add attr function #1
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…TypeError` (ju1ius) This PR was submitted for the 3.x branch but it was squashed and merged into the 2.x branch instead. Discussion ---------- Fixes `CallExpression::reflectCallable()` throwing `TypeError` See twigphp#3708 Commits ------- e333ccc Fixes `CallExpression::reflectCallable()` throwing `TypeError`
* 2.x: Fixes `CallExpression::reflectCallable()` throwing `TypeError`
* 2.x: Removed unneeded ext refs
Bugfix typo in text attribute name see twigphp#3710
This PR was merged into the 2.x branch. Discussion ---------- Bugfix typo in twig/intl-exta Bugfix typo in text attribute name see twigphp#3710 Commits ------- fd2f6d4 Bugfix typo in twig/intl-exta
* 2.x: Bugfix typo in twig/intl-exta
This should help with keeping the GitHub actions updated on new releases. This will also help with keeping it secure. Dependabot helps in keeping the supply chain secure https://docs.github.com/en/code-security/dependabot GitHub actions up to date https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
* pull/3713: chore: Set permissions for GitHub actions
* 2.x: chore: Set permissions for GitHub actions
If a static method cannot be resolved to the calling class, but the calling class has, or inherits, a `__callStatic` handler, this allows the `__callStatic` handler to be used with the calling class, and not the inherited class as would occur with reflection. This allows systems such as Laravel facades to still work. Fixes twigphp#3716
…late outside a configured directory)
…ng class (bennothommo) This PR was merged into the 2.x branch. Discussion ---------- Allow inherited magic method to still run with calling class This is twigphp#3719 ported to 2.x and improved a bit. I also reported php/php-src#8932 because the underlying behavior of PHP is broken to me. If a static method cannot be resolved to the calling class, but the calling class has, or inherits, a `__callStatic` handler, this allows the `__callStatic` handler to be used with the calling class, and not the inherited class as would occur with reflection. This allows systems such as Laravel facades to still work. Fixes twigphp#3716 Commits ------- d1457a4 Allow inherited magic method to still run with calling class
* 2.x: Fix CS Allow inherited magic method to still run with calling class
* 2.x: Bump version Prepare the 2.15.2 release Update CHANGELOG
This PR was merged into the 2.x branch. Discussion ---------- Make doc clearer for the replace filter Closes twigphp#3733 Commits ------- c25a1ef Make doc clearer
* 2.x: Make doc clearer
… and `str_ends_with` (GromNaN) This PR was merged into the 3.x branch. Discussion ---------- Compile `starts/ends with` using `str_starts_with` and `str_ends_with` Since we now require PHP 8.0 polyfill twigphp#3884, we can use `str_starts_with` and `str_ends_with` to compile `starts with` and `ends with` expressions. Example with `bootstrap_4_layout.html.twig` [line 6-7](https://github.com/symfony/symfony/blob/e6d1ed4edb5ae197ec7d25ddaf64cfa456229504/src/Symfony/Bridge/Twig/Resources/views/Form/bootstrap_4_layout.html.twig#L6-L7) (see deep [diff](https://www.diffchecker.com/18CtPeja/)): ```twig {%- set prepend = not (money_pattern starts with '{{') -%} {%- set append = not (money_pattern ends with '}}') -%} ``` Previous compilation: ```php // line 6 $context["prepend"] = !(is_string($__internal_compile_0 = (isset($context["money_pattern"]) || array_key_exists("money_pattern", $context) ? $context["money_pattern"] : (function () { throw new RuntimeError('Variable "money_pattern" does not exist.', 6, $this->source); })())) && is_string($__internal_compile_1 = "{{") && ('' === $__internal_compile_1 || 0 === strpos($__internal_compile_0, $__internal_compile_1))); // line 7 $context["append"] = !(is_string($__internal_compile_2 = (isset($context["money_pattern"]) || array_key_exists("money_pattern", $context) ? $context["money_pattern"] : (function () { throw new RuntimeError('Variable "money_pattern" does not exist.', 7, $this->source); })())) && is_string($__internal_compile_3 = "}}") && ('' === $__internal_compile_3 || $__internal_compile_3 === substr($__internal_compile_2, -strlen($__internal_compile_3)))); ``` With this change: ```php // line 6 $context["prepend"] = !