Skip to content

Commit f44ddd1

Browse files
jasonvargajasonvarga
committed
Merge branch '5.x' into 6.x
# Conflicts: # src/Modifiers/CoreModifiers.php # tests/Fieldtypes/IconTest.php # tests/Tags/CookieTagTest.php # tests/Tags/Form/FormTestCase.php # tests/Tags/SessionTagTest.php # tests/Tags/StructureTagTest.php
2 parents b9cc548 + 64d0893 commit f44ddd1

72 files changed

Lines changed: 818 additions & 278 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

src/Addons/Settings.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,6 @@ protected function resolveAntlersValue($value)
9797
->all();
9898
}
9999

100-
return (string) Antlers::parseUserContent($value, ['config' => Cascade::config()]);
100+
return (string) Antlers::parse($value, ['config' => Cascade::config()]);
101101
}
102102
}

src/Entries/Entry.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1082,7 +1082,7 @@ public function autoGeneratedTitle()
10821082

10831083
// Since the slug is generated from the title, we'll avoid augmenting
10841084
// the slug which could result in an infinite loop in some cases.
1085-
$title = $this->withLocale($this->site()->lang(), fn () => (string) Antlers::parseUserContent($format, $this->augmented()->except('slug')->all()));
1085+
$title = $this->withLocale($this->site()->lang(), fn () => (string) Antlers::parse($format, $this->augmented()->except('slug')->all()));
10861086

10871087
return trim($title);
10881088
}
@@ -1106,7 +1106,7 @@ private function resolvePreviewTargetUrl($format)
11061106
}, $format);
11071107
}
11081108

1109-
return (string) Antlers::parseUserContent($format, array_merge($this->routeData(), [
1109+
return (string) Antlers::parse($format, array_merge($this->routeData(), [
11101110
'config' => Cascade::config(),
11111111
'site' => $this->site(),
11121112
'uri' => $this->uri(),

src/Facades/Antlers.php

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,8 @@
99
/**
1010
* @method static Parser parser()
1111
* @method static mixed usingParser(Parser $parser, \Closure $callback)
12-
* @method static AntlersString parse(string $str, array $variables = [])
13-
* @method static AntlersString parseUserContent(string $str, array $variables = [])
14-
* @method static string parseLoop(string $content, array $data, bool $supplement = true, array $context = [])
12+
* @method static AntlersString parse(string $str, array $variables = [], bool $trusted = false)
13+
* @method static string parseLoop(string $content, array $data, bool $supplement = true, array $context = [], bool $trusted = false)
1514
* @method static array identifiers(string $content)
1615
*
1716
* @see \Statamic\View\Antlers\Antlers

src/Facades/Endpoint/Parse.php

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -17,12 +17,12 @@ class Parse
1717
* @param string $str String to parse
1818
* @param array $variables Variables to use
1919
* @param array $context Contextual variables to also use
20-
* @param bool $php Whether PHP should be allowed
20+
* @param bool $trusted Whether the template should be treated as trusted
2121
* @return string
2222
*/
23-
public function template($str, $variables = [], $context = [], $php = false)
23+
public function template($str, $variables = [], $context = [], $trusted = false)
2424
{
25-
return Antlers::parse($str, $variables, $context, $php);
25+
return Antlers::parse($str, array_merge($variables, $context), $trusted);
2626
}
2727

2828
/**
@@ -32,12 +32,12 @@ public function template($str, $variables = [], $context = [], $php = false)
3232
* @param array $data Variables to use, in a multidimensional array
3333
* @param bool $supplement Whether to supplement with contextual values
3434
* @param array $context Contextual variables to also use
35-
* @param bool $php Whether PHP should be allowed
35+
* @param bool $trusted Whether the template should be treated as trusted
3636
* @return string
3737
*/
38-
public function templateLoop($content, $data, $supplement = true, $context = [], $php = false)
38+
public function templateLoop($content, $data, $supplement = true, $context = [], $trusted = false)
3939
{
40-
return Antlers::parseLoop($content, $data, $supplement, $context, $php);
40+
return Antlers::parseLoop($content, $data, $supplement, $context, $trusted);
4141
}
4242

