Replace strtolower() with strtr() when dealing with method names

twigphp · Jan 8, 2020 · 30fedde · 30fedde
1 parent 3853841
commit 30fedde
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 8 deletions.
diff --git a/src/ExpressionParser.php b/src/ExpressionParser.php
@@ -657,7 +657,7 @@ public function parseAssignmentExpression()
                 $stream->expect(Token::NAME_TYPE, null, 'Only variables can be assigned to');
             }
             $value = $token->getValue();
-            if (\in_array(strtolower($value), ['true', 'false', 'none', 'null'])) {
+            if (\in_array(strtr($value, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), ['true', 'false', 'none', 'null'])) {
                 throw new SyntaxError(sprintf('You cannot assign a value to "%s".', $value), $token->getLine(), $stream->getSourceContext());
             }
             $targets[] = new AssignNameExpression($value, $token->getLine());

diff --git a/src/Parser.php b/src/Parser.php
@@ -299,15 +299,15 @@ public function isReservedMacroName($name)
             $this->reservedMacroNames = [];
             $r = new \ReflectionClass($this->env->getBaseTemplateClass());
             foreach ($r->getMethods() as $method) {
-                $methodName = strtolower($method->getName());
+                $methodName = strtr($method->getName(), 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz');
 
                 if ('get' === substr($methodName, 0, 3) && isset($methodName[3])) {
                     $this->reservedMacroNames[] = substr($methodName, 3);
                 }
             }
         }
 
-        return \in_array(strtolower($name), $this->reservedMacroNames);
+        return \in_array(strtr($name, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), $this->reservedMacroNames);
     }
 
     public function addTrait($trait)

diff --git a/src/Sandbox/SecurityPolicy.php b/src/Sandbox/SecurityPolicy.php
@@ -51,7 +51,7 @@ public function setAllowedMethods(array $methods)
     {
         $this->allowedMethods = [];
         foreach ($methods as $class => $m) {
-            $this->allowedMethods[$class] = array_map('strtolower', \is_array($m) ? $m : [$m]);
+            $this->allowedMethods[$class] = array_map(function ($value) { return strtr($value, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'); }, \is_array($m) ? $m : [$m]);
         }
     }
 
@@ -93,7 +93,7 @@ public function checkMethodAllowed($obj, $method)
         }
 
         $allowed = false;
-        $method = strtolower($method);
+        $method = strtr($method, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz');
         foreach ($this->allowedMethods as $class => $methods) {
             if ($obj instanceof $class) {
                 $allowed = \in_array($method, $methods);

diff --git a/src/Template.php b/src/Template.php
@@ -628,7 +628,7 @@ protected function getAttribute($object, $item, array $arguments = [], $type = s
 
                 foreach ($ref->getMethods(\ReflectionMethod::IS_PUBLIC) as $refMethod) {
                     // Accessing the environment from templates is forbidden to prevent untrusted changes to the environment
-                    if ('getenvironment' !== strtolower($refMethod->name)) {
+                    if ('getenvironment' !== strtr($refMethod->name, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz')) {
                         $methods[] = $refMethod->name;
                     }
                 }
@@ -642,7 +642,7 @@ protected function getAttribute($object, $item, array $arguments = [], $type = s
 
             foreach ($methods as $method) {
                 $cache[$method] = $method;
-                $cache[$lcName = strtolower($method)] = $method;
+                $cache[$lcName = strtr($method, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz')] = $method;
 
                 if ('g' === $lcName[0] && 0 === strpos($lcName, 'get')) {
                     $name = substr($method, 3);
@@ -670,7 +670,7 @@ protected function getAttribute($object, $item, array $arguments = [], $type = s
         $call = false;
         if (isset(self::$cache[$class][$item])) {
             $method = self::$cache[$class][$item];
-        } elseif (isset(self::$cache[$class][$lcItem = strtolower($item)])) {
+        } elseif (isset(self::$cache[$class][$lcItem = strtr($item, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz')])) {
             $method = self::$cache[$class][$lcItem];
         } elseif (isset(self::$cache[$class]['__call'])) {
             $method = $item;