Moodle APIs 3.9
Moodle 3.9.13+ (Build: 20220325)
Public Member Functions | List of all members
core\output\mustache_helper_collection Class Reference

Custom Moodle helper collection for mustache. More...

Inheritance diagram for core\output\mustache_helper_collection:

Public Member Functions

 __construct ($helpers=null, array $blacklistednestedhelpers=[])
 Helper Collection constructor. More...
 
 add ($name, $helper)
 Add a helper to this collection. More...
 
 strip_blacklisted_helpers ($blacklist, $string)
 Parse the given string and remove any reference to blacklisted helpers. More...
 

Detailed Description

Custom Moodle helper collection for mustache.

License
http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later

Constructor & Destructor Documentation

◆ __construct()

core\output\mustache_helper_collection::__construct (   $helpers = null,
array  $blacklistednestedhelpers = [] 
)

Helper Collection constructor.

Optionally accepts an array (or Traversable) of $name => $helper pairs.

Exceptions
Mustache_Exception_InvalidArgumentExceptionif the $helpers argument isn't an array or Traversable
Parameters
array | Traversable$helpers(default: null)
string[]$blacklistednestedhelpersNames of helpers that aren't allowed to be called within other helpers.

Member Function Documentation

◆ add()

core\output\mustache_helper_collection::add (   $name,
  $helper 
)

Add a helper to this collection.

This function has overridden the parent implementation to provide blacklist functionality for certain helpers to prevent them being called from within other helpers. This is because the JavaScript helper can be used in a security exploit if it can be nested.

The function will wrap callable helpers in an anonymous function that strips out the blacklisted helpers from the source string before giving it to the helper function. This prevents the blacklisted helper functions from being called by nested render functions from within other helpers.

See also
Mustache_HelperCollection::add()
Parameters
string$name
mixed$helper

◆ strip_blacklisted_helpers()

core\output\mustache_helper_collection::strip_blacklisted_helpers (   $blacklist,
  $string 
)

Parse the given string and remove any reference to blacklisted helpers.

E.g. $blacklist = ['js']; $string = "core, move, {{#js}} some nasty JS hack {{/js}}" result: "core, move, {{}}"

Parameters
string[]$blacklistList of helper names to strip
string$stringString to parse
Return values
stringParsed string

The documentation for this class was generated from the following file: