vendor/shopware/core/Framework/Adapter/Twig/SecurityExtension.php line 122

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Framework\Adapter\Twig;
  5. use Shopware\Core\Framework\Log\Package;
  6. use Twig\Extension\AbstractExtension;
  7. use Twig\TwigFilter;
  9. /**
  10. * @internal
  11. */
  12. #[Package('system-settings')]
  13. class SecurityExtension extends AbstractExtension
  14. {
  15. /**
  16. * @var array<string>
  17. */
  18. private array $allowedPHPFunctions;
  20. /**
  21. * @param array<string> $allowedPHPFunctions
  22. */
  23. public function __construct(array $allowedPHPFunctions)
  24. {
  25. $this->allowedPHPFunctions = $allowedPHPFunctions;
  26. }
  28. /**
  29. * @return TwigFilter[]
  30. */
  31. public function getFilters(): array
  32. {
  33. return [
  34. new TwigFilter('map', [$this, 'map']),
  35. new TwigFilter('reduce', [$this, 'reduce']),
  36. new TwigFilter('filter', [$this, 'filter']),
  37. new TwigFilter('sort', [$this, 'sort']),
  38. ];
  39. }
  41. /**
  42. * @param iterable<mixed> $array
  43. * @param string|callable|\Closure $function
  44. *
  45. * @return array<mixed>
  46. */
  47. public function map(iterable $array, $function): array
  48. {
  49. if (\is_array($function)) {
  50. $function = implode('::', $function);
  51. }
  53. if (\is_string($function) && !\in_array($function, $this->allowedPHPFunctions, true)) {
  54. throw new \RuntimeException(sprintf('Function "%s" is not allowed', $function));
  55. }
  57. $result = [];
  58. foreach ($array as $key => $value) {
  59. // @phpstan-ignore-next-line
  60. $result[$key] = $function($value);
  61. }
  63. return $result;
  64. }
  66. /**
  67. * @param iterable<mixed> $array
  68. * @param string|callable|\Closure $function
  69. * @param mixed $initial
  70. *
  71. * @return mixed
  72. */
  73. public function reduce(iterable $array, $function, $initial = null)
  74. {
  75. if (\is_array($function)) {
  76. $function = implode('::', $function);
  77. }
  79. if (\is_string($function) && !\in_array($function, $this->allowedPHPFunctions, true)) {
  80. throw new \RuntimeException(sprintf('Function "%s" is not allowed', $function));
  81. }
  83. if (!\is_array($array)) {
  84. $array = iterator_to_array($array);
  85. }
  87. // @phpstan-ignore-next-line
  88. return array_reduce($array, $function, $initial);
  89. }
  91. /**
  92. * @param iterable<mixed> $array
  93. * @param string|callable|\Closure $arrow
  94. *
  95. * @return iterable<mixed>
  96. */
  97. public function filter(iterable $array, $arrow): iterable
  98. {
  99. if (\is_array($arrow)) {
  100. $arrow = implode('::', $arrow);
  101. }
  103. if (\is_string($arrow) && !\in_array($arrow, $this->allowedPHPFunctions, true)) {
  104. throw new \RuntimeException(sprintf('Function "%s" is not allowed', $arrow));
  105. }
  107. if (\is_array($array)) {
  108. // @phpstan-ignore-next-line
  109. return array_filter($array, $arrow, \ARRAY_FILTER_USE_BOTH);
  110. }
  112. // @phpstan-ignore-next-line
  113. return new \CallbackFilterIterator(new \IteratorIterator($array), $arrow);
  114. }
  116. /**
  117. * @param iterable<mixed> $array
  118. * @param string|callable|\Closure|null $arrow
  119. *
  120. * @return array<mixed>
  121. */
  122. public function sort(iterable $array, $arrow = null): array
  123. {
  124. if (\is_array($arrow)) {
  125. $arrow = implode('::', $arrow);
  126. }
  128. if (\is_string($arrow) && !\in_array($arrow, $this->allowedPHPFunctions, true)) {
  129. throw new \RuntimeException(sprintf('Function "%s" is not allowed', $arrow));
  130. }
  132. if ($array instanceof \Traversable) {
  133. $array = iterator_to_array($array);
  134. }
  136. if ($arrow !== null) {
  137. // @phpstan-ignore-next-line
  138. uasort($array, $arrow);
  139. } else {
  140. asort($array);
  141. }
  143. return $array;
  144. }
  145. }