* @return string
* @throws UnexpectedValueException Disallows upwards directory traversal via $templateName
*/
- public function getTemplateFilename( $templateName ) {
+ protected function getTemplateFilename( $templateName ) {
// Prevent upwards directory traversal using same methods as Title::secureAndSplit
if (
strpos( $templateName, '.' ) !== false &&
/**
* Returns a given template function if found, otherwise throws an exception.
* @param string $templateName The name of the template (without file suffix)
- * @return Function
+ * @return callable
* @throws RuntimeException
*/
- public function getTemplate( $templateName ) {
+ protected function getTemplate( $templateName ) {
// If a renderer has already been defined for this template, reuse it
- if ( isset( $this->renderers[$templateName] ) ) {
+ if ( isset( $this->renderers[$templateName] ) && is_callable( $this->renderers[$templateName] ) ) {
return $this->renderers[$templateName];
}
// See if the compiled PHP code is stored in cache.
// CACHE_ACCEL throws an exception if no suitable object cache is present, so fall
// back to CACHE_ANYTHING.
- try {
- $cache = wfGetCache( CACHE_ACCEL );
- } catch ( Exception $e ) {
- $cache = wfGetCache( CACHE_ANYTHING );
- }
+ $cache = ObjectCache::newAccelerator( array(), CACHE_ANYTHING );
$key = wfMemcKey( 'template', $templateName, $fastHash );
$code = $this->forceRecompile ? null : $cache->get( $key );
if ( !$code ) {
$code = $this->compileForEval( $fileContents, $filename );
- // Prefix the code with a keyed hash (64 hex chars) as an integrity check
- $code = hash_hmac( 'sha256', $code, $secretKey ) . $code;
-
- // Cache the compiled PHP code
- $cache->set( $key, $code );
+ // Prefix the cached code with a keyed hash (64 hex chars) as an integrity check
+ $cache->set( $key, hash_hmac( 'sha256', $code, $secretKey ) . $code );
} else {
// Verify the integrity of the cached PHP code
$keyedHash = substr( $code, 0, 64 );
}
$renderer = eval( $code );
+ if ( !is_callable( $renderer ) ) {
+ throw new RuntimeException( "Requested template, {$templateName}, is not callable" );
+ }
return $this->renderers[$templateName] = $renderer;
}
* @return string PHP code (without '<?php')
* @throws RuntimeException
*/
- public function compileForEval( $fileContents, $filename ) {
+ protected function compileForEval( $fileContents, $filename ) {
// Compile the template into PHP code
- $code = self::compile( $fileContents );
+ $code = $this->compile( $fileContents );
if ( !$code ) {
throw new RuntimeException( "Could not compile template: {$filename}" );
* @return string PHP code (with '<?php')
* @throws RuntimeException
*/
- public static function compile( $code ) {
+ protected function compile( $code ) {
if ( !class_exists( 'LightnCandy' ) ) {
throw new RuntimeException( 'LightnCandy class not defined' );
}