liquid 2.6.3 → 3.0.0

data/lib/liquid/tags/increment.rb

@@ -1,12 +1,11 @@
 module Liquid
-
   # increment is used in a place where one needs to insert a counter
   #     into a template, and needs the counter to survive across
   #     multiple instantiations of the template.
   #     (To achieve the survival, the application must keep the context)
   #
   #     if the variable does not exist, it is created with value 0.
-
+  #
   #   Hello: {% increment variable %}
   #
   # gives you:
@@ -16,10 +15,9 @@ module Liquid
   #    Hello: 2
   #
   class Increment < Tag
-    def initialize(tag_name, markup, tokens)
-      @variable = markup.strip
-
+    def initialize(tag_name, markup, options)
       super
+      @variable = markup.strip
     end
 
     def render(context)
@@ -27,9 +25,7 @@ module Liquid
       context.environments.first[@variable] = value + 1
       value.to_s
     end
-
-    private
   end
 
-  Template.register_tag('increment', Increment)
+  Template.register_tag('increment'.freeze, Increment)
 end

data/lib/liquid/tags/raw.rb

@@ -1,22 +1,19 @@
 module Liquid
   class Raw < Block
-    FullTokenPossiblyInvalid = /^(.*)#{TagStart}\s*(\w+)\s*(.*)?#{TagEnd}$/o
+    FullTokenPossiblyInvalid = /\A(.*)#{TagStart}\s*(\w+)\s*(.*)?#{TagEnd}\z/om
 
     def parse(tokens)
       @nodelist ||= []
       @nodelist.clear
       while token = tokens.shift
         if token =~ FullTokenPossiblyInvalid
-          @nodelist << $1 if $1 != ""
-          if block_delimiter == $2
-            end_tag
-            return
-          end
+          @nodelist << $1 if $1 != "".freeze
+          return if block_delimiter == $2
         end
         @nodelist << token if not token.empty?
       end
     end
   end
 
-  Template.register_tag('raw', Raw)
+  Template.register_tag('raw'.freeze, Raw)
 end

data/lib/liquid/tags/table_row.rb

@@ -0,0 +1,73 @@
+module Liquid
+  class TableRow < Block
+    Syntax = /(\w+)\s+in\s+(#{QuotedFragment}+)/o
+
+    def initialize(tag_name, markup, options)
+      super
+      if markup =~ Syntax
+        @variable_name = $1
+        @collection_name = $2
+        @attributes = {}
+        markup.scan(TagAttributes) do |key, value|
+          @attributes[key] = value
+        end
+      else
+        raise SyntaxError.new(options[:locale].t("errors.syntax.table_row".freeze))
+      end
+    end
+
+    def render(context)
+      collection = context[@collection_name] or return ''.freeze
+
+      from = @attributes['offset'.freeze] ? context[@attributes['offset'.freeze]].to_i : 0
+      to = @attributes['limit'.freeze] ? from + context[@attributes['limit'.freeze]].to_i : nil
+
+      collection = Utils.slice_collection(collection, from, to)
+
+      length = collection.length
+
+      cols = context[@attributes['cols'.freeze]].to_i
+
+      row = 1
+      col = 0
+
+      result = "<tr class=\"row1\">\n"
+      context.stack do
+
+        collection.each_with_index do |item, index|
+          context[@variable_name] = item
+          context['tablerowloop'.freeze] = {
+            'length'.freeze    => length,
+            'index'.freeze     => index + 1,
+            'index0'.freeze    => index,
+            'col'.freeze       => col + 1,
+            'col0'.freeze      => col,
+            'index0'.freeze    => index,
+            'rindex'.freeze    => length - index,
+            'rindex0'.freeze   => length - index - 1,
+            'first'.freeze     => (index == 0),
+            'last'.freeze      => (index == length - 1),
+            'col_first'.freeze => (col == 0),
+            'col_last'.freeze  => (col == cols - 1)
+          }
+
+
+          col += 1
+
+          result << "<td class=\"col#{col}\">" << super << '</td>'
+
+          if col == cols and (index != length - 1)
+            col  = 0
+            row += 1
+            result << "</tr>\n<tr class=\"row#{row}\">"
+          end
+
+        end
+      end
+      result << "</tr>\n"
+      result
+    end
+  end
+
+  Template.register_tag('tablerow'.freeze, TableRow)
+end

data/lib/liquid/tags/unless.rb

@@ -1,7 +1,6 @@
 require File.dirname(__FILE__) + '/if'
 
 module Liquid
-
   # Unless is a conditional just like 'if' but works on the inverse logic.
   #
   #   {% unless x < 0 %} x is greater than zero {% end %}
@@ -23,11 +22,10 @@ module Liquid
           end
         end
 
-        ''
+        ''.freeze
       end
     end
   end
 
-
-  Template.register_tag('unless', Unless)
+  Template.register_tag('unless'.freeze, Unless)
 end

data/lib/liquid/template.rb

@@ -14,10 +14,58 @@ module Liquid
   #   template.render('user_name' => 'bob')
   #
   class Template
+    DEFAULT_OPTIONS = {
+      :locale => I18n.new
+    }
+
     attr_accessor :root, :resource_limits
     @@file_system = BlankFileSystem.new
 
