From dbd5c32535c6248c0158c45753e787cc8cd62f5e Mon Sep 17 00:00:00 2001 From: Benjamin Dalsass Date: Wed, 27 Jul 2022 08:06:18 +0200 Subject: [PATCH] =?UTF-8?q?restore=20important=20security=20fix=20on=20twi?= =?UTF-8?q?g=20filter=20see=20N=C2=B04867=20"Twig=20content=20not=20allowe?= =?UTF-8?q?d"=20error=20when=20use=20the=20extkey=20widget=20search=20icon?= =?UTF-8?q?=20in=20the=20user=20portal?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/Application/TwigBase/Twig/Extension.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/sources/Application/TwigBase/Twig/Extension.php b/sources/Application/TwigBase/Twig/Extension.php index 9b243ea47..af88ea62d 100644 --- a/sources/Application/TwigBase/Twig/Extension.php +++ b/sources/Application/TwigBase/Twig/Extension.php @@ -141,6 +141,16 @@ class Extension // @see https://www.php.net/manual/fr/function.var-export.php $aFilters[] = new TwigFilter('var_export', 'var_export'); + //since 2.7.7 3.0.2 3.1.0 N°4867 "Twig content not allowed" error when use the extkey widget search icon in the user portal + //overwrite native twig filter : disable use of 'system' filter + $aFilters[] = new TwigFilter('filter', function ($array, $arrow) { + if ($arrow == 'system') { + return json_encode($array); + } + + return twig_array_filter($array, $arrow); + }); + return $aFilters; }