Changeset 1112

Timestamp:

10/09/08 22:21:56 (3 months ago)

Author:

laurentj

Message:

ticket #666: parenthesis in for statement in jtpl were not allowed, so we couldn't use count function for example. parenthesis are now allowed only in trusted templates

Files:

branches/1.0.x/lib/jelix/tpl/jTplCompiler.class.php (modified) (2 diffs)
branches/1.0.x/testapp/modules/jelix_tests/tests/jtpl.compiler.html_cli.php (modified) (4 diffs)
trunk/lib/jelix/tpl/jTplCompiler.class.php (modified) (2 diffs)
trunk/testapp/modules/jelix_tests/tests/jtpl.compiler.html_cli.php (modified) (4 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

branches/1.0.x/lib/jelix/tpl/jTplCompiler.class.php

r997	r1112
322	322	break;
323	323	case 'for':
324		$res = 'for('. $this->_parseFinal($args, $this->_allowedInExpr, array('(')) .'):';
	324	if($this->trusted)
	325	$notallowed = array();
	326	else
	327	$notallowed = array('(');
	328	if(preg_match("/^\s$(.)$\s*$/",$args, $m))
	329	$args = $m[1];
	330	$res = 'for('. $this->_parseFinal($args, $this->_allowedInExpr, $notallowed) .'):';
325	331	array_push($this->_blockStack,'for');
326	332	break;
…	…
420	426	$inLocale = false;
421	427	$locale='';
422		$bracketcount~~=$sqbracketcount=~~0;
	428	$bracketcount = $sqbracketcount = 0;
423	429	$firstok = array_shift($tokens);
424	430

branches/1.0.x/testapp/modules/jelix_tests/tests/jtpl.compiler.html_cli.php

r929	r1112
119	119	'<p>ok<?php if(($t->_vars[\'foo\'] \|\| $t->_vars[\'bar\']) && $t->_vars[\'baz\']):?> <?php endif;?></p>',
120	120	),
	121	20=>array('{for ($i=0;$i<$p;$i++)} A {/for}',
	122	'<?php for($t->_vars[\'i\']=0;$t->_vars[\'i\']<$t->_vars[\'p\'];$t->_vars[\'i\']++):?> A <?php endfor;?>'
	123	),
	124	21=>array('{for $i=0;$i<$p;$i++} A {/for}',
	125	'<?php for($t->_vars[\'i\']=0;$t->_vars[\'i\']<$t->_vars[\'p\'];$t->_vars[\'i\']++):?> A <?php endfor;?>'
	126	),
	127	22=>array('{for $i=count($o);$i<$p;$i++} A {/for}',
	128	'<?php for($t->_vars[\'i\']=count($t->_vars[\'o\']);$t->_vars[\'i\']<$t->_vars[\'p\'];$t->_vars[\'i\']++):?> A <?php endfor;?>'
	129	),
	130
121	131	);
122	132
…	…
127	137
128	138	foreach($this->content as $k=>$t){
	139	try{
	140	$this->assertEqualOrDiff($t[1], $compil->compileContent2($t[0]));
	141	}catch(jException $e){
	142	$this->fail("Test '$k', Unknown Jelix Exception: ".$e->getMessage().' ('.$e->getLocaleKey().')');
