This allows variables defined in an outer context to be used in inner
contexts. For example:
<h2>{{foo}}</h2>
<ul>
{{#things}}
<!-- bar is a property of each thing, foo is an outer variable -->
<li>{{foo}} is a {{bar}}</li>
{{/things}}
</ul>
Bug: T203209
Change-Id: Ib0ae0fb0b4be6b161f548c79db6fb6f4b831f7c1
This fixes 26 of the phan-taint-check warnings on MW core. Some
are outright fixed, others are false positives that were suppressed.
This really only covers some of the easy ones. There are still
314 warnings to go.
Change-Id: I30463bc3a09fd4324d190de8533f51784764dd3a
Recursive partials are the only way to handle tree-like structures
such as nested lists. Allow setting FLAG_RUNTIMEPARTIAL in LightnCandy
so they can be used.
Since this has a slight performance impact (makes partial invocations
evaluation-time functions calls instead of compilation-time transclusions)
make it optional.
Change-Id: Ie37105a9f1ff92e1a79bfcd9f8578965e3d347f0
Previously, if the cache integrity check failed then it would emit a
warning but then continue to use the code. The integrity check could
genuinely fail if the secret key was changed, if the cache was
truncated, or other edge case scenarios.
Now TemplateParser will recompile if the cache fails the integrity
check, and then update the cache with the newly compiled version.
Bug: T163154
Change-Id: I9a6c8d528f84cfbabf402cfaf6468c162fab1f15
In practise this probably doesn't matter, since template names
are not user controlled, and php isn't stupid enough to fall for
tricks with nulls (afaict). Nonetheless, the code from Title is
only meant to prevent url traversal, it is not meant to prevent
file system path traversal.
Change-Id: Id690576326d03744acc8fbbe78f4b7a4b4c04d7e
Also:
* Use ternary shorthand.
* Remove verbose comment about APC fallback. APC always requires
a fallback and is enforced by the method being called. Stating
the obvious is confusing here.
Change-Id: Ie5cb3bdc60600806b01b57f1f1b352b981818b0d
This is sufficient to make https://gerrit.wikimedia.org/r/#/c/223165/
work. It hardcodes .mustache as the extension, but so does
existing getTemplateFilename().
Bug: T97188
Change-Id: Id588ae9b43b13fcf35ebd285c826dd502ac424ec
All of the other functions expose internal implementation details, which no
external caller should ever need. In fact, no external caller does use these
functions directly.
The TemplateParser::compile() tests were removed as they're simply just
checking LightnCandy functionality, which is something the library should be
doing.
Change-Id: If9003d40315e0e5aa361c174b764b799e3b88c34
Also add regression test, and coverage for more methods.
Was trying to eval the code which had the hmac integrity check in front of it,
which causes a syntax error in valid PHP code.
Follows-up db1866da4, 50c50bea2e.
Bug: T93436
Bug: T93511
Change-Id: Ie90074e4885de7340e53f59fdd479f5384b5eac6
In the unlikely event that no secret key is available, we shouldn't
rely on the cache at all in TemplateParser.
Adding new compileForEval() function and and moving eval() outside
of if statement to prevent code duplication.
Also, if the template fails integrity check, generate a notice
instead of throwing an exception in case we change the secret key.
Change-Id: Id44fdcc9533fc8a9c77e84fcebaa064f602477c6
The TemplateParser class provides a server-side interface to cachable
dynamically-compiled Mustache templates. It currently uses the
lightncandy library to do compilation (which is already included in
the vendor repo).
Also converting NoLocalSettings.php to use it as a proof-of-concept.
Bug: T379
Change-Id: I28cd13d4d1132bd386e2ae2f4f0d1dd88ad9162b
