minor cleanup and docblocks
This commit is contained in:
Luke Towers
parent
ceb2ff8a6e
commit
7cb148c167
|
|
@ -9,6 +9,7 @@ use Backend;
|
|||
use Request;
|
||||
use BackendMenu;
|
||||
use BackendAuth;
|
||||
use Twig\Extension\SandboxExtension;
|
||||
use Twig\Environment as TwigEnvironment;
|
||||
use System\Classes\MailManager;
|
||||
use System\Classes\ErrorHandler;
|
||||
|
|
@ -28,7 +29,6 @@ use October\Rain\Support\ModuleServiceProvider;
|
|||
use October\Rain\Router\Helper as RouterHelper;
|
||||
use Illuminate\Pagination\Paginator;
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
use Twig\Extension\SandboxExtension;
|
||||
|
||||
class ServiceProvider extends ModuleServiceProvider
|
||||
{
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ use Twig\Sandbox\SecurityNotAllowedPropertyError;
|
|||
* SecurityPolicy globally blocks accessibility of certain methods and properties.
|
||||
*
|
||||
* @package october\system
|
||||
* @author Alexey Bobkov, Samuel Georges
|
||||
* @author Alexey Bobkov, Samuel Georges, Luke Towers
|
||||
*/
|
||||
final class SecurityPolicy implements SecurityPolicyInterface
|
||||
{
|
||||
|
|
@ -19,7 +19,7 @@ final class SecurityPolicy implements SecurityPolicyInterface
|
|||
*/
|
||||
protected $blockedMethods = [
|
||||
'addDynamicMethod',
|
||||
'addDynamicProperty'
|
||||
'addDynamicProperty',
|
||||
];
|
||||
|
||||
/**
|
||||
|
|
@ -33,13 +33,24 @@ final class SecurityPolicy implements SecurityPolicyInterface
|
|||
}
|
||||
|
||||
/**
|
||||
* @throws SecurityError
|
||||
* Check the provided arguments against this security policy
|
||||
*
|
||||
* @param array $tags Array of tags to be checked against the policy ['tag', 'tag2', 'etc']
|
||||
* @param array $filters Array of filters to be checked against the policy ['filter', 'filter2', 'etc']
|
||||
* @param array $functions Array of funtions to be checked against the policy ['function', 'function2', 'etc']
|
||||
* @throws SecurityNotAllowedTagError if a given tag is not allowed
|
||||
* @throws SecurityNotAllowedFilterError if a given filter is not allowed
|
||||
* @throws SecurityNotAllowedFunctionError if a given function is not allowed
|
||||
*/
|
||||
public function checkSecurity($tags, $filters, $functions)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if a given property is permitted to be accessed on a given object
|
||||
*
|
||||
* @param object $obj
|
||||
* @param string $property
|
||||
* @throws SecurityNotAllowedPropertyError
|
||||
*/
|
||||
public function checkPropertyAllowed($obj, $property)
|
||||
|
|
@ -47,10 +58,15 @@ final class SecurityPolicy implements SecurityPolicyInterface
|
|||
}
|
||||
|
||||
/**
|
||||
* Checks if a given method is allowed to be called on a given object
|
||||
*
|
||||
* @param object $obj
|
||||
* @param string $method
|
||||
* @throws SecurityNotAllowedMethodError
|
||||
*/
|
||||
public function checkMethodAllowed($obj, $method)
|
||||
{
|
||||
// No need to check Twig internal objects
|
||||
if ($obj instanceof Template || $obj instanceof Markup) {
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue