Merge pull request #66 from kenjis/feat-override-CustomizedFunctions

feat: can override customized functions

Author: kenjis

ChangeLog.md

@@ -8,7 +8,11 @@
     - PHP 7.4 or later.
     - Twig 3.4.3 or later.
     - CodeIgniter 4.2.11 or later.
+
+### Added
+
 - Add functionality to add your filters. See [README](README.md#adding-your-functions--filters).
+- Add functionality to override functions that are customized by *CodeIgniter Simple and Secure Twig*.
 
 ## v4.1.0 (2022-09-20)
 

README.md

@@ -79,9 +79,16 @@ $twig = $this->twig->getTwig();
 * `form_error()`
 * `form_hidden()`
 * `set_value()`
+* `csrf_field()`
+* `validation_list_errors()`
 
 Some helpers are added the functionality of auto-escaping for security.
 
+> **Warning**
+> `validation_list_errors()` shows Validation Errors by `Services::validation()->listErrors()`,
+> and if you use user input for Validation Error messages, attackers may do XSS.
+> In such a case, validate user input and escape it by yourself.
+
 ### Adding Your Functions & Filters
 
 You can add your functions and filters with configuration:
@@ -95,7 +102,9 @@ $config = [
 $this->twig = new \Kenjis\CI4Twig\Twig($config);
 ~~~
 
-If your function explicitly outputs HTML code, you will want the raw output to be printed. In such a case, use `functions_safe`, and **you have to make sure the output of the function is XSS free**.
+If your function explicitly outputs HTML code, you want the raw output to be printed.
+In such a case, use `functions_safe`, and **you have to make sure the output of
+the function is XSS free**.
 
 ### References
 

src/CI4Twig/Twig.php

@@ -253,7 +253,16 @@ protected function addFunctions()
         }
 
         // customized functions
-        if (function_exists('anchor')) {
+        $this->addCustomizedFunctions();
+
+        $this->functions_added = true;
+    }
+
+    protected function addCustomizedFunctions()
+    {
+        $functions = array_merge($this->functions_asis, $this->functions_safe);
+
+        if (! in_array('anchor', $functions, true) && function_exists('anchor')) {
             $this->twig->addFunction(
                 new TwigFunction(
                     'anchor',
@@ -263,15 +272,15 @@ protected function addFunctions()
             );
         }
 
-        $this->twig->addFunction(
-            new TwigFunction(
-                'validation_list_errors',
-                [$this, 'validation_list_errors'],
-                ['is_safe' => ['html']]
-            )
-        );
-
-        $this->functions_added = true;
+        if (! in_array('validation_list_errors', $functions, true)) {
+            $this->twig->addFunction(
+                new TwigFunction(
+                    'validation_list_errors',
+                    [$this, 'validation_list_errors'],
+                    ['is_safe' => ['html']]
+                )
+            );
+        }
     }
 
     /**

tests/CI4Twig/TwigTest.php

@@ -85,41 +85,47 @@ public function testAddFunctionsRunsOnlyOnce()
 
     public function testFunctionAsIs()
     {
-        $obj = new Twig(
-            [
-                'paths'     => __DIR__ . '/../templates/',
-                'functions' => ['md5'],
-                'cache'     => false,
-            ]
-        );
+        $obj = new Twig([
+            'paths'     => __DIR__ . '/../templates/',
+            'functions' => ['md5'],
+            'cache'     => false,
+        ]);
 
         $output = $obj->render('functions_asis');
         $this->assertSame("900150983cd24fb0d6963f7d28e17f72\n", $output);
     }
 
     public function testFunctionSafe()
     {
-        $obj = new Twig(
-            [
-                'paths'          => __DIR__ . '/../templates/',
-                'functions_safe' => ['test_safe'],
-                'cache'          => false,
-            ]
-        );
+        $obj = new Twig([
+            'paths'          => __DIR__ . '/../templates/',
+            'functions_safe' => ['test_safe'],
+            'cache'          => false,
+        ]);
 
         $output = $obj->render('functions_safe');
         $this->assertSame("<s>test</s>\n", $output);
     }
 
+    public function testFunctionCustomized()
+    {
+        $obj = new Twig([
+            'paths'     => __DIR__ . '/../templates/',
+            'functions' => ['validation_list_errors'],
+            'cache'     => false,
+        ]);
+
+        $output = $obj->render('functions_customized_override');
+        $this->assertSame("override\n", $output);
+    }
+
     public function testFilter()
     {
-        $obj = new Twig(
-            [
-                'paths'   => __DIR__ . '/../templates/',
-                'filters' => ['str_rot13'],
-                'cache'   => false,
-            ]
-        );
+        $obj = new Twig([
+            'paths'   => __DIR__ . '/../templates/',
+            'filters' => ['str_rot13'],
+            'cache'   => false,
+        ]);
 
         $output = $obj->render('filters');
         $this->assertSame("PbqrVtavgre Fvzcyr naq Frpher Gjvt\n", $output);

tests/templates/functions_customized_override.twig

@@ -0,0 +1 @@
+{{ validation_list_errors() }}

tests/twig_functions.php

@@ -4,3 +4,8 @@ function test_safe(): string
 {
     return '<s>test</s>';
 }
+
+function validation_list_errors(): string
+{
+    return 'override';
+}