TemplateParser.php

Go to the documentation of this file.

<?php

use MediaWiki\MediaWikiServices;

class TemplateParser {
    protected $templateDir;

    protected $renderers;

    protected $forceRecompile = false;

    protected $compileFlags;

    public function __construct( $templateDir = null, $forceRecompile = false ) {
        $this->templateDir = $templateDir ?: __DIR__ . '/templates';
        $this->forceRecompile = $forceRecompile;

        // Do not add more flags here without discussion.
        // If you do add more flags, be sure to update unit tests as well.
        $this->compileFlags = LightnCandy::FLAG_ERROR_EXCEPTION | LightnCandy::FLAG_MUSTACHELOOKUP;
    }

    public function enableRecursivePartials( $enable ) {
        if ( $enable ) {
            $this->compileFlags |= LightnCandy::FLAG_RUNTIMEPARTIAL;
        } else {
            $this->compileFlags &= ~LightnCandy::FLAG_RUNTIMEPARTIAL;
        }
    }

    protected function getTemplateFilename( $templateName ) {
        // Prevent path traversal. Based on Language::isValidCode().
        // This is for paranoia. The $templateName should never come from
        // untrusted input.
        if (
            strcspn( $templateName, ":/\\\000&<>'\"%" ) !== strlen( $templateName )
        ) {
            throw new UnexpectedValueException( "Malformed \$templateName: $templateName" );
        }

        return "{$this->templateDir}/{$templateName}.mustache";
    }

    protected function getTemplate( $templateName ) {
        $templateKey = $templateName . '|' . $this->compileFlags;

        // If a renderer has already been defined for this template, reuse it
        if ( isset( $this->renderers[$templateKey] ) &&
            is_callable( $this->renderers[$templateKey] )
        ) {
            return $this->renderers[$templateKey];
        }

        $filename = $this->getTemplateFilename( $templateName );

        if ( !file_exists( $filename ) ) {
            throw new RuntimeException( "Could not locate template: {$filename}" );
        }

        // Read the template file
        $fileContents = file_get_contents( $filename );

        // Generate a quick hash for cache invalidation
        $fastHash = md5( $this->compileFlags . '|' . $fileContents );

        // Fetch a secret key for building a keyed hash of the PHP code
        $config = MediaWikiServices::getInstance()->getMainConfig();
        $secretKey = $config->get( 'SecretKey' );

        if ( $secretKey ) {
            // See if the compiled PHP code is stored in cache.
            $cache = ObjectCache::getLocalServerInstance( CACHE_ANYTHING );
            $key = $cache->makeKey( 'template', $templateName, $fastHash );
            $code = $this->forceRecompile ? null : $cache->get( $key );

            if ( $code ) {
                // Verify the integrity of the cached PHP code
                $keyedHash = substr( $code, 0, 64 );
                $code = substr( $code, 64 );
                if ( $keyedHash !== hash_hmac( 'sha256', $code, $secretKey ) ) {
                    // If the integrity check fails, don't use the cached code
                    // We'll update the invalid cache below
                    $code = null;
                }
            }
            if ( !$code ) {
                $code = $this->compileForEval( $fileContents, $filename );

                // Prefix the cached code with a keyed hash (64 hex chars) as an integrity check
                $cache->set( $key, hash_hmac( 'sha256', $code, $secretKey ) . $code );
            }
        // If there is no secret key available, don't use cache
        } else {
            $code = $this->compileForEval( $fileContents, $filename );
        }

        $renderer = eval( $code );
        if ( !is_callable( $renderer ) ) {
            throw new RuntimeException( "Requested template, {$templateName}, is not callable" );
        }
        $this->renderers[$templateKey] = $renderer;
        return $renderer;
    }

    protected function compileForEval( $fileContents, $filename ) {
        // Compile the template into PHP code
        $code = $this->compile( $fileContents );

        if ( !$code ) {
            throw new RuntimeException( "Could not compile template: {$filename}" );
        }

        // Strip the "<?php" added by lightncandy so that it can be eval()ed
        if ( substr( $code, 0, 5 ) === '<?php' ) {
            $code = substr( $code, 5 );
        }

        return $code;
    }

    protected function compile( $code ) {
        return LightnCandy::compile(
            $code,
            [
                'flags' => $this->compileFlags,
                'basedir' => $this->templateDir,
                'fileext' => '.mustache',
            ]
        );
    }

    public function processTemplate( $templateName, $args, array $scopes = [] ) {
        $template = $this->getTemplate( $templateName );
        return $template( $args, $scopes );
    }
}