
+		// normalize name
+		$name = preg_replace('#/{2,}#', '/', strtr($name, '\\', '/'));
+
+		// If this is in the cache we can skip the entire process below
+		//	as it should have already been validated
+		if (isset($this->cache[$name])) {
+			return $this->cache[$name];
+		}
+
+		// First, find the template name. The override above of validateName
+		//	causes the validateName process to be skipped for this call
+		$file = parent::findTemplate($name);
+
+		try
+		{
+			// Try validating the name (which may throw an exception)
+			parent::validateName($name);
+		}
+		catch (Twig_Error_Loader $e)
+		{
+			if (strpos($e->getRawMessage(), 'Looks like you try to load a template outside configured directories') === 0)
+			{
+				// Ok, so outside of the configured template directories, we
+				//	can now check if we're within a "safe" directory
+
+				// Find the real path of the directory the file is in
+				$directory = phpbb_realpath(dirname($file));
+
+				if ($directory === false)
+				{
+					// Some sort of error finding the actual path, must throw the exception
+					throw $e;
+				}
+
+				foreach ($this->safe_directories as $safe_directory)
+				{
+					if (strpos($directory, $safe_directory) === 0)
+					{
+						// The directory being loaded is below a directory
+						// that is "safe". We're good to load it!
+						return $file;
+					}
+				}
+			}
+
+			// Not within any safe directories
+			throw $e;
+		}
+
+		// No exception from validateName, safe to load.
+		return $file;
+	}
+}
author	Nils Adermann <naderman@naderman.de>	2013-09-16 01:24:05 +0200
committer	Nils Adermann <naderman@naderman.de>	2013-09-16 01:24:05 +0200
commit	21bbb5850349326464204bdb1bea7ecf5a88c10a (patch)
tree	c2e2ce66583cf94367301fab73e308c9dd8eddb9 /phpBB/phpbb/template/twig/loader.php
parent	bb395bbc50df53bf2e005d95d45f34c7c8934ff0 (diff)
parent	ae6f37d559a71fb115cdb954452ebab5fb8fc69f (diff)
download	forums-21bbb5850349326464204bdb1bea7ecf5a88c10a.tar forums-21bbb5850349326464204bdb1bea7ecf5a88c10a.tar.gz forums-21bbb5850349326464204bdb1bea7ecf5a88c10a.tar.bz2 forums-21bbb5850349326464204bdb1bea7ecf5a88c10a.tar.xz forums-21bbb5850349326464204bdb1bea7ecf5a88c10a.zip