mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-21 09:35:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow access of twig sandbox to a few more extensions and functions

Browse source
This commit is contained in:
Jan Böhmer 2024-03-06 20:21:07 +01:00
parent 1da3225e1d
commit 757201cafa
2 changed files with 32 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

32
src/Services/LabelSystem/SandboxedTwigFactory.php
View file

@ -60,8 +60,11 @@ use App\Entity\PriceInformations\Currency;
use App\Entity\PriceInformations\Orderdetail; use App\Entity\PriceInformations\Orderdetail;
use App\Entity\PriceInformations\Pricedetail; use App\Entity\PriceInformations\Pricedetail;
use App\Entity\UserSystem\User; use App\Entity\UserSystem\User;
use App\Twig\BarcodeExtension;
use App\Twig\EntityExtension;
use App\Twig\FormatExtension; use App\Twig\FormatExtension;
use App\Twig\Sandbox\InheritanceSecurityPolicy; use App\Twig\Sandbox\InheritanceSecurityPolicy;
use App\Twig\TwigCoreExtension;
use InvalidArgumentException; use InvalidArgumentException;
use Twig\Environment; use Twig\Environment;
use Twig\Extension\SandboxExtension; use Twig\Extension\SandboxExtension;
@ -73,7 +76,7 @@ use Twig\Sandbox\SecurityPolicyInterface;
/** /**
* This service creates a sandboxed twig environment for the label system. * This service creates a sandboxed twig environment for the label system.
* @see \App\Tests\Services\LabelSystem\SandboxedTwigProviderTest * @see \App\Tests\Services\LabelSystem\SandboxedTwigFactoryTest
*/ */
final class SandboxedTwigFactory final class SandboxedTwigFactory
{ {
@ -84,15 +87,24 @@ final class SandboxedTwigFactory
'language_name', 'last', 'length', 'locale_name', 'lower', 'map', 'markdown_to_html', 'merge', 'nl2br', 'raw', 'number_format', 'language_name', 'last', 'length', 'locale_name', 'lower', 'map', 'markdown_to_html', 'merge', 'nl2br', 'raw', 'number_format',
'reduce', 'replace', 'reverse', 'round', 'slice', 'slug', 'sort', 'spaceless', 'split', 'striptags', 'timezone_name', 'title', 'reduce', 'replace', 'reverse', 'round', 'slice', 'slug', 'sort', 'spaceless', 'split', 'striptags', 'timezone_name', 'title',
'trim', 'u', 'upper', 'url_encode', 'trim', 'u', 'upper', 'url_encode',
//Part-DB specific filters: //Part-DB specific filters:
'moneyFormat', 'siFormat', 'amountFormat',
//FormatExtension:
'format_money', 'format_si', 'format_amount', 'format_bytes',
]; ];
private const ALLOWED_FUNCTIONS = ['country_names', 'country_timezones', 'currency_names', 'cycle', private const ALLOWED_FUNCTIONS = ['country_names', 'country_timezones', 'currency_names', 'cycle',
'date', 'html_classes', 'language_names', 'locale_names', 'max', 'min', 'random', 'range', 'script_names', 'date', 'html_classes', 'language_names', 'locale_names', 'max', 'min', 'random', 'range', 'script_names',
'template_from_string', 'timezone_names']; 'template_from_string', 'timezone_names',
//Part-DB specific extensions:
//EntityExtension:
'entity_type', 'entity_url',
//BarcodeExtension:
'barcode_svg',
];
private const ALLOWED_METHODS = [ private const ALLOWED_METHODS = [
NamedElementInterface::class => ['getName'], NamedElementInterface::class => ['getName'],
@ -126,7 +138,12 @@ final class SandboxedTwigFactory
]; ];
private const ALLOWED_PROPERTIES = []; private const ALLOWED_PROPERTIES = [];
public function __construct(private readonly FormatExtension $appExtension) public function __construct(
private readonly FormatExtension $formatExtension,
private readonly BarcodeExtension $barcodeExtension,
private readonly EntityExtension $entityExtension,
private readonly TwigCoreExtension $twigCoreExtension,
)
{ {
} }
@ -151,7 +168,10 @@ final class SandboxedTwigFactory
$twig->addExtension(new StringExtension()); $twig->addExtension(new StringExtension());
//Add Part-DB specific extension //Add Part-DB specific extension
$twig->addExtension($this->appExtension); $twig->addExtension($this->formatExtension);
$twig->addExtension($this->barcodeExtension);
$twig->addExtension($this->entityExtension);
$twig->addExtension($this->twigCoreExtension);
return $twig; return $twig;
} }

9
tests/Services/LabelSystem/SandboxedTwigFactoryTest.php
View file

@ -53,7 +53,7 @@ use Twig\Sandbox\SecurityError;
class SandboxedTwigFactoryTest extends WebTestCase class SandboxedTwigFactoryTest extends WebTestCase
{ {
private ?object $service = null; private ?SandboxedTwigFactory $service = null;
protected function setUp(): void protected function setUp(): void
{ {
@ -86,6 +86,9 @@ class SandboxedTwigFactoryTest extends WebTestCase
[' ['
{{ part.reviewNeeded }} {{ part.tags }} {{ part.mass }} {{ part.reviewNeeded }} {{ part.tags }} {{ part.mass }}
'], '],
['
{{ entity_type(part) is object }}
']
]; ];
} }
@ -110,7 +113,7 @@ class SandboxedTwigFactoryTest extends WebTestCase
$options->setLines($twig); $options->setLines($twig);
$options->setProcessMode(LabelProcessMode::TWIG); $options->setProcessMode(LabelProcessMode::TWIG);
$twig = $this->service->getTwig($options); $twig = $this->service->createTwig($options);
$str = $twig->render('lines', [ $str = $twig->render('lines', [
'part' => new Part(), 'part' => new Part(),
'lot' => new PartLot(), 'lot' => new PartLot(),
@ -132,7 +135,7 @@ class SandboxedTwigFactoryTest extends WebTestCase
$options->setLines($twig); $options->setLines($twig);
$options->setProcessMode(LabelProcessMode::TWIG); $options->setProcessMode(LabelProcessMode::TWIG);
$twig = $this->service->getTwig($options); $twig = $this->service->createTwig($options);
$str = $twig->render('lines', [ $str = $twig->render('lines', [
'part' => new Part(), 'part' => new Part(),
'lot' => new PartLot(), 'lot' => new PartLot(),