4343
/**

src/Facades/Parse.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,8 @@
66
use Statamic\View\Antlers\AntlersString;
77

88
/**
9-
* @method static AntlersString template($str, $variables = [], $context = [], $php = false)
10-
* @method static string templateLoop($content, $data, $supplement = true, $context = [], $php = false)
9+
* @method static AntlersString template($str, $variables = [], $context = [], $trusted = false)
10+
* @method static string templateLoop($content, $data, $supplement = true, $context = [], $trusted = false)
1111
* @method static array YAML($str)
1212
* @method static array frontMatter($string)
1313
* @method static mixed env($val)

src/Forms/Email.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -245,7 +245,7 @@ protected function parseConfig(array $config)
245245
return collect($config)->map(function ($value) {
246246
$value = Parse::env($value); // deprecated
247247

248-
return (string) Antlers::parseUserContent($value, array_merge(
248+
return (string) Antlers::parse($value, array_merge(
249249
['config' => Cascade::config()],
250250
$this->getGlobalsData(),
251251
$this->submissionData,

src/Forms/Tags.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717
use Statamic\Support\Str;
1818
use Statamic\Tags\Concerns;
1919
use Statamic\Tags\Tags as BaseTags;
20+
use Statamic\View\Antlers\Language\Runtime\GlobalRuntimeState;
2021

2122
class Tags extends BaseTags
2223
{
@@ -184,7 +185,7 @@ public function fields()
184185
$params = Html::attributes(['scope' => $scope]);
185186
}
186187

187-
return Antlers::parse('{{ fields '.$params.' }}'.$this->content.'{{ /fields }}', $context);
188+
return Antlers::parse('{{ fields '.$params.' }}'.$this->content.'{{ /fields }}', $context, ! GlobalRuntimeState::$isEvaluatingUserData);
188189
}
189190

190191
/**

src/Modifiers/CoreModifiers.php

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@
3434
use Statamic\Support\Html;
3535
use Statamic\Support\Str;
3636
use Statamic\Support\Traits\ChecksDumpability;
37+
use Statamic\View\Antlers\Language\Runtime\GlobalRuntimeState;
3738
use Stringy\StaticStringy as Stringy;
3839

3940
class CoreModifiers extends Modifier
@@ -126,7 +127,9 @@ public function ampersandList($value, $params)
126127
*/
127128
public function antlers($value, $params, $context)
128129
{
129-
return (string) Antlers::parse($value, $context);
130+
$trusted = Arr::get($params, 0) === 'trusted' && ! GlobalRuntimeState::$isEvaluatingUserData;
131+
132+
return (string) Antlers::parse($value, $context, $trusted);
130133
}
131134

132135
/**
@@ -1915,7 +1918,7 @@ public function partial($value, $params, $context)
19151918

19161919
$partial = 'partials/'.$name.'.html';
19171920

1918-
return Parse::template(File::disk('resources')->get($partial), $value);
1921+
return Parse::template(File::disk('resources')->get($partial), $value, trusted: true);
19191922
}
19201923

