/**
* Find the template
*
* Override for Twig_Loader_Filesystem::findTemplate to add support
* for loading from safe directories.
*/
protected function findTemplate($name)
{
$name = (string) $name;
// normalize name
$name = preg_replace('#/{2,}#', '/', strtr($name, '\\', '/'));
// If this is in the cache we can skip the entire process below
// as it should have already been validated
if (isset($this->cache[$name])) {
return $this->cache[$name];
}
// First, find the template name. The override above of validateName
// causes the validateName process to be skipped for this call
$file = parent::findTemplate($name);
try {
// Try validating the name (which may throw an exception)
parent::validateName($name);
} catch (\Twig_Error_Loader $e) {
if (strpos($e->getRawMessage(), 'Looks like you try to load a template outside configured directories') === 0) {
// Ok, so outside of the configured template directories, we
// can now check if we're within a "safe" directory
// Find the real path of the directory the file is in
$directory = src_realpath(dirname($file));
if ($directory === false) {
// Some sort of error finding the actual path, must throw the exception
throw $e;
}
foreach ($this->safe_directories as $safe_directory) {
if (strpos($directory, $safe_directory) === 0) {
// The directory being loaded is below a directory
// that is "safe". We're good to load it!
return $file;
}
}
}
// Not within any safe directories
throw $e;
}
// No exception from validateName, safe to load.
return $file;
}
