Code Coverage for /data/phpBB/phpbb/template/twig/loader.php

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	57.14% covered (warning)	57.14%	4 / 7	CRAP	51.61% covered (warning)	51.61%	16 / 31
loader	0.00% covered (danger)	0.00%	0 / 1	57.14% covered (warning)	57.14%	4 / 7	45.00	51.61% covered (warning)	51.61%	16 / 31
__construct				100.00% covered (success)	100.00%	1 / 1	1	100.00% covered (success)	100.00%	3 / 3
setSafeDirectories				0.00% covered (danger)	0.00%	0 / 1	12.00	0.00% covered (danger)	0.00%	0 / 5
addSafeDirectory				100.00% covered (success)	100.00%	1 / 1	2	100.00% covered (success)	100.00%	4 / 4
getSafeDirectories				0.00% covered (danger)	0.00%	0 / 1	2.00	0.00% covered (danger)	0.00%	0 / 1
validateName				100.00% covered (success)	100.00%	1 / 1	1	100.00% covered (success)	100.00%	1 / 1
addPath				100.00% covered (success)	100.00%	1 / 1	1	100.00% covered (success)	100.00%	1 / 1
findTemplate				0.00% covered (danger)	0.00%	0 / 1	15.72	43.75% covered (danger)	43.75%	7 / 16

1	<?php
2	/**
3	*
4	* This file is part of the phpBB Forum Software package.
5	*
6	* @copyright (c) phpBB Limited <https://www.phpbb.com>
7	* @license GNU General Public License, version 2 (GPL-2.0)
8	*
9	* For full copyright and license information, please see
10	* the docs/CREDITS.txt file.
11	*
12	*/
13
14	namespace phpbb\template\twig;
15
16	/**
17	* Twig Template loader
18	*/
19	class loader extends \Twig\Loader\FilesystemLoader
20	{
21	protected $safe_directories = array();
22
23	/**
24	* @var \phpbb\filesystem\filesystem_interface
25	*/
26	protected $filesystem;
27
28	/**
29	* Constructor
30	*
31	* @param \phpbb\filesystem\filesystem_interface $filesystem
32	* @param string\|array $paths
33	*/
34	public function __construct(\phpbb\filesystem\filesystem_interface $filesystem, $paths = array())
35	{
36	$this->filesystem = $filesystem;
37
38	parent::__construct($paths, __DIR__);
39	}
40
41	/**
42	* Set safe directories
43	*
44	* @param array $directories Array of directories that are safe (empty to clear)
45	* @return \Twig\Loader\FilesystemLoader
46	*/
47	public function setSafeDirectories($directories = array())
48	{
49	$this->safe_directories = array();
50
51	if (!empty($directories))
52	{
53	foreach ($directories as $directory)
54	{
55	$this->addSafeDirectory($directory);
56	}
57	}
58
59	return $this;
60	}
61
62	/**
63	* Add safe directory
64	*
65	* @param string $directory Directory that should be added
66	* @return \Twig\Loader\FilesystemLoader
67	*/
68	public function addSafeDirectory($directory)
69	{
70	$directory = $this->filesystem->realpath($directory);
71
72	if ($directory !== false)
73	{
74	$this->safe_directories[] = $directory;
75	}
76
77	return $this;
78	}
79
80	/**
81	* Get current safe directories
82	*
83	* @return array
84	*/
85	public function getSafeDirectories()
86	{
87	return $this->safe_directories;
88	}
89
90	/**
91	* Override for parent::validateName()
92	*
93	* This is done because we added support for safe directories, and when Twig
94	* findTemplate() is called, validateName() is called first, which would
95	* always throw an exception if the file is outside of the configured
96	* template directories.
97	*/
98	protected function validateName($name)
99	{
100	return;
101	}
102
103	/**
104	* Adds a realpath call to fix a BC break in Twig 1.26 (https://github.com/twigphp/Twig/issues/2145)
105	*
106	* {@inheritdoc}
107	*/
108	public function addPath($path, $namespace = self::MAIN_NAMESPACE)
109	{
110	return parent::addPath($this->filesystem->realpath($path), $namespace);
111	}
112
113	/**
114	* Find the template
115	*
116	* Override for \Twig\Loader\FilesystemLoader::findTemplate
117	* to add support for loading from safe directories.
118	*/
119	protected function findTemplate($name, $throw = true)
120	{
121	$name = (string) $name;
122
123	// normalize name
124	$name = preg_replace('#/{2,}#', '/', strtr($name, '\\', '/'));
125
126	// If this is in the cache we can skip the entire process below
127	// as it should have already been validated
128	if (isset($this->cache[$name]))
129	{
130	return $this->cache[$name];
131	}
132
133	// First, find the template name. The override above of validateName
134	// causes the validateName process to be skipped for this call
135	$file = parent::findTemplate($name, $throw);
136
137	try
138	{
139	// Try validating the name (which may throw an exception)
140	$this->validateName($name);
141	}
142	catch (\Twig\Error\LoaderError $e)
143	{
144	if (strpos($e->getRawMessage(), 'Looks like you try to load a template outside configured directories') === 0)
145	{
146	// Ok, so outside of the configured template directories, we
147	// can now check if we're within a "safe" directory
148
149	// Find the real path of the directory the file is in
150	$directory = $this->filesystem->realpath(dirname($file));
151
152	if ($directory === false)
153	{
154	// Some sort of error finding the actual path, must throw the exception
155	throw $e;
156	}
157
158	foreach ($this->safe_directories as $safe_directory)
159	{
160	if (strpos($directory, $safe_directory) === 0)
161	{
162	// The directory being loaded is below a directory
163	// that is "safe". We're good to load it!
164	return $file;
165	}
166	}
167	}
168
169	// Not within any safe directories
170	throw $e;
171	}
172
173	// No exception from validateName, safe to load.
174	return $file;
175	}
176	}