Nemcio/Grav
1
0
Fork 0
mirror of https://github.com/getgrav/grav.git synced 2025-12-16 13:19:42 +01:00
Code Issues Packages Projects Releases Activity

avoid mail in twig content trigger security error

Browse Source 
Signed-off-by: Andy Miller <rhuk@mac.com>
This commit is contained in:
Andy Miller
2025-12-12 16:20:35 -07:00
parent 7a6b8a90d4
commit d34213232b
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
system/src/Grav/Common/Security.php
View File

@@ -379,7 +379,8 @@ class Security
];
// Build combined patterns (compile once, use many times)
$quotedFunctions = array_map(fn($f) => preg_quote($f, '/'), $bad_twig_functions);
// Use word boundaries to avoid false positives (e.g., 'mail' matching 'email')
$quotedFunctions = array_map(fn($f) => '\b' . preg_quote($f, '/') . '\b', $bad_twig_functions);
$functionsPattern = implode('|', $quotedFunctions);
// Pattern for functions in Twig blocks