Home Explore Help
Sign In
dima
/
balticrest
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
balticrest
/
vendor
/
symfony
/
twig-bridge
/
Extension
/
RoutingExtension.php

RoutingExtension.php 3.4 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  * This file is part of the Symfony package.
    5. 

  5.  *
    6. 

  6.  * (c) Fabien Potencier <fabien@symfony.com>
    7. 

  7.  *
    8. 

  8.  * For the full copyright and license information, please view the LICENSE
    9. 

  9.  * file that was distributed with this source code.
    10. 

  10.  */
    11. 

  11. 

  12. namespace Symfony\Bridge\Twig\Extension;
    13. 

  13. 

  14. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
    15. 

  15. use Twig\Extension\AbstractExtension;
    16. 

  16. use Twig\Node\Expression\ArrayExpression;
    17. 

  17. use Twig\Node\Expression\ConstantExpression;
    18. 

  18. use Twig\Node\Node;
    19. 

  19. use Twig\TwigFunction;
    20. 

  20. 

  21. /**
    22. 

  22.  * Provides integration of the Routing component with Twig.
    23. 

  23.  *
    24. 

  24.  * @author Fabien Potencier <fabien@symfony.com>
    25. 

  25.  */
    26. 

  26. final class RoutingExtension extends AbstractExtension
    27. 

  27. {
    28. 

  28.     private $generator;
    29. 

  29. 

  30.     public function __construct(UrlGeneratorInterface $generator)
    31. 

  31.     {
    32. 

  32.         $this->generator = $generator;
    33. 

  33.     }
    34. 

  34. 

  35.     /**
    36. 

  36.      * {@inheritdoc}
    37. 

  37.      */
    38. 

  38.     public function getFunctions(): array
    39. 

  39.     {
    40. 

  40.         return [
    41. 

  41.             new TwigFunction('url', [$this, 'getUrl'], ['is_safe_callback' => [$this, 'isUrlGenerationSafe']]),
    42. 

  42.             new TwigFunction('path', [$this, 'getPath'], ['is_safe_callback' => [$this, 'isUrlGenerationSafe']]),
    43. 

  43.         ];
    44. 

  44.     }
    45. 

  45. 

  46.     public function getPath(string $name, array $parameters = [], bool $relative = false): string
    47. 

  47.     {
    48. 

  48.         return $this->generator->generate($name, $parameters, $relative ? UrlGeneratorInterface::RELATIVE_PATH : UrlGeneratorInterface::ABSOLUTE_PATH);
    49. 

  49.     }
    50. 

  50. 

  51.     public function getUrl(string $name, array $parameters = [], bool $schemeRelative = false): string
    52. 

  52.     {
    53. 

  53.         return $this->generator->generate($name, $parameters, $schemeRelative ? UrlGeneratorInterface::NETWORK_PATH : UrlGeneratorInterface::ABSOLUTE_URL);
    54. 

  54.     }
    55. 

  55. 

  56.     /**
    57. 

  57.      * Determines at compile time whether the generated URL will be safe and thus
    58. 

  58.      * saving the unneeded automatic escaping for performance reasons.
    59. 

  59.      *
    60. 

  60.      * The URL generation process percent encodes non-alphanumeric characters. So there is no risk
    61. 

  61.      * that malicious/invalid characters are part of the URL. The only character within an URL that
    62. 

  62.      * must be escaped in html is the ampersand ("&") which separates query params. So we cannot mark
    63. 

  63.      * the URL generation as always safe, but only when we are sure there won't be multiple query
    64. 

  64.      * params. This is the case when there are none or only one constant parameter given.
    65. 

  65.      * E.g. we know beforehand this will be safe:
    66. 

  66.      * - path('route')
    67. 

  67.      * - path('route', {'param': 'value'})
    68. 

  68.      * But the following may not:
    69. 

  69.      * - path('route', var)
    70. 

  70.      * - path('route', {'param': ['val1', 'val2'] }) // a sub-array
    71. 

  71.      * - path('route', {'param1': 'value1', 'param2': 'value2'})
    72. 

  72.      * If param1 and param2 reference placeholder in the route, it would still be safe. But we don't know.
    73. 

  73.      *
    74. 

  74.      * @param Node $argsNode The arguments of the path/url function
    75. 

  75.      *
    76. 

  76.      * @return array An array with the contexts the URL is safe
    77. 

  77.      */
    78. 

  78.     public function isUrlGenerationSafe(Node $argsNode): array
    79. 

  79.     {
    80. 

  80.         // support named arguments
    81. 

  81.         $paramsNode = $argsNode->hasNode('parameters') ? $argsNode->getNode('parameters') : (
    82. 

  82.             $argsNode->hasNode(1) ? $argsNode->getNode(1) : null
    83. 

  83.         );
    84. 

  84. 

  85.         if (null === $paramsNode || $paramsNode instanceof ArrayExpression && \count($paramsNode) <= 2 &&
    86. 

  86.             (!$paramsNode->hasNode(1) || $paramsNode->getNode(1) instanceof ConstantExpression)
    87. 

  87.         ) {
    88. 

  88.             return ['html'];
    89. 

  89.         }
    90. 

  90. 

  91.         return [];
    92. 

  92.     }
    93. 

  93. }
    94.