From 516f6c79d084d514613cea87be89ee1b1ae03fd4 Mon Sep 17 00:00:00 2001
From: LouisGac <louis.gac@limesurvey.org>
Date: Wed, 14 Dec 2016 18:27:34 +0100
Subject: [PATCH] Add configuration for Twig_Extension_Sandbox

---
 ETwigViewRenderer.php | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/ETwigViewRenderer.php b/ETwigViewRenderer.php
index cf27f72..89f73ac 100644
--- a/ETwigViewRenderer.php
+++ b/ETwigViewRenderer.php
@@ -50,6 +50,10 @@ class ETwigViewRenderer extends CApplicationComponent implements IViewRenderer
      * Example: array('Twig_Extension_Sandbox', 'Twig_Extension_Text')
      */
     public $extensions = array();
+    /**
+     * @var array Twig_Extension_Sandbox configuration
+     */
+     public $sandboxConfig = array();
     /**
      * @var array Twig lexer options
      * @see http://twig.sensiolabs.org/doc/recipes.html#customizing-the-syntax
@@ -140,7 +144,7 @@ public function renderFile($context, $sourceFile, $data, $return)
     {
         // current controller properties will be accessible as {{ this.property }}
         $data['this'] = $context;
-        
+
         $sourceFile = realpath($sourceFile); // to prevent common problems with paths associated with symlinks
 
         foreach($this->_paths as $path) {
@@ -197,7 +201,19 @@ public function addFilters($filters)
     public function addExtensions($extensions)
     {
         foreach ($extensions as $extName) {
-            $this->_twig->addExtension(new $extName());
+            if ($extName=="Twig_Extension_Sandbox"){
+                // Read the sandboxConfig
+                $tags       = isset($this->sandboxConfig['tags'])?$this->sandboxConfig['tags']:array();
+                $filters    = isset($this->sandboxConfig['filters'])?$this->sandboxConfig['filters']:array();
+                $methods    = isset($this->sandboxConfig['methods'])?$this->sandboxConfig['methods']:array();
+                $properties = isset($this->sandboxConfig['properties'])?$this->sandboxConfig['properties']:array();
+                $functions  = isset($this->sandboxConfig['functions'])?$this->sandboxConfig['functions']:array();
+                $policy     = new Twig_Sandbox_SecurityPolicy($tags, $filters, $methods, $properties, $functions);
+                $sandbox    = new Twig_Extension_Sandbox($policy, true);
+                $this->_twig->addExtension($sandbox);
+            }else{
+                $this->_twig->addExtension(new $extName());
+            }
         }
     }