(is_string($__internal_compile_0 = (isset($context["money_pattern"]) || array_key_exists("money_pattern", $context) ? $context["money_pattern"] : (function () { throw new RuntimeError('Variable "money_pattern" does not exist.', 6, $this->source); })())) && is_string($__internal_compile_1 = "{{") && str_starts_with($__internal_compile_0, $__internal_compile_1)); // line 7 $context["append"] = !(is_string($__internal_compile_2 = (isset($context["money_pattern"]) || array_key_exists("money_pattern", $context) ? $context["money_pattern"] : (function () { throw new RuntimeError('Variable "money_pattern" does not exist.', 7, $this->source); })())) && is_string($__internal_compile_3 = "}}") && str_ends_with($__internal_compile_2, $__internal_compile_3)); ``` Commits ------- 30b5a56 Compile starts/ends with using PHP8 functions str_starts/ends_with
…romNaN) This PR was merged into the 3.x branch. Discussion ---------- Compile Elvis operator into Elvis operator `?:` When using ternary operator without "then" part, the "condition" part is evaluated twice, which is inconsistent with how PHP works. The Twig template `A ?: B` is currently compiled as `A ? A : B` in PHP. This PR change it to `A ?: B`. If `A` is a complex expression, it improves performance to only execute the expression once. If `A` is has a side effect (like updating a variable), the expression being executed twice could result in a bug. ([example in PHP](https://3v4l.org/LWZLR)) Example with ``@WebProfiler`/Collector/form.html.twig` [line 9](https://github.com/symfony/symfony/blob/e6d1ed4edb5ae197ec7d25ddaf64cfa456229504/src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/form.html.twig#L9) (see deep [diff](https://www.diffchecker.com/jOm3dE13/)) ```twig {{ collector.data.nb_errors ?: collector.data.forms|length }} ``` Previous compilation: ```php echo twig_escape_filter($this->env, (((isset($context["error_count"]) || array_key_exists("error_count", $context) ? $context["error_count"] : (function () { throw new RuntimeError('Variable "error_count" does not exist.', 9, $this->source); })())) ? ((isset($context["error_count"]) || array_key_exists("error_count", $context) ? $context["error_count"] : (function () { throw new RuntimeError('Variable "error_count" does not exist.', 9, $this->source); })())) : (twig_get_attribute($this->env, $this->source, (isset($context["collector"]) || array_key_exists("collector", $context) ? $context["collector"] : (function () { throw new RuntimeError('Variable "collector" does not exist.', 9, $this->source); })()), "countDefines", [], "any", false, false, false, 9))), "html", null, true); ``` After this change: ```php echo twig_escape_filter($this->env, ((isset($context["error_count"]) || array_key_exists("error_count", $context) ? $context["error_count"] : (function () { throw new RuntimeError('Variable "error_count" does not exist.', 9, $this->source); })()) ?: twig_get_attribute($this->env, $this->source, (isset($context["collector"]) || array_key_exists("collector", $context) ? $context["collector"] : (function () { throw new RuntimeError('Variable "collector" does not exist.', 9, $this->source); })()), "countDefines", [], "any", false, false, false, 9)), "html", null, true); ``` Commits ------- fb0d749 Compile Elvis operator with Elvis operator
… allowed methods/properties (YSaxon)
This PR was squashed before being merged into the 2.x branch.
Discussion
----------
Fix premature loop exit in Security Policy lookup of allowed methods/properties
The current security policy logic exits too soon when checking permissions for allowed classes and their methods/properties, causing false negatives in situations involving classes related by inheritance.
Consider the following configuration:
```
'methods' => [
'App\BasicCollection' => ['sortAlphabetically'],
'App\AdvancedCollection'=> ['sortByTimestamp'],
],
```
where `AdvancedCollection` is a subclass of `BasicCollection`, and `mylist` is an instance of `AdvancedCollection`
If you try to call `{{ mylist.sortByTimestamp() }}`, the current code will first match `mylist` against `App\BasicCollection`. Since `sortByTimestamp` is not an allowed method for `App\BasicCollection`, the code will exit the loop and incorrectly deny access. It will never get to checking `App\AdvancedCollection`.
