public function enterNode(Twig_NodeInterface $node, Twig_Environment $env) { if ($node instanceof Twig_Node_Module) { $this->inAModule = true; $this->tags = array(); $this->filters = array(); return $node; } elseif ($this->inAModule) { // look for tags if ($node->getNodeTag()) { $this->tags[$node->getNodeTag()] = true; } // look for filters if ($node instanceof Twig_Node_Expression_Filter) { foreach ($node->getFilters() as $filter) { $this->filters[$filter[0]] = true; } } // look for simple print statement ({{ article }}) if ($node instanceof Twig_Node_Print && $node->getExpression() instanceof Twig_Node_Expression_Name) { return new Twig_Node_SandboxPrint($node->getExpression(), $node->getLine(), $node->getNodeTag()); } } return $node; }
protected function applyFilters(Twig_NodeInterface $node) { if (false === ($filters = $this->getCurrentFilters())) { return $node; } if ($node instanceof Twig_Node_Text) { $expression = new Twig_Node_Expression_Constant($node->getData(), $node->getLine()); } else { $expression = $node->getExpression(); } // filters if ($expression instanceof Twig_Node_Expression_Filter) { $expression->appendFilters($filters); return $node; } else { return new Twig_Node_Print(new Twig_Node_Expression_Filter($expression, $filters, $node->getLine()), $node->getLine()); } }
protected function escapeNode(Twig_NodeInterface $node, Twig_Environment $env, $type) { if (false === $type) { return $node; } $expression = $node instanceof Twig_Node_Print ? $node->getExpression() : $node; if ($expression instanceof Twig_Node_Expression_Filter) { // don't escape if the primary node of the filter is not a variable $nodes = $expression->getNodes(); if (!$nodes[0] instanceof Twig_Node_Expression_Name) { return $node; } // don't escape if there is already an "escaper" in the filter chain $filterMap = $env->getFilters(); foreach ($expression->getFilters() as $filter) { if (isset($filterMap[$filter[0]]) && $filterMap[$filter[0]]->isEscaper()) { return $node; } } } elseif (!$expression instanceof Twig_Node_Expression_GetAttr && !$expression instanceof Twig_Node_Expression_Name) { // don't escape if the node is not a variable return $node; } // escape if ($expression instanceof Twig_Node_Expression_Filter) { // escape all variables in filters arguments $filters = $expression->getFilters(); foreach ($filters as $i => $filter) { foreach ($filter[1] as $j => $argument) { $filters[$i][1][$j] = $this->escapeNode($argument, $env, $type); } } $expression->setFilters($filters); $expression->prependFilter($this->getEscaperFilter($type)); return $node; } elseif ($node instanceof Twig_Node_Print) { return new Twig_Node_Print(new Twig_Node_Expression_Filter($expression, array($this->getEscaperFilter($type)), $node->getLine()), $node->getLine()); } else { return new Twig_Node_Expression_Filter($node, array($this->getEscaperFilter($type)), $node->getLine()); } }