[6.x] Allow PHP Tags in Antlers to Override any Variable (#11802)

Author: JohnathonKoster

src/View/Antlers/Language/Runtime/NodeProcessor.php

@@ -2454,51 +2454,53 @@ protected function evaluatePhp($buffer)
         return ob_get_clean();
     }
 
-    protected function evaluateAntlersPhpNode(PhpExecutionNode $node)
+    protected function evaluateAntlersPhpNode(PhpExecutionNode $___node)
     {
         if (! GlobalRuntimeState::$allowPhpInContent == false && GlobalRuntimeState::$isEvaluatingUserData) {
-            return StringUtilities::sanitizePhp($node->content);
+            return StringUtilities::sanitizePhp($___node->content);
         }
 
-        $phpBuffer = '';
+        $___phpBuffer = '';
 
-        if ($node->isEchoNode == false) {
-            $phpBuffer = $node->content;
+        if ($___node->isEchoNode == false) {
+            $___phpBuffer = $___node->content;
 
-            if (! Str::contains($node->content, $this->validPhpOpenTags)) {
-                $phpBuffer = '<?php '.$node->content.' ?>';
+            if (! Str::contains($___node->content, $this->validPhpOpenTags)) {
+                $___phpBuffer = '<?php '.$___node->content.' ?>';
             }
         } else {
-            $phpBuffer = '<?php echo '.$node->content.'; ?>';
+            $___phpBuffer = '<?php echo '.$___node->content.'; ?>';
         }
 
-        $phpRuntimeAssignments = [];
+        $___phpRuntimeAssignments = [];
         ob_start();
 
         try {
             extract($this->getActiveData());
             $___antlersVarBefore = get_defined_vars();
-            eval('?>'.$phpBuffer.'<?php ');
+            eval('?>'.$___phpBuffer.'<?php ');
             $___antlersPhpExecutionResult = ob_get_clean();
 
-            if (! $node->isEchoNode) {
+            if (! $___node->isEchoNode) {
                 $___antlersVarAfter = get_defined_vars();
 
-                foreach ($___antlersVarAfter as $varKey => $varValue) {
-                    if (! array_key_exists($varKey, $___antlersVarBefore) || array_key_exists($varKey, $this->previousAssignments) || array_key_exists($varKey, $this->runtimeAssignments)) {
-                        $phpRuntimeAssignments[$varKey] = $varValue;
+                foreach ($___antlersVarAfter as $___varKey => $___varValue) {
+                    if (str_starts_with($___varKey, '___')) {
+                        continue;
                     }
+
+                    $___phpRuntimeAssignments[$___varKey] = $___varValue;
                 }
             }
         } catch (ParseError $e) {
-            throw new SyntaxError("{$e->getMessage()} on line {$e->getLine()} of:\n\n{$phpBuffer}");
+            throw new SyntaxError("{$e->getMessage()} on line {$e->getLine()} of:\n\n{$___phpBuffer}");
         }
 
-        if (! $node->isEchoNode && ! empty($phpRuntimeAssignments)) {
-            unset($phpRuntimeAssignments['___antlersVarBefore']);
-            unset($phpRuntimeAssignments['___antlersPhpExecutionResult']);
+        if (! $___node->isEchoNode && ! empty($___phpRuntimeAssignments)) {
+            unset($___phpRuntimeAssignments['___antlersVarBefore']);
+            unset($___phpRuntimeAssignments['___antlersPhpExecutionResult']);
 
-            $this->processAssignments($phpRuntimeAssignments);
+            $this->processAssignments($___phpRuntimeAssignments);
         }
 
         return $___antlersPhpExecutionResult;

tests/Antlers/Runtime/PhpEnabledTest.php

@@ -9,11 +9,13 @@
 use Statamic\View\Antlers\Language\Utilities\StringUtilities;
 use Tests\Antlers\ParserTestCase;
 use Tests\Factories\EntryFactory;
+use Tests\FakesViews;
 use Tests\PreventSavingStacheItemsToDisk;
 
 class PhpEnabledTest extends ParserTestCase
 {
-    use PreventSavingStacheItemsToDisk;
+    use FakesViews,
+        PreventSavingStacheItemsToDisk;
 
     public function test_php_has_access_to_scope_data()
     {
@@ -513,8 +515,8 @@ public function test_php_node_assignments_within_loops()
     public function test_assignments_from_php_nodes()
     {
         $template = <<<'EOT'
-{{? 
-    $value_one = 100; 
+{{?
+    $value_one = 100;
     $value_two = 0;
 ?}}
 
@@ -533,4 +535,102 @@ public function test_assignments_from_php_nodes()
         $this->assertStringContainsString('<value_one: 1125>', $result);
         $this->assertStringContainsString('<value_two: 1025>', $result);
     }
+
+    public function test_updating_variables_within_scope_using_php()
+    {
+        $data = [
+            'blocks' => [
+                [
+                    'type' => 'the_block',
+                ],
+            ],
+        ];
+
+        $outerPartial = <<<'EOT'
+Outer Partial Before: {{ view.blocks }}{{ type }}{{ /view.blocks }}
+{{ partial:inner_partial :blocks="blocks" /}}
+Outer Partial After: {{ view.blocks }}{{ type }}{{ /view.blocks }}
+EOT;
+
+        $innerPartial = <<<'EOT'
+Inner Partial Before: {{ view.blocks }}{{ type }} {{ /view.blocks }}
+
+{{ if view.blocks.0 && view.blocks.0.type != 'hero_block' }}
+    {{?
+        array_unshift($view['blocks'], [
+            'type' => 'hero_block',
+            'simple_bard_field' => [
+                'type' => 'text',
+                'text' => 'The Text',
+            ],
+        ]);
+    ?}}
+{{ /if }}
+
+Inner Partial After: {{ view.blocks }}{{ type }} {{ /view.blocks }}
+EOT;
+
+        $this->withFakeViews();
+        $this->viewShouldReturnRaw('outer_partial', $outerPartial);
+        $this->viewShouldReturnRaw('inner_partial', $innerPartial);
+
+        $expected = <<<'EXPECTED'
+Outer Partial Before: the_block
+Inner Partial Before: the_block
+
+
+
+
+Inner Partial After: hero_block the_block
+Outer Partial After: the_block
+EXPECTED;
+
+        $this->assertSame(
+            (string) str($expected)->squish(),
+            (string) str($this->renderString('{{ partial:outer_partial :blocks="blocks" /}}', $data))->squish(),
+        );
+    }
+
+    public function test_variables_created_inside_php_do_not_override_injected_values()
+    {
+        $this->withFakeViews();
+
+        $partial = <<<'EOT'
+{{? $title = 'The Title'; ?}}
+
+Partial: {{ title }}
+EOT;
+
+        $this->viewShouldReturnRaw('the_partial', $partial);
+
+        $template = <<<'EOT'
+Before: {{ title }}
+{{ partial:the_partial /}}
+After: {{ title }}
+EOT;
+
+        $expected = <<<'EXPECTED'
+Before: The Original Title
+
+
+Partial: The Title
+After: The Original Title
+EXPECTED;
+
+        $this->assertSame(
+            $expected,
+            $this->renderString($template, ['title' => 'The Original Title']),
+        );
+
+        $template = <<<'EOT'
+Before: {{ title }}
+{{ partial:the_partial :title="title" /}}
+After: {{ title }}
+EOT;
+
+        $this->assertSame(
+            $expected,
+            $this->renderString($template, ['title' => 'The Original Title']),
+        );
+    }
 }