mirror of
https://github.com/Part-DB/Part-DB-server.git
synced 2025-06-21 01:25:55 +02:00
Updated the list of tags, filters and functions which are allowed inside the sandboxed twig
This commit is contained in:
Jan Böhmer
parent
dc7c13479c
commit
a2cd5652d2
3 changed files with 89 additions and 12 deletions
|
|
@ -84,11 +84,12 @@
|
||||||
"symfony/yaml": "6.4.*",
|
"symfony/yaml": "6.4.*",
|
||||||
"tecnickcom/tc-lib-barcode": "^2.1.4",
|
"tecnickcom/tc-lib-barcode": "^2.1.4",
|
||||||
"twig/cssinliner-extra": "^3.0",
|
"twig/cssinliner-extra": "^3.0",
|
||||||
"twig/extra-bundle": "^3.0",
|
"twig/extra-bundle": "^3.8",
|
||||||
"twig/html-extra": "^3.0",
|
"twig/html-extra": "^3.8",
|
||||||
"twig/inky-extra": "^3.0",
|
"twig/inky-extra": "^3.0",
|
||||||
"twig/intl-extra": "^3.0",
|
"twig/intl-extra": "^3.8",
|
||||||
"twig/markdown-extra": "^3.0",
|
"twig/markdown-extra": "^3.8",
|
||||||
|
"twig/string-extra": "^3.8",
|
||||||
"web-auth/webauthn-symfony-bundle": "^4.0.0",
|
"web-auth/webauthn-symfony-bundle": "^4.0.0",
|
||||||
"webmozart/assert": "^1.4"
|
"webmozart/assert": "^1.4"
|
||||||
},
|
},
|
||||||
|
|
|
||||||
69
composer.lock
generated
69
composer.lock
generated
|
|
@ -4,7 +4,7 @@
|
||||||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||||
"This file is @generated automatically"
|
"This file is @generated automatically"
|
||||||
],
|
],
|
||||||
"content-hash": "d262b7af88fd38fff57c486ce7f61cbe",
|
"content-hash": "c92c91e2ea0afe0c366c423a217bd0cb",
|
||||||
"packages": [
|
"packages": [
|
||||||
{
|
{
|
||||||
"name": "api-platform/core",
|
"name": "api-platform/core",
|
||||||
|
|
@ -13801,6 +13801,73 @@
|
||||||
],
|
],
|
||||||
"time": "2023-11-21T14:02:01+00:00"
|
"time": "2023-11-21T14:02:01+00:00"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "twig/string-extra",
|
||||||
|
"version": "v3.8.0",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/twigphp/string-extra.git",
|
||||||
|
"reference": "b0c9037d96baff79abe368dc092a59b726517548"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/twigphp/string-extra/zipball/b0c9037d96baff79abe368dc092a59b726517548",
|
||||||
|
"reference": "b0c9037d96baff79abe368dc092a59b726517548",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"php": ">=7.2.5",
|
||||||
|
"symfony/string": "^5.4|^6.0|^7.0",
|
||||||
|
"symfony/translation-contracts": "^1.1|^2|^3",
|
||||||
|
"twig/twig": "^3.0"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"symfony/phpunit-bridge": "^6.4|^7.0"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"autoload": {
|
||||||
|
"psr-4": {
|
||||||
|
"Twig\\Extra\\String\\": ""
|
||||||
|
},
|
||||||
|
"exclude-from-classmap": [
|
||||||
|
"/Tests/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"MIT"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Fabien Potencier",
|
||||||
|
"email": "fabien@symfony.com",
|
||||||
|
"homepage": "http://fabien.potencier.org",
|
||||||
|
"role": "Lead Developer"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "A Twig extension for Symfony String",
|
||||||
|
"homepage": "https://twig.symfony.com",
|
||||||
|
"keywords": [
|
||||||
|
"html",
|
||||||
|
"string",
|
||||||
|
"twig",
|
||||||
|
"unicode"
|
||||||
|
],
|
||||||
|
"support": {
|
||||||
|
"source": "https://github.com/twigphp/string-extra/tree/v3.8.0"
|
||||||
|
},
|
||||||
|
"funding": [
|
||||||
|
{
|
||||||
|
"url": "https://github.com/fabpot",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "https://tidelift.com/funding/github/packagist/twig/twig",
|
||||||
|