	143	}catch(Exception $e){
	144	$this->fail("Test '$k', Unknown Exception: ".$e->getMessage());
	145	}
	146	}
	147	}
	148
	149	protected $contentUntrusted = array(
	150	0=>array('{for ($i=0;$i<$p;$i++)} A {/for}',
	151	'<?php for($t->_vars[\'i\']=0;$t->_vars[\'i\']<$t->_vars[\'p\'];$t->_vars[\'i\']++):?> A <?php endfor;?>'
	152	),
	153	1=>array('{for $i=0;$i<$p;$i++} A {/for}',
	154	'<?php for($t->_vars[\'i\']=0;$t->_vars[\'i\']<$t->_vars[\'p\'];$t->_vars[\'i\']++):?> A <?php endfor;?>'
	155	),
	156	);
	157
	158	function testCompileContentUntrusted() {
	159	$compil = new testJtplContentCompiler();
	160	$compil->outputType = 'html';
	161	$compil->trusted = false;
	162	foreach($this->contentUntrusted as $k=>$t){
129	163	try{
130	164	$this->assertEqualOrDiff($t[1], $compil->compileContent2($t[0]));
…	…
182	216	2=>array('{foreach ($t=>$a)} A {/foreach}',
183	217	'jelix~errors.tpl.tag.character.invalid',array('foreach ($t=>$a)', '(', NULL) ),
184		3=>array('{for ($i=0;$i<$p;$i++)} A {/for}',
185		'jelix~errors.tpl.tag.~~character.invalid',array('for ($i=0;$i<$p;$i++)','(~~',null) ),
	218	3=>array('{for ($i=0;$i<$p;$i++} A {/for}',
	219	'jelix~errors.tpl.tag.bracket.error',array('for ($i=0;$i<$p;$i++',null) ),
186	220	4=>array('{form ($foo,$params)} aa {/form}',
187	221	'jelix~errors.tplplugin.block.bad.argument.number',array('form','2-6',null) ),
…	…
207	241	}
208	242	}
	243
	244	protected $tplerrors2 = array(
	245	0=>array('{for $i=count($a);$i<$p;$i++} A {/for}',
	246	'jelix~errors.tpl.tag.character.invalid',array('for $i=count($a);$i<$p;$i++','(',null) ),
	247	);
	248	function testCompileErrorsUntrusted() {
	249
	250	foreach($this->tplerrors2 as $k=>$t){
	251	$compil = new testJtplContentCompiler();
	252	$compil->outputType = 'html';
	253	$compil->trusted = false;
	254	try{
	255	$compil->compileContent2($t[0]);
	256	$this->fail("Test '$k', exception didn't happen");
	257	}catch(jException $e){
	258	$this->assertEqual($e->getLocaleKey(), $t[1], "Test '$k': %s (local parameters: ".var_export($e->getLocaleParameters(), true).")");
	259	$this->assertEqualOrDiff($e->getLocaleParameters(), $t[2], "Test '$k': %s");
	260	}catch(Exception $e){
	261	$this->fail("Test '$k', Unknown Exception: ".$e->getMessage());
	262	}
	263	}
	264	}
	265
209	266	}
210	267

