Skip to content

Commit 9ca22ab

Browse files
jasonvargajasonvarga
committed
Merge branch '5.x' into 6.x
# Conflicts: # CHANGELOG.md
2 parents 9128dc7 + 1395a5e commit 9ca22ab

5 files changed

Lines changed: 162 additions & 2 deletions

File tree

composer.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -115,7 +115,8 @@
115115
"autoload-dev": {
116116
"psr-4": {
117117
"Tests\\": "tests",
118-
"Foo\\Bar\\": "tests/Fixtures/Addon"
118+
"Foo\\Bar\\": "tests/Fixtures/Addon",
119+
"App\\": "tests/Fixtures/App/"
119120
}
120121
}
121122
}

src/Providers/ViewServiceProvider.php

Lines changed: 109 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22

33
namespace Statamic\Providers;
44

5+
use Illuminate\Contracts\Foundation\Application;
56
use Illuminate\Support\Facades\Blade;
67
use Illuminate\Support\Facades\View as ViewFactory;
78
use Illuminate\Support\ServiceProvider;
@@ -107,71 +108,135 @@ private function registerAntlers()
107108
'trans:*',
108109
'trans_choice:*',
109110
'widont:*',
111+
...$this->getAppTagPatternsForContentAllowlist($app),
110112
]);
113+
111114
$runtimeConfig->allowedContentModifiers = config('statamic.antlers.allowedContentModifiers', [
112115
'add_query_param',
113116
'add_slashes',
117+
'alias',
118+
'ampersand_list',
114119
'ascii',
115120
'at',
121+
'backspace',
116122
'background_position',
117123
'bool_string',
118124
'camelize',
119125
'cdata',
120126
'ceil',
127+
'chunk',
128+
'classes',
129+
'collapse',
121130
'collapse_whitespace',
131+
'contains_any',
132+
'count',
122133
'count_substring',
123134
'dashify',
135+
'days_ago',
124136
'decode',
125137
'deslugify',
138+
'diff_for_humans',
126139
'divide',
140+
'dl',
141+
'embed_url',
127142
'ends_with',
128143
'ensure_left',
129144
'ensure_right',
130145
'entities',
146+
'excerpt',
131147
'explode',
132148
'extension',
149+
'favicon',
150+
'filter_empty',
151+
'first',
152+
'flatten',
153+
'flip',
133154
'floor',
134155
'format',
135156
'format_number',
136157
'format_translated',
158+
'full_urls',
137159
'has_lower_case',
138160
'has_upper_case',
139161
'headline',
140162
'hex_to_rgb',
163+
'hours_ago',
141164
'insert',
142165
'is_alpha',
143166
'is_alphanumeric',
167+
'is_array',
144168
'is_blank',
145169
'is_email',
170+
'is_embeddable',
171+
'is_empty',
146172
'is_external_url',
173+
'is_future',
174+
'is_iterable',
147175
'is_json',
176+
'is_leap_year',
148177
'is_lowercase',
149178
'is_numeric',
179+
'is_past',
180+
'is_today',
181+
'is_tomorrow',
150182
'is_uppercase',
151183
'is_url',
184+
'is_weekday',
185+
'is_weekend',
186+
'is_yesterday',
187+
'iso_format',
152188
'join',
189+
'key_by',
190+
'keys',
153191
'kebab',
192+
'last',
154193
'lcfirst',
194+
'length',
195+
'limit',
155196
'localize',
156-
'upper',
157197
'lower',
198+
'markdown',
158199
'md5',
200+
'minutes_ago',
159201
'mod',
202+
'modify_date',
203+
'months_ago',
160204
'multiply',
205+
'nl2br',
161206
'obfuscate',
162207
'obfuscate_email',
208+
'offset',
209+
'ol',
210+
'option_list',
163211
'parse_url',
164212
'pathinfo',
213+
'pluck',
214+
'random',
165215
'rawurlencode',
216+
'read_time',
217+
'relative',
166218
'remove_left',
167219
'remove_query_param',
168220
'remove_right',
169221
'replace',
222+
'resolve',
223+
'reverse',
170224
'round',
171225
'safe_truncate',
172226
'sanitize',
227+
'scope',
228+
'seconds_ago',
229+
'select',
230+
'sentence_list',
231+
'set_query_param',
232+
'shuffle',
233+
'singular',
173234
'slugify',
235+
'smartypants',
174236
'snake',
237+
'sort',
238+
'spaceless',
239+
'split',
175240
'starts_with',
176241
'str_pad',
177242
'str_pad_both',
@@ -182,18 +247,38 @@ private function registerAntlers()
182247
'subtract',
183248
'substr',
184249
'sum',
250+
'surround',
185251
'swap_case',
252+
'table',
253+
'tidy',
254+
'timestamp',
255+
'timezone',
186256
'title',
187257
'to_bool',
258+
'to_qs',
259+
'to_spaces',
260+
'to_tabs',
188261
'to_string',
189262
'trans',
190263
'trans_choice',
264+
'trackable_embed_url',
191265
'trim',
192266
'truncate',
267+
'type_of',
193268
'ucfirst',
269+
'underscored',
270+
'unique',
271+
'upper',
194272
'urldecode',
195273
'urlencode',
274+
'values',
275+
'weeks_ago',
276+
'where',
277+
'where_in',
196278
'widont',
279+
'word_count',
280+
'years_ago',
281+
...$this->getAppModifierHandlesForContentAllowlist($app),
197282
]);
198283
$runtimeConfig->allowPhpInUserContent = config('statamic.antlers.allowPhpInContent', false);
199284
$runtimeConfig->allowMethodsInUserContent = config('statamic.antlers.allowMethodsInContent', false);
@@ -250,6 +335,29 @@ private function registerAntlers()
250335
});
251336
}
252337