Note that reordering classes in the config can't solve this issue. If you flipped the order, then it would fail for `{{ mylist.sortAlphabetically() }}` instead.
This pull request fixes the issue by only exiting the loop early when both the class and method/property match.
Commits
-------
5e1838d Fix premature loop exit in Security Policy lookup of allowed methods/properties
* 2.x: Fix premature loop exit in Security Policy lookup of allowed methods/properties
…ter prototype (drjayvee) This PR was squashed before being merged into the 3.x branch. Discussion ---------- Fix IntlExtension::formatDateTime use of date formatter prototype See twigphp/intl-extra#6 for more details Commits ------- c75762c Fix IntlExtension::formatDateTime use of date formatter prototype
… methods (markhuot) This PR was merged into the 3.x branch. Discussion ---------- Add `@codeCoverageIgnore` to untestable compiled methods I've been experimenting with adding my compiled templates to my code coverage reports and it works largely as expected. Templates that get executed return percentages accurate to the number of lines the tests actually cover. The only exception are the "meta" methods on the compiled template that aren't necessarily called by the tests. This PR adds ``@codeCoverageIgnore`` comments to the compiled template for all non-display methods so the coverage report only lists lines from `doDisplay`. I'm assuming that I will need to update some of the Twig tests to account for these new comments, but am curious if you'd be open to this change. An example screenshot below. The last line shows line 46 out of the compiled template is never executed. The compiled template's `getDebugInfo` even correctly informs me that line 46 maps to line 4 in my `.twig` so I'll work on updating the line numbering next.  Commits ------- 1cf610b Add `@codeCoverageIgnore` to untestable compiled methods
…rds-square) This PR was squashed before being merged into the 3.x branch. Discussion ---------- Catch errors thrown during template rendering Some errors, like not providing a function the proper number of arguments or division by zero, extend from `\Error` rather than `\Exception`. This PR catches these types of errors during template rendering and throws a `RuntimeError` in order to provide better debugging information. Commits ------- 85bf01b Catch errors thrown during template rendering
…alize) This PR was merged into the 3.x branch. Discussion ---------- Removed duplicate sentence in macro scoping Commits ------- 73f5cad Remove duplicate sentence in macro scoping
This is probably a regression from twigphp#3844
This PR was merged into the 3.x branch. Discussion ---------- Fix tests and CS Commits ------- 4be326a Fix tests and CS
This PR was merged into the 3.x branch. Discussion ---------- Bump dependencies Commits ------- fdb9d9e Bump dependencies
This PR was merged into the 3.x branch. Discussion ---------- Add PHP 8.3 to the CI Commits ------- a04cc88 Add PHP 8.3 to the CI
…YSaxon) This PR was merged into the 3.x branch. Discussion ---------- Minor rename of Sandbox test: functions->methods Commits ------- 6273264 Minor rename of SandboxTest functions->methods
…ion (keulinho) This PR was merged into the 3.x branch. Discussion ---------- Fix timezone fallback to CoreExtension in IntlExtension This is probably a regression from twigphp#3844 Refer to my comment on the original MR: twigphp#3844 (comment) Commits ------- 144c4da Fix timezone fallback to CoreExtension in IntlExtension
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Stringloader in docsadvanced.rstfile@final-related deprecationscolumnfilterfilterwithoutforusefilterfilter was added in 2.x branchcss_classfunctionapplytag, as thefiltertag is now deprecated toooddnot working for negative numbersgetExtensionandgetRuntime@returntype next to#[ReturnTypeWillChange]sortfilter when the sanbox mode is enabledtimezoneCallExpression::reflectCallable()throwingTypeErrorcalendaroptionmatchestwig comparison, allowing null subject to result in a non-match.Twig Language ServerandModern Twigextension to docsTwiggyextension for VS Code to docs.NumberFormatter::TYPE_CURRENCYbeing deprecated in PHP 8.3attrfunction to make outputting HTML attributes easier