trunk/lib/jelix/tpl/jTplCompiler.class.php

r1030	r1112
328	328	break;
329	329	case 'for':
330		$res = 'for('. $this->_parseFinal($args, $this->_allowedInExpr, array('(')) .'):';
	330	if($this->trusted)
	331	$notallowed = array();
	332	else
	333	$notallowed = array('(');
	334	if(preg_match("/^\s$(.)$\s*$/",$args, $m))
	335	$args = $m[1];
	336	$res = 'for('. $this->_parseFinal($args, $this->_allowedInExpr, $notallowed) .'):';
331	337	array_push($this->_blockStack,'for');
332	338	break;
…	…
446	452	$inLocale = false;
447	453	$locale='';
448		$bracketcount~~=$sqbracketcount=~~0;
	454	$bracketcount = $sqbracketcount = 0;
449	455	$firstok = array_shift($tokens);
450	456

trunk/testapp/modules/jelix_tests/tests/jtpl.compiler.html_cli.php

r1031	r1112
130	130	'<p>ok<?php testjtplcontentUserFunction( $t,$t->_vars[\'foo\'], $t->_vars[\'params\']);?></p>',
131	131	),
	132	20=>array('{for ($i=0;$i<$p;$i++)} A {/for}',
	133	'<?php for($t->_vars[\'i\']=0;$t->_vars[\'i\']<$t->_vars[\'p\'];$t->_vars[\'i\']++):?> A <?php endfor;?>'
	134	),
	135	21=>array('{for $i=0;$i<$p;$i++} A {/for}',
	136	'<?php for($t->_vars[\'i\']=0;$t->_vars[\'i\']<$t->_vars[\'p\'];$t->_vars[\'i\']++):?> A <?php endfor;?>'
	137	),
	138	22=>array('{for $i=count($o);$i<$p;$i++} A {/for}',
	139	'<?php for($t->_vars[\'i\']=count($t->_vars[\'o\']);$t->_vars[\'i\']<$t->_vars[\'p\'];$t->_vars[\'i\']++):?> A <?php endfor;?>'
	140	),
	141
132	142	);
133	143
…	…
138	148	$compil->setUserPlugins(array(), array('bla'=>'testjtplcontentUserFunction'));
139	149	foreach($this->content as $k=>$t){
	150	try{
	151	$this->assertEqualOrDiff($t[1], $compil->compileContent2($t[0]));
	152	}catch(jException $e){
	153	$this->fail("Test '$k', Unknown Jelix Exception: ".$e->getMessage().' ('.$e->getLocaleKey().')');
	154	}catch(Exception $e){
	155	$this->fail("Test '$k', Unknown Exception: ".$e->getMessage());
	156	}
	157	}
	158	}
	159
	160	protected $contentUntrusted = array(
	161	0=>array('{for ($i=0;$i<$p;$i++)} A {/for}',
	162	'<?php for($t->_vars[\'i\']=0;$t->_vars[\'i\']<$t->_vars[\'p\'];$t->_vars[\'i\']++):?> A <?php endfor;?>'
	163	),
	164	1=>array('{for $i=0;$i<$p;$i++} A {/for}',
	165	'<?php for($t->_vars[\'i\']=0;$t->_vars[\'i\']<$t->_vars[\'p\'];$t->_vars[\'i\']++):?> A <?php endfor;?>'
	166	),
	167	);
	168
	169	function testCompileContentUntrusted() {
	170	$compil = new testJtplContentCompiler();
	171	$compil->outputType = 'html';
	172	$compil->trusted = false;
	173	$compil->setUserPlugins(array(), array('bla'=>'testjtplcontentUserFunction'));
	174	foreach($this->contentUntrusted as $k=>$t){
140	175	try{
141	176	$this->assertEqualOrDiff($t[1], $compil->compileContent2($t[0]));
…	…
207	242	2=>array('{foreach ($t=>$a)} A {/foreach}',
208	243	'jelix~errors.tpl.tag.character.invalid',array('foreach ($t=>$a)', '(', NULL) ),
209		3=>array('{for ($i=0;$i<$p;$i++)} A {/for}',
210		'jelix~errors.tpl.tag.~~character.invalid',array('for ($i=0;$i<$p;$i++)','(~~',null) ),
	244	3=>array('{for ($i=0;$i<$p;$i++} A {/for}',
	245	'jelix~errors.tpl.tag.bracket.error',array('for ($i=0;$i<$p;$i++',null) ),
211	246	4=>array('{form ($foo,$params)} aa {/form}',
212	247	'jelix~errors.tplplugin.block.bad.argument.number',array('form','2-5',null) ),
…	…
232	267	}
233	268	}
	269
	270	protected $tplerrors2 = array(
	271	0=>array('{for $i=count($a);$i<$p;$i++} A {/for}',
	272	'jelix~errors.tpl.tag.character.invalid',array('for $i=count($a);$i<$p;$i++','(',null) ),
	273	);
	274	function testCompileErrorsUntrusted() {
	275
	276	foreach($this->tplerrors2 as $k=>$t){
	277	$compil = new testJtplContentCompiler();
	278	$compil->outputType = 'html';
	279	$compil->trusted = false;
	280	try{
	281	$compil->compileContent2($t[0]);
	282	$this->fail("Test '$k', exception didn't happen");
	283	}catch(jException $e){
	284	$this->assertEqual($e->getLocaleKey(), $t[1], "Test '$k': %s (local parameters: ".var_export($e->getLocaleParameters(), true).")");
	285	$this->assertEqualOrDiff($e->getLocaleParameters(), $t[2], "Test '$k': %s");
	286	}catch(Exception $e){
	287	$this->fail("Test '$k', Unknown Exception: ".$e->getMessage());
	288	}
	289	}
	290	}
	291
234	292	}
235	293

Download in other formats: Unified Diff Zip Archive

Developers' Corner