Fix sandbox being left enabled if an exception is thrown while rendering #2282
Conversation
| @@ -1402,6 +1402,12 @@ function twig_include(Twig_Environment $env, $context, $template, $variables = a | |||
|
|
|||
| throw $e; | |||
| } | |||
| } catch (\Exception $e) { | |||
There was a problem hiding this comment.
the same should be down when catching Throwable for PHP 7 too
There was a problem hiding this comment.
Does PHP 5 choke on catch (Throwable $e)?
Should that be before or after catching Exception? It probably doesn't matter in this case. I just remember reading somewhere that to make code compatible with PHP 5 Throwable should be caught first...
|
could you write a test covering this ? |
Since this involves the |
|
@CarsonF Yes, |
|
@fabpot I don't think those CS changes should be made in this PR, right? |
|
Indeed, you can ignore them :) |
| @@ -1406,6 +1406,18 @@ function twig_include(Twig_Environment $env, $context, $template, $variables = a | |||
|
|
|||
| throw $e; | |||
| } | |||
| } catch (\Throwable $e) { | |||
There was a problem hiding this comment.
\ should be removed here and below as we are not using namespaces and we are still PHP 5.2 compatible :)
| @@ -34,6 +34,7 @@ protected function setUp() | |||
| '1_basic' => '{% if obj.foo %}{{ obj.foo|upper }}{% endif %}', | |||
| '1_layout' => '{% block content %}{% endblock %}', | |||
| '1_child' => "{% extends \"1_layout\" %}\n{% block content %}\n{{ \"a\"|json_encode }}\n{% endblock %}", | |||
| '1_include' => '{{ include("1_basic1", sandboxed=true) }}', | |||
There was a problem hiding this comment.
Can you change "1_basic1" to "unknown" or something similar?
There was a problem hiding this comment.
Well that would throw Twig_Error_Loader and disabling the sandbox is already checked for that exception.
https://github.com/twigphp/twig/blob/1.x/lib/Twig/Extension/Core.php#L1402-L1405
…ing with include function
|
Thank you @CarsonF. |
…ile rendering (CarsonF) This PR was merged into the 1.x branch. Discussion ---------- Fix sandbox being left enabled if an exception is thrown while rendering What's happening for me: - An exception is thrown while rendering inside the sandbox - Render exception response - WebProfiler toolbar tries to include a file - Sandbox is still enabled, so a SecurityException is thrown (which hides the real error) Commits ------- 171a1d4 Fix sandbox being left enabled if an exception is thrown while rendering with include function
What's happening for me: