diff --git a/composer.json b/composer.json index 697b1d7b..3d760da4 100644 --- a/composer.json +++ b/composer.json @@ -84,11 +84,12 @@ "symfony/yaml": "6.4.*", "tecnickcom/tc-lib-barcode": "^2.1.4", "twig/cssinliner-extra": "^3.0", - "twig/extra-bundle": "^3.0", - "twig/html-extra": "^3.0", + "twig/extra-bundle": "^3.8", + "twig/html-extra": "^3.8", "twig/inky-extra": "^3.0", - "twig/intl-extra": "^3.0", - "twig/markdown-extra": "^3.0", + "twig/intl-extra": "^3.8", + "twig/markdown-extra": "^3.8", + "twig/string-extra": "^3.8", "web-auth/webauthn-symfony-bundle": "^4.0.0", "webmozart/assert": "^1.4" }, diff --git a/composer.lock b/composer.lock index 9829f95b..cf6a6fa9 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "d262b7af88fd38fff57c486ce7f61cbe", + "content-hash": "c92c91e2ea0afe0c366c423a217bd0cb", "packages": [ { "name": "api-platform/core", @@ -13801,6 +13801,73 @@ ], "time": "2023-11-21T14:02:01+00:00" }, + { + "name": "twig/string-extra", + "version": "v3.8.0", + "source": { + "type": "git", + "url": "https://github.com/twigphp/string-extra.git", + "reference": "b0c9037d96baff79abe368dc092a59b726517548" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/twigphp/string-extra/zipball/b0c9037d96baff79abe368dc092a59b726517548", + "reference": "b0c9037d96baff79abe368dc092a59b726517548", + "shasum": "" + }, + "require": { + "php": ">=7.2.5", + "symfony/string": "^5.4|^6.0|^7.0", + "symfony/translation-contracts": "^1.1|^2|^3", + "twig/twig": "^3.0" + }, + "require-dev": { + "symfony/phpunit-bridge": "^6.4|^7.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "Twig\\Extra\\String\\": "" + }, + "exclude-from-classmap": [ + "/Tests/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Fabien Potencier", + "email": "fabien@symfony.com", + "homepage": "http://fabien.potencier.org", + "role": "Lead Developer" + } + ], + "description": "A Twig extension for Symfony String", + "homepage": "https://twig.symfony.com", + "keywords": [ + "html", + "string", + "twig", + "unicode" + ], + "support": { + "source": "https://github.com/twigphp/string-extra/tree/v3.8.0" + }, + "funding": [ + { + "url": "https://github.com/fabpot", + "type": "github" + }, + { + "url": "https://tidelift.com/funding/github/packagist/twig/twig", + "type": "tidelift" + } + ], + "time": "2023-11-21T14:02:01+00:00" + }, { "name": "twig/twig", "version": "v3.8.0", diff --git a/src/Services/LabelSystem/SandboxedTwigProvider.php b/src/Services/LabelSystem/SandboxedTwigProvider.php index a6a54118..bf152150 100644 --- a/src/Services/LabelSystem/SandboxedTwigProvider.php +++ b/src/Services/LabelSystem/SandboxedTwigProvider.php @@ -66,6 +66,8 @@ use InvalidArgumentException; use Twig\Environment; use Twig\Extension\SandboxExtension; use Twig\Extra\Intl\IntlExtension; +use Twig\Extra\Markdown\MarkdownExtension; +use Twig\Extra\String\StringExtension; use Twig\Loader\ArrayLoader; use Twig\Sandbox\SecurityPolicyInterface; @@ -76,15 +78,20 @@ final class SandboxedTwigProvider { private const ALLOWED_TAGS = ['apply', 'autoescape', 'do', 'for', 'if', 'set', 'verbatim', 'with']; private const ALLOWED_FILTERS = ['abs', 'batch', 'capitalize', 'column', 'country_name', - 'currency_name', 'currency_symbol', 'date', 'date_modify', 'default', 'escape', 'filter', 'first', 'format', - 'format_currency', 'format_date', 'format_datetime', 'format_number', 'format_time', 'join', 'keys', - 'language_name', 'last', 'length', 'locale_name', 'lower', 'map', 'merge', 'nl2br', 'raw', 'number_format', - 'reduce', 'replace', 'reverse', 'slice', 'sort', 'spaceless', 'split', 'striptags', 'timezone_name', 'title', - 'trim', 'upper', 'url_encode', + 'currency_name', 'currency_symbol', 'date', 'date_modify', 'data_uri', 'default', 'escape', 'filter', 'first', 'format', + 'format_currency', 'format_date', 'format_datetime', 'format_number', 'format_time', 'html_to_markdown', 'join', 'keys', + 'language_name', 'last', 'length', 'locale_name', 'lower', 'map', 'markdown_to_html', 'merge', 'nl2br', 'raw', 'number_format', + 'reduce', 'replace', 'reverse', 'round', 'slice', 'slug', 'sort', 'spaceless', 'split', 'striptags', 'timezone_name', 'title', + 'trim', 'u', 'upper', 'url_encode', //Part-DB specific filters: - 'moneyFormat', 'siFormat', 'amountFormat', ]; + 'moneyFormat', 'siFormat', 'amountFormat', - private const ALLOWED_FUNCTIONS = ['date', 'html_classes', 'max', 'min', 'random', 'range']; + + ]; + + private const ALLOWED_FUNCTIONS = ['country_names', 'country_timezones', 'currency_names', 'cycle', + 'date', 'html_classes', 'language_names', 'locale_names', 'max', 'min', 'random', 'range', 'script_names', + 'template_from_string', 'timezone_names']; private const ALLOWED_METHODS = [ NamedElementInterface::class => ['getName'], @@ -139,6 +146,8 @@ final class SandboxedTwigProvider //Add IntlExtension $twig->addExtension(new IntlExtension()); + $twig->addExtension(new MarkdownExtension()); + $twig->addExtension(new StringExtension()); //Add Part-DB specific extension $twig->addExtension($this->appExtension);