Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 4.0.x will end 8 May 2023 (12 months).
- Bug fixes for security issues in 4.0.x will end 13 November 2023 (18 months).
- PHP version: minimum PHP 7.3.0 Note: the minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is also supported.
/lib/classes/output/ -> mustache_helper_collection.php (source)
Differences Between: [Versions 39 and 400] [Versions 400 and 402] [Versions 400 and 403]
Custom Moodle helper collection for mustache.
| Copyright: | 2019 Ryan Wyllie <ryan@moodle.com> |
| License: | http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later |
| File Size: | 192 lines (8 kb) |
| Included or required: | 0 times |
| Referenced: | 0 times |
| Includes or requires: | 0 files |
Defines 1 class
mustache_helper_collection:: (6 methods):
__construct()
add()
disable_helpers()
restore_helpers()
strip_disallowed_helpers()
strip_blacklisted_helpers()
Class: mustache_helper_collection - X-Ref
Custom Moodle helper collection for mustache.| __construct($helpers = null, array $disallowednestedhelpers = []) X-Ref |
| Helper Collection constructor. Optionally accepts an array (or Traversable) of `$name => $helper` pairs. param: array|\Traversable $helpers (default: null) param: string[] $disallowednestedhelpers Names of helpers that aren't allowed to be called within other helpers. |
| add($name, $helper) X-Ref |
| Add a helper to this collection. This function has overridden the parent implementation to provide disallowing functionality for certain helpers to prevent them being called from within other helpers. This is because the JavaScript helper can be used in a security exploit if it can be nested. The function will wrap callable helpers in an anonymous function that strips out the disallowed helpers from the source string before giving it to the helper function. This prevents the disallowed helper functions from being called by nested render functions from within other helpers. param: string $name param: mixed $helper |
| disable_helpers($names) X-Ref |
| Disable a list of helpers (by name) by changing their implementation to simply return an empty string. return: \Closure[] The original helper functions indexed by name param: string[] $names List of helper names to disable |
| restore_helpers($helpers) X-Ref |
| Restore the original helper implementations. Typically used after disabling a helper. param: \Closure[] $helpers The helper functions indexed by name |
| strip_disallowed_helpers($disallowedlist, $string) X-Ref |
| Parse the given string and remove any reference to disallowed helpers. E.g. $disallowedlist = ['js']; $string = "core, move, {{#js}} some nasty JS hack {{/js}}" result: "core, move, {{}}" return: string Parsed string param: string[] $disallowedlist List of helper names to strip param: string $string String to parse |
| strip_blacklisted_helpers($disallowedlist, $string) X-Ref |
| Parse the given string and remove any reference to disallowed helpers. return: string Parsed string param: string[] $disallowedlist List of helper names to strip param: string $string String to parse |