19211924
/**

src/Providers/ViewServiceProvider.php

Lines changed: 93 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -102,6 +102,99 @@ private function registerAntlers()
102102
$runtimeConfig->guardedContentVariablePatterns = config('statamic.antlers.guardedContentVariables', []);
103103
$runtimeConfig->guardedContentTagPatterns = config('statamic.antlers.guardedContentTags', []);
104104
$runtimeConfig->guardedContentModifiers = config('statamic.antlers.guardedContentModifiers', []);
105+
$runtimeConfig->allowedContentTagPatterns = config('statamic.antlers.allowedContentTags', [
106+
'obfuscate:*',
107+
'trans:*',
108+
'trans_choice:*',
109+
'widont:*',
110+
]);
111+
$runtimeConfig->allowedContentModifiers = config('statamic.antlers.allowedContentModifiers', [
112+
'add_query_param',
113+
'add_slashes',
114+
'ascii',
115+
'at',
116+
'background_position',
117+
'bool_string',
118+
'camelize',
119+
'cdata',
120+
'ceil',
121+
'collapse_whitespace',
122+
'count_substring',
123+
'dashify',
124+
'decode',
125+
'deslugify',
126+
'divide',
127+
'ends_with',
128+
'ensure_left',
129+
'ensure_right',
130+
'entities',
131+
'explode',
132+
'extension',
133+
'floor',
134+
'format',
135+
'format_number',
136+
'format_translated',
137+
'has_lower_case',
138+
'has_upper_case',
139+
'headline',
140+
'hex_to_rgb',
141+
'insert',
142+
'is_alpha',
143+
'is_alphanumeric',
144+
'is_blank',
145+
'is_email',
146+
'is_external_url',
147+
'is_json',
148+
'is_lowercase',
149+
'is_numeric',
150+
'is_uppercase',
151+
'is_url',
152+
'join',
153+
'kebab',
154+
'lcfirst',
155+
'localize',
156+
'upper',
157+
'lower',
158+
'md5',
159+
'mod',
160+
'multiply',
161+
'obfuscate',
162+
'obfuscate_email',
163+
'parse_url',
164+
'pathinfo',
165+
'rawurlencode',
166+
'remove_left',
167+
'remove_query_param',
168+
'remove_right',
169+
'replace',
170+
'round',
171+
'safe_truncate',
172+
'sanitize',
173+
'slugify',
174+
'snake',
175+
'starts_with',
176+
'str_pad',
177+
'str_pad_both',
178+
'str_pad_left',
179+
'str_pad_right',
180+
'strip_tags',
181+
'studly',
182+
'subtract',
183+
'substr',
184+
'sum',
185+
'swap_case',
186+
'title',
187+
'to_bool',
188+
'to_string',
189+
'trans',
190+
'trans_choice',
191+
'trim',
192+
'truncate',
193+
'ucfirst',
194+
'urldecode',
195+
'urlencode',
196+
'widont',
197+
]);
105198
$runtimeConfig->allowPhpInUserContent = config('statamic.antlers.allowPhpInContent', false);
106199
$runtimeConfig->allowMethodsInUserContent = config('statamic.antlers.allowMethodsInContent', false);
107200

src/Tags/Tags.php

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
use Statamic\Facades\Antlers;
1111
use Statamic\Support\Arr;
1212
use Statamic\Support\Traits\Hookable;
13+
use Statamic\View\Antlers\Language\Runtime\GlobalRuntimeState;
1314

1415
abstract class Tags
1516
{
@@ -219,8 +220,10 @@ public function parse($data = [])
219220
}
220221

221222
return Antlers::usingParser($this->parser, function ($antlers) use ($data) {
223+
$trusted = ! GlobalRuntimeState::$isEvaluatingUserData;
224+
222225
return $antlers
223-
->parse($this->content, array_merge($this->context->all(), $data))
226+
->parse($this->content, array_merge($this->context->all(), $data), $trusted)
224227
->withoutExtractions();
225228
});
226229
}
@@ -256,8 +259,10 @@ public function parseLoop($data, $supplement = true)
256259
}
257260

258261
return Antlers::usingParser($this->parser, function ($antlers) use ($data, $supplement) {
262+
$trusted = ! GlobalRuntimeState::$isEvaluatingUserData;
263+
259264
return $antlers
260-
->parseLoop($this->content, $data, $supplement, $this->context->all())
265+
->parseLoop($this->content, $data, $supplement, $this->context->all(), $trusted)
261266
->withoutExtractions();
262267
});
263268
}

0 commit comments

Comments
 (0)