Add SourcePolicyInterface to selectively enable the Sandbox based on a template's Source #3893
Conversation
YSaxon
changed the title
| */ | ||
| interface SourcePolicyInterface | ||
| { | ||
| public function enableSandbox(?Source $source): bool; |
There was a problem hiding this comment.
should we even support null in this interface ? I don't know how an implementation would take a decision in this case. We should rather handle that case in the SandboxExtension, calling the source policy only when we have a source (which should always be the case in calls done in compiled templates rather than custom callers anyway)
There was a problem hiding this comment.
I wasn't entirely sure under what circumstances Source could actually be null, but my thought was to allow the implementer to decide how to handle the null cases - essentially a question of whether to whitelist acceptable Sources (and block nulls) or blacklist unacceptable ones (and accept nulls)
There was a problem hiding this comment.
But in any case I just added commit da79bdc as an implementation of what you said
There was a problem hiding this comment.
(Post rebase, that's now commit cbbf38b)
|
I did a rebase onto the squash commit from my other pull request to solve a merge conflict. |
|
@stof, I believe this is ready for review, having addressed the points you raised |
|
@fabpot just a friendly reminder that I'm still waiting for a merge here so I can fix the downstream vulns. I believe the only "X" is a mistaken fabbot.io request to change things in existing code. |
…a template's Source
|
Thank you @YSaxon. |
|
Thanks @fabpot Could we get a minor version release for this on 2.x? |
|
@YSaxon Done now |
This is needed to patch some downstream vulnerabilities which I won't describe here.
I wrote @fabpot an email about this with more details a few weeks ago.
Generally the Sandbox can be enabled for a given template in either of two ways:
This pull request adds a third way