Code Coverage
 
Classes and Traits
Functions and Methods
Lines
Total
0.00% covered (danger)
0.00%
0 / 1
57.14% covered (warning)
57.14%
4 / 7
CRAP
47.62% covered (danger)
47.62%
20 / 42
loader
0.00% covered (danger)
0.00%
0 / 1
57.14% covered (warning)
57.14%
4 / 7
52.79
47.62% covered (danger)
47.62%
20 / 42
 __construct
100.00% covered (success)
100.00%
1 / 1
1
100.00% covered (success)
100.00%
3 / 3
 setSafeDirectories
0.00% covered (danger)
0.00%
0 / 1
12
0.00% covered (danger)
0.00%
0 / 8
 addSafeDirectory
100.00% covered (success)
100.00%
1 / 1
2
100.00% covered (success)
100.00%
6 / 6
 getSafeDirectories
0.00% covered (danger)
0.00%
0 / 1
2
0.00% covered (danger)
0.00%
0 / 1
 validateName
100.00% covered (success)
100.00%
1 / 1
1
100.00% covered (success)
100.00%
1 / 1
 addPath
100.00% covered (success)
100.00%
1 / 1
1
100.00% covered (success)
100.00%
1 / 1
 findTemplate
0.00% covered (danger)
0.00%
0 / 1
17.11
40.91% covered (danger)
40.91%
9 / 22
<?php
/**
*
* This file is part of the phpBB Forum Software package.
*
* @copyright (c) phpBB Limited <https://www.phpbb.com>
* @license GNU General Public License, version 2 (GPL-2.0)
*
* For full copyright and license information, please see
* the docs/CREDITS.txt file.
*
*/
namespace phpbb\template\twig;
/**
* Twig Template loader
*/
class loader extends \Twig_Loader_Filesystem
{
    protected $safe_directories = array();
    /**
     * @var \phpbb\filesystem\filesystem_interface
     */
    protected $filesystem;
    /**
     * Constructor
     *
     * @param \phpbb\filesystem\filesystem_interface $filesystem
     * @param string|array    $paths
     */
    public function __construct(\phpbb\filesystem\filesystem_interface $filesystem, $paths = array())
    {
        $this->filesystem = $filesystem;
        parent::__construct($paths, $this->filesystem->realpath(dirname(__FILE__)));
    }
    /**
    * Set safe directories
    *
    * @param array $directories Array of directories that are safe (empty to clear)
    * @return \Twig_Loader_Filesystem
    */
    public function setSafeDirectories($directories = array())
    {
        $this->safe_directories = array();
        if (!empty($directories))
        {
            foreach ($directories as $directory)
            {
                $this->addSafeDirectory($directory);
            }
        }
        return $this;
    }
    /**
    * Add safe directory
    *
    * @param string $directory Directory that should be added
    * @return \Twig_Loader_Filesystem
    */
    public function addSafeDirectory($directory)
    {
        $directory = $this->filesystem->realpath($directory);
        if ($directory !== false)
        {
            $this->safe_directories[] = $directory;
        }
        return $this;
    }
    /**
    * Get current safe directories
    *
    * @return array
    */
    public function getSafeDirectories()
    {
        return $this->safe_directories;
    }
    /**
    * Override for parent::validateName()
    *
    * This is done because we added support for safe directories, and when Twig
    *    findTemplate() is called, validateName() is called first, which would
    *    always throw an exception if the file is outside of the configured
    *    template directories.
    */
    protected function validateName($name)
    {
        return;
    }
    /**
     * Adds a realpath call to fix a BC break in Twig 1.26 (https://github.com/twigphp/Twig/issues/2145)
     *
     * {@inheritdoc}
     */
    public function addPath($path, $namespace = self::MAIN_NAMESPACE)
    {
        return parent::addPath($this->filesystem->realpath($path), $namespace);
    }
    /**
    * Find the template
    *
    * Override for Twig_Loader_Filesystem::findTemplate to add support
    *    for loading from safe directories.
    */
    protected function findTemplate($name)
    {
        $name = (string) $name;
        // normalize name
        $name = preg_replace('#/{2,}#', '/', strtr($name, '\\', '/'));
        // If this is in the cache we can skip the entire process below
        //    as it should have already been validated
        if (isset($this->cache[$name]))
        {
            return $this->cache[$name];
        }
        // First, find the template name. The override above of validateName
        //    causes the validateName process to be skipped for this call
        $file = parent::findTemplate($name);
        try
        {
            // Try validating the name (which may throw an exception)
            parent::validateName($name);
        }
        catch (\Twig_Error_Loader $e)
        {
            if (strpos($e->getRawMessage(), 'Looks like you try to load a template outside configured directories') === 0)
            {
                // Ok, so outside of the configured template directories, we
                //    can now check if we're within a "safe" directory
                // Find the real path of the directory the file is in
                $directory = $this->filesystem->realpath(dirname($file));
                if ($directory === false)
                {
                    // Some sort of error finding the actual path, must throw the exception
                    throw $e;
                }
                foreach ($this->safe_directories as $safe_directory)
                {
                    if (strpos($directory, $safe_directory) === 0)
                    {
                        // The directory being loaded is below a directory
                        // that is "safe". We're good to load it!
                        return $file;
                    }
                }
            }
            // Not within any safe directories
            throw $e;
        }
        // No exception from validateName, safe to load.
        return $file;
    }
}