"type": "tidelift"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"time": "2023-11-21T14:02:01+00:00"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "twig/twig",
|
"name": "twig/twig",
|
||||||
"version": "v3.8.0",
|
"version": "v3.8.0",
|
||||||
|
|
|
||||||
|
|
@ -66,6 +66,8 @@ use InvalidArgumentException;
|
||||||
use Twig\Environment;
|
use Twig\Environment;
|
||||||
use Twig\Extension\SandboxExtension;
|
use Twig\Extension\SandboxExtension;
|
||||||
use Twig\Extra\Intl\IntlExtension;
|
use Twig\Extra\Intl\IntlExtension;
|
||||||
|
use Twig\Extra\Markdown\MarkdownExtension;
|
||||||
|
use Twig\Extra\String\StringExtension;
|
||||||
use Twig\Loader\ArrayLoader;
|
use Twig\Loader\ArrayLoader;
|
||||||
use Twig\Sandbox\SecurityPolicyInterface;
|
use Twig\Sandbox\SecurityPolicyInterface;
|
||||||
|
|
||||||
|
|
@ -76,15 +78,20 @@ final class SandboxedTwigProvider
|
||||||
{
|
{
|
||||||
private const ALLOWED_TAGS = ['apply', 'autoescape', 'do', 'for', 'if', 'set', 'verbatim', 'with'];
|
private const ALLOWED_TAGS = ['apply', 'autoescape', 'do', 'for', 'if', 'set', 'verbatim', 'with'];
|
||||||
private const ALLOWED_FILTERS = ['abs', 'batch', 'capitalize', 'column', 'country_name',
|
private const ALLOWED_FILTERS = ['abs', 'batch', 'capitalize', 'column', 'country_name',
|
||||||
'currency_name', 'currency_symbol', 'date', 'date_modify', 'default', 'escape', 'filter', 'first', 'format',
|
'currency_name', 'currency_symbol', 'date', 'date_modify', 'data_uri', 'default', 'escape', 'filter', 'first', 'format',
|
||||||
'format_currency', 'format_date', 'format_datetime', 'format_number', 'format_time', 'join', 'keys',
|
'format_currency', 'format_date', 'format_datetime', 'format_number', 'format_time', 'html_to_markdown', 'join', 'keys',
|
||||||
'language_name', 'last', 'length', 'locale_name', 'lower', 'map', 'merge', 'nl2br', 'raw', 'number_format',
|
'language_name', 'last', 'length', 'locale_name', 'lower', 'map', 'markdown_to_html', 'merge', 'nl2br', 'raw', 'number_format',
|
||||||
'reduce', 'replace', 'reverse', 'slice', 'sort', 'spaceless', 'split', 'striptags', 'timezone_name', 'title',
|
'reduce', 'replace', 'reverse', 'round', 'slice', 'slug', 'sort', 'spaceless', 'split', 'striptags', 'timezone_name', 'title',
|
||||||
'trim', 'upper', 'url_encode',
|
'trim', 'u', 'upper', 'url_encode',
|
||||||
//Part-DB specific filters:
|
//Part-DB specific filters:
|
||||||
'moneyFormat', 'siFormat', 'amountFormat', ];
|
'moneyFormat', 'siFormat', 'amountFormat',
|
||||||
|
|
||||||
private const ALLOWED_FUNCTIONS = ['date', 'html_classes', 'max', 'min', 'random', 'range'];
|
|
||||||
|
];
|
||||||
|
|
||||||
|
private const ALLOWED_FUNCTIONS = ['country_names', 'country_timezones', 'currency_names', 'cycle',
|
||||||
|
'date', 'html_classes', 'language_names', 'locale_names', 'max', 'min', 'random', 'range', 'script_names',
|
||||||
|
'template_from_string', 'timezone_names'];
|
||||||
|
|
||||||
private const ALLOWED_METHODS = [
|
private const ALLOWED_METHODS = [
|
||||||
NamedElementInterface::class => ['getName'],
|
NamedElementInterface::class => ['getName'],
|
||||||
|
|
@ -139,6 +146,8 @@ final class SandboxedTwigProvider
|
||||||
|
|
||||||
//Add IntlExtension
|
//Add IntlExtension
|
||||||
$twig->addExtension(new IntlExtension());
|
$twig->addExtension(new IntlExtension());
|
||||||
|
$twig->addExtension(new MarkdownExtension());
|
||||||
|
$twig->addExtension(new StringExtension());
|
||||||
|
|
||||||
//Add Part-DB specific extension
|
//Add Part-DB specific extension
|
||||||
$twig->addExtension($this->appExtension);
|
$twig->addExtension($this->appExtension);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue