vendor/twig/twig/src/Extension/EscaperExtension.php line 139

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of Twig.
  5. *
  6. * (c) Fabien Potencier
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. namespace Twig\Extension;
  14. use Twig\Environment;
  15. use Twig\FileExtensionEscapingStrategy;
  16. use Twig\Node\Expression\ConstantExpression;
  17. use Twig\Node\Expression\Filter\RawFilter;
  18. use Twig\Node\Node;
  19. use Twig\NodeVisitor\EscaperNodeVisitor;
  20. use Twig\Runtime\EscaperRuntime;
  21. use Twig\TokenParser\AutoEscapeTokenParser;
  22. use Twig\TwigFilter;
  24. final class EscaperExtension extends AbstractExtension
  25. {
  26. private $environment;
  27. private $escapers = [];
  28. private $escaper;
  29. private $defaultStrategy;
  31. /**
  32. * @param string|false|callable $defaultStrategy An escaping strategy
  33. *
  34. * @see setDefaultStrategy()
  35. */
  36. public function __construct($defaultStrategy = 'html')
  37. {
  38. $this->setDefaultStrategy($defaultStrategy);
  39. }
  41. public function getTokenParsers(): array
  42. {
  43. return [new AutoEscapeTokenParser()];
  44. }
  46. public function getNodeVisitors(): array
  47. {
  48. return [new EscaperNodeVisitor()];
  49. }
  51. public function getFilters(): array
  52. {
  53. return [
  54. new TwigFilter('escape', [EscaperRuntime::class, 'escape'], ['is_safe_callback' => [self::class, 'escapeFilterIsSafe']]),
  55. new TwigFilter('e', [EscaperRuntime::class, 'escape'], ['is_safe_callback' => [self::class, 'escapeFilterIsSafe']]),
  56. new TwigFilter('raw', null, ['is_safe' => ['all'], 'node_class' => RawFilter::class]),
  57. ];
  58. }
  60. public function getLastModified(): int
  61. {
  62. return max(
  63. parent::getLastModified(),
  64. filemtime((new \ReflectionClass(EscaperRuntime::class))->getFileName()),
  65. );
  66. }
  68. /**
  69. * @deprecated since Twig 3.10
  70. */
  71. public function setEnvironment(Environment $environment): void
  72. {
  73. $triggerDeprecation = \func_num_args() > 1 ? func_get_arg(1) : true;
  74. if ($triggerDeprecation) {
  75. trigger_deprecation('twig/twig', '3.10', 'The "%s()" method is deprecated and not needed if you are using methods from "Twig\Runtime\EscaperRuntime".', __METHOD__);
  76. }
  78. $this->environment = $environment;
  79. $this->escaper = $environment->getRuntime(EscaperRuntime::class);
  80. }
  82. /**
  83. * @return void
  84. *
  85. * @deprecated since Twig 3.10
  86. */
  87. public function setEscaperRuntime(EscaperRuntime $escaper)
  88. {
  89. trigger_deprecation('twig/twig', '3.10', 'The "%s()" method is deprecated and not needed if you are using methods from "Twig\Runtime\EscaperRuntime".', __METHOD__);
  91. $this->escaper = $escaper;
  92. }
  94. /**
  95. * Sets the default strategy to use when not defined by the user.
  96. *
  97. * The strategy can be a valid PHP callback that takes the template
  98. * name as an argument and returns the strategy to use.
  99. *
  100. * @param string|false|callable(string $templateName): string $defaultStrategy An escaping strategy
  101. */
  102. public function setDefaultStrategy($defaultStrategy): void
  103. {
  104. if ('name' === $defaultStrategy) {
  105. $defaultStrategy = [FileExtensionEscapingStrategy::class, 'guess'];
  106. }
  108. $this->defaultStrategy = $defaultStrategy;
  109. }
  111. /**
  112. * Gets the default strategy to use when not defined by the user.
  113. *
  114. * @param string $name The template name
  115. *
  116. * @return string|false The default strategy to use for the template
  117. */
  118. public function getDefaultStrategy(string $name)
  119. {
  120. // disable string callables to avoid calling a function named html or js,
  121. // or any other upcoming escaping strategy
  122. if (!\is_string($this->defaultStrategy) && false !== $this->defaultStrategy) {
  123. return \call_user_func($this->defaultStrategy, $name);
  124. }
  126. return $this->defaultStrategy;
  127. }
  129. /**
  130. * Defines a new escaper to be used via the escape filter.
  131. *
  132. * @param string $strategy The strategy name that should be used as a strategy in the escape call
  133. * @param callable(Environment, string, string): string $callable A valid PHP callable
  134. *
  135. * @return void
  136. *
  137. * @deprecated since Twig 3.10
  138. */
  139. public function setEscaper($strategy, callable $callable)
  140. {
  141. trigger_deprecation('twig/twig', '3.10', 'The "%s()" method is deprecated, use the "Twig\Runtime\EscaperRuntime::setEscaper()" method instead (be warned that Environment is not passed anymore to the callable).', __METHOD__);
  143. if (!isset($this->environment)) {
  144. throw new \LogicException(\sprintf('You must call "setEnvironment()" before calling "%s()".', __METHOD__));
  145. }
  147. $this->escapers[$strategy] = $callable;
  148. $callable = function ($string, $charset) use ($callable) {
  149. return $callable($this->environment, $string, $charset);
  150. };
  152. $this->escaper->setEscaper($strategy, $callable);
  153. }
  155. /**
  156. * Gets all defined escapers.
  157. *
  158. * @return array<string, callable(Environment, string, string): string> An array of escapers
  159. *
  160. * @deprecated since Twig 3.10
  161. */
  162. public function getEscapers()
  163. {
  164. trigger_deprecation('twig/twig', '3.10', 'The "%s()" method is deprecated, use the "Twig\Runtime\EscaperRuntime::getEscaper()" method instead.', __METHOD__);
  166. return $this->escapers;
  167. }
  169. /**
  170. * @return void
  171. *
  172. * @deprecated since Twig 3.10
  173. */
  174. public function setSafeClasses(array $safeClasses = [])
  175. {
  176. trigger_deprecation('twig/twig', '3.10', 'The "%s()" method is deprecated, use the "Twig\Runtime\EscaperRuntime::setSafeClasses()" method instead.', __METHOD__);
  178. if (!isset($this->escaper)) {
  179. throw new \LogicException(\sprintf('You must call "setEnvironment()" before calling "%s()".', __METHOD__));
  180. }
  182. $this->escaper->setSafeClasses($safeClasses);
  183. }
  185. /**
  186. * @return void
  187. *
  188. * @deprecated since Twig 3.10
  189. */
  190. public function addSafeClass(string $class, array $strategies)
  191. {
  192. trigger_deprecation('twig/twig', '3.10', 'The "%s()" method is deprecated, use the "Twig\Runtime\EscaperRuntime::addSafeClass()" method instead.', __METHOD__);
  194. if (!isset($this->escaper)) {
  195. throw new \LogicException(\sprintf('You must call "setEnvironment()" before calling "%s()".', __METHOD__));
  196. }
  198. $this->escaper->addSafeClass($class, $strategies);
  199. }
  201. /**
  202. * @internal
  203. *
  204. * @return array<string>
  205. */
  206. public static function escapeFilterIsSafe(Node $filterArgs)
  207. {
  208. foreach ($filterArgs as $arg) {
  209. if ($arg instanceof ConstantExpression) {
  210. return [$arg->getAttribute('value')];
  211. }
  213. return [];
  214. }
  216. return ['html'];
  217. }
  218. }