mirror_php/winter
1
0
Fork 0
mirror of https://github.com/wintercms/winter.git synced 2024-06-28 05:33:29 +02:00
Code Issues Projects Releases Wiki Activity

Only allow view files in system twig

Browse Source 
This no longer allows arbitrary inclusions, only views from the native Laravel view engine. Note this also affects the cms twig loader
This commit is contained in:
Samuel Georges 2020-09-30 11:11:03 +10:00
parent d4ac1595ad
commit f9e14b02f5
1 changed files with 3 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
modules/system/twig/Loader.php
View File

@ -2,6 +2,7 @@
use App;
use File;
use View;
use Twig\Source as TwigSource;
use Twig\Loader\LoaderInterface as TwigLoaderInterface;
use Exception;
@ -14,11 +15,6 @@ use Exception;
*/
class Loader implements TwigLoaderInterface
{
/**
* @var string Expected file extension
*/
protected $extension = 'htm';
/**
* @var array Cache
*/
@ -37,22 +33,13 @@ class Loader implements TwigLoaderInterface
return $this->cache[$name];
}
if (File::isFile($name)) {
return $this->cache[$name] = $name;
}
$view = $name;
if (File::extension($view) === $this->extension) {
$view = substr($view, 0, -strlen($this->extension));
}
$path = $finder->find($view);
$path = $finder->find($name);
return $this->cache[$name] = $path;
}
public function getSourceContext($name)
{
return new TwigSource(File::get($this->findTemplate($name)), $name);
return new TwigSource((string) View::make($name), $name);
}
public function getCacheKey($name)