338+
private function getAppTagPatternsForContentAllowlist(Application $app): array
339+
{
340+
$namespace = $app->getNamespace().'Tags\\';
341+
342+
return collect($app->make('statamic.tags'))
343+
->filter(fn ($binding) => is_string($binding) && str_starts_with($binding, $namespace))
344+
->keys()
345+
->flatMap(fn ($handle) => [$handle, $handle.':*'])
346+
->values()
347+
->all();
348+
}
349+
350+
private function getAppModifierHandlesForContentAllowlist(Application $app): array
351+
{
352+
$namespace = $app->getNamespace().'Modifiers\\';
353+
354+
return collect($app->make('statamic.modifiers'))
355+
->filter(fn ($binding) => is_string($binding) && str_starts_with($binding, $namespace))
356+
->keys()
357+
->values()
358+
->all();
359+
}
360+
253361
public function registerBladeDirectives()
254362
{
255363
Blade::directive('tags', function ($expression) {

tests/Antlers/Runtime/ContentAllowListTest.php

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
namespace Tests\Antlers\Runtime;
44

55
use PHPUnit\Framework\Attributes\Test;
6+
use Statamic\Facades\Antlers;
67
use Statamic\Fields\Field;
78
use Statamic\Fields\Value;
89
use Statamic\Fieldtypes\Text;
@@ -179,6 +180,26 @@ public function allow_list_does_not_affect_tag_usage_in_trusted_templates()
179180
$this->assertSame('tag-ok', $result);
180181
}
181182

183+
#[Test]
184+
public function app_tags_from_app_directory_are_included_in_default_allowed_content_tags()
185+
{
186+
\App\Tags\AppTestTag::register();
187+
188+
$result = (string) Antlers::parse('{{ app_test_tag }}', [], false);
189+
190+
$this->assertSame('app-tag-ok', $result, 'Tags in App\Tags should be auto-allowed in user content when using default config.');
191+
}
192+
193+
#[Test]
194+
public function app_modifiers_from_app_directory_are_included_in_default_allowed_content_modifiers()
195+
{
196+
\App\Modifiers\AppTestModifier::register();
197+
198+
$result = (string) Antlers::parse('{{ value | app_test_modifier }}', ['value' => 'hello'], false);
199+
200+
$this->assertSame('HELLO-app-modifier', $result, 'Modifiers in App\Modifiers should be auto-allowed in user content when using default config.');
201+
}
202+
182203
private function makeAntlersTextValue(string $template): Value
183204
{
184205
$textFieldtype = new Text();

tests/Fixtures/App/Modifiers/AppTestModifier.php

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
<?php
2+
3+
namespace App\Modifiers;
4+
5+
use Statamic\Modifiers\Modifier;
6+
7+
class AppTestModifier extends Modifier
8+
{
9+
protected static $handle = 'app_test_modifier';
10+
11+
public function index($value, $params, $context)
12+
{
13+
return strtoupper((string) $value).'-app-modifier';
14+
}
15+
}

tests/Fixtures/App/Tags/AppTestTag.php

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
<?php
2+
3+
namespace App\Tags;
4+
5+
use Statamic\Tags\Tags;
6+
7+
class AppTestTag extends Tags
8+
{
9+
protected static $handle = 'app_test_tag';
10+
11+
public function index()
12+
{
13+
return 'app-tag-ok';
14+
}
15+
}

0 commit comments

Comments
 (0)