Only allow local files via view engine

The Laravel view engine wants to supply the Twig engine with an absolute path, even though this is outside the inclusion rules. This implements a temporary exception to wave it through. It seems like a suitable alternative instead of implementing a reverse lookup to ensure the path is a valid view file, since we can trust the source engine has passed the value through its resolver already

Fixes previous fix

modules/system/twig/Engine.php

@@ -1,5 +1,6 @@
 <?php namespace System\Twig;
 
+use System\Twig\Loader as TwigLoader;
 use Twig\Environment as TwigEnvironment;
 use Illuminate\Contracts\View\Engine as EngineInterface;
 
@@ -26,7 +27,14 @@ class Engine implements EngineInterface
 
     public function get($path, array $vars = [])
     {
+        $previousAllow = TwigLoader::$allowInclude;
+
+        TwigLoader::$allowInclude = true;
+
         $template = $this->environment->loadTemplate($path);
+
+        TwigLoader::$allowInclude = $previousAllow;
+
         return $template->render($vars);
     }
 }

modules/system/twig/Loader.php

@@ -15,9 +15,9 @@ use Exception;
 class Loader implements TwigLoaderInterface
 {
     /**
-     * @var string Expected file extension
+     * @var bool Allow any local file
      */
-    protected $extension = 'htm';
+    public static $allowInclude = false;
 
     /**
      * @var array Cache
@@ -37,9 +37,8 @@ class Loader implements TwigLoaderInterface
             return $this->cache[$name];
         }
 
-        $view = $name;
-        if (File::extension($view) === $this->extension) {
-            $view = substr($view, 0, -strlen($this->extension));
+        if (static::$allowInclude === true && File::isFile($name)) {
+            return $this->cache[$name] = $name;
         }
 
         $path = $finder->find($name);