Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 3.10.x will end 8 November 2021 (12 months).
- Bug fixes for security issues in 3.10.x will end 9 May 2022 (18 months).
- PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.
/lib/classes/output/ -> mustache_helper_collection.php (source)
Differences Between: [Versions 310 and 402] [Versions 310 and 403] [Versions 39 and 310]
Custom Moodle helper collection for mustache.
| Copyright: | 2019 Ryan Wyllie <ryan@moodle.com> |
| License: | http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later |
| File Size: | 192 lines (8 kb) |
| Included or required: | 0 times |
| Referenced: | 0 times |
| Includes or requires: | 0 files |
Defines 1 class
mustache_helper_collection:: (6 methods):
__construct()
add()
disable_helpers()
restore_helpers()
strip_disallowed_helpers()
strip_blacklisted_helpers()
Class: mustache_helper_collection - X-Ref
Custom Moodle helper collection for mustache.| __construct($helpers = null, array $disallowednestedhelpers = []) X-Ref |
| Helper Collection constructor. Optionally accepts an array (or Traversable) of `$name => $helper` pairs. param: array|\Traversable $helpers (default: null) param: string[] $disallowednestedhelpers Names of helpers that aren't allowed to be called within other helpers. |
| add($name, $helper) X-Ref |
| Add a helper to this collection. This function has overridden the parent implementation to provide disallowing functionality for certain helpers to prevent them being called from within other helpers. This is because the JavaScript helper can be used in a security exploit if it can be nested. The function will wrap callable helpers in an anonymous function that strips out the disallowed helpers from the source string before giving it to the helper function. This prevents the disallowed helper functions from being called by nested render functions from within other helpers. param: string $name param: mixed $helper |
| disable_helpers($names) X-Ref |
| Disable a list of helpers (by name) by changing their implementation to simply return an empty string. param: string[] $names List of helper names to disable return: \Closure[] The original helper functions indexed by name |
| restore_helpers($helpers) X-Ref |
| Restore the original helper implementations. Typically used after disabling a helper. param: \Closure[] $helpers The helper functions indexed by name |
| strip_disallowed_helpers($disallowedlist, $string) X-Ref |
| Parse the given string and remove any reference to disallowed helpers. E.g. $disallowedlist = ['js']; $string = "core, move, {{#js}} some nasty JS hack {{/js}}" result: "core, move, {{}}" param: string[] $disallowedlist List of helper names to strip param: string $string String to parse return: string Parsed string |
| strip_blacklisted_helpers($disallowedlist, $string) X-Ref |
| Parse the given string and remove any reference to disallowed helpers. param: string[] $disallowedlist List of helper names to strip param: string $string String to parse return: string Parsed string |