+    class TagRegistry
+      def initialize
+        @tags  = {}
+        @cache = {}
+      end
+
+      def [](tag_name)
+        return nil unless @tags.has_key?(tag_name)
+        return @cache[tag_name] if Liquid.cache_classes
+
+        lookup_class(@tags[tag_name]).tap { |o| @cache[tag_name] = o }
+      end
+
+      def []=(tag_name, klass)
+        @tags[tag_name]  = klass.name
+        @cache[tag_name] = klass
+      end
+
+      def delete(tag_name)
+        @tags.delete(tag_name)
+        @cache.delete(tag_name)
+      end
+
+      private
+
+      def lookup_class(name)
+        name.split("::").reject(&:empty?).reduce(Object) { |scope, const| scope.const_get(const) }
+      end
+    end
+
+    attr_reader :profiler
+
     class << self
+      # Sets how strict the parser should be.
+      # :lax acts like liquid 2.5 and silently ignores malformed tags in most cases.
+      # :warn is the default and will give deprecation warnings when invalid syntax is used.
+      # :strict will enforce correct syntax.
+      attr_writer :error_mode
+
+      # Sets how strict the taint checker should be.
+      # :lax is the default, and ignores the taint flag completely
+      # :warn adds a warning, but does not interrupt the rendering
+      # :error raises an error when tainted output is used
+      attr_writer :taint_mode
+
       def file_system
         @@file_system
       end
@@ -31,7 +79,15 @@ module Liquid
       end
 
       def tags
-        @tags ||= {}
+        @tags ||= TagRegistry.new
+      end
+
+      def error_mode
+        @error_mode || :lax
+      end
+
+      def taint_mode
+        @taint_mode || :lax
       end
 
       # Pass a module with filter methods which should be available
@@ -40,26 +96,39 @@ module Liquid
         Strainer.global_filter(mod)
       end
 
+      def default_resource_limits
+        @default_resource_limits ||= {}
+      end
+
       # creates a new <tt>Template</tt> object from liquid source code
-      def parse(source)
+      # To enable profiling, pass in <tt>profile: true</tt> as an option.
+      # See Liquid::Profiler for more information
+      def parse(source, options = {})
         template = Template.new
-        template.parse(source)
-        template
+        template.parse(source, options)
       end
     end
 
-    # creates a new <tt>Template</tt> from an array of tokens. Use <tt>Template.parse</tt> instead
     def initialize
-      @resource_limits = {}
+      @resource_limits = self.class.default_resource_limits.dup
     end
 
     # Parse source code.
     # Returns self for easy chaining
-    def parse(source)
-      @root = Document.new(tokenize(source))
+    def parse(source, options = {})
+      @options = options
+      @profiling = options[:profile]
+      @line_numbers = options[:line_numbers] || @profiling
+      @root = Document.parse(tokenize(source), DEFAULT_OPTIONS.merge(options))
+      @warnings = nil
       self
     end
 
+    def warnings
+      return [] unless @root
+      @warnings ||= @root.warnings
+    end
+
     def registers
       @registers ||= {}
     end
@@ -81,6 +150,9 @@ module Liquid
     # if you use the same filters over and over again consider registering them globally
     # with <tt>Template.register_filter</tt>
     #
+    # if profiling was enabled in <tt>Template#parse</tt> then the resulting profiling information
+    # will be available via <tt>Template#profiler</tt>
+    #
     # Following options can be passed:
     #
     #  * <tt>filters</tt> : array with local filters
@@ -88,11 +160,17 @@ module Liquid
     #    filters and tags and might be useful to integrate liquid more with its host application
     #
     def render(*args)
-      return '' if @root.nil?
+      return ''.freeze if @root.nil?
 
       context = case args.first
       when Liquid::Context
-        args.shift
+        c = args.shift
+
+        if @rethrow_errors
+          c.exception_handler = ->(e) { true }
+        end
+
+        c
       when Liquid::Drop
         drop = args.shift
         drop.context = Context.new([drop, assigns], instance_assigns, registers, @rethrow_errors, @resource_limits)
@@ -101,7 +179,7 @@ module Liquid
       when nil
         Context.new(assigns, instance_assigns, registers, @rethrow_errors, @resource_limits)
       else
-        raise ArgumentError, "Expect Hash or Liquid::Context as parameter"
+        raise ArgumentError, "Expected Hash or Liquid::Context as parameter"
       end
 
       case args.last
@@ -116,6 +194,9 @@ module Liquid
           context.add_filters(options[:filters])
         end
 
+        if options[:exception_handler]
+          context.exception_handler = options[:exception_handler]
+        end
       when Module
         context.add_filters(args.pop)
       when Array
@@ -125,7 +206,9 @@ module Liquid
       begin
         # render the nodelist.
         # for performance reasons we get an array back here. join will make a string out of it.
-        result = @root.render(context)
+        result = with_profiling do
+          @root.render(context)
+        end
         result.respond_to?(:join) ? result.join : result
       rescue Liquid::MemoryError => e
         context.handle_error(e)
@@ -135,7 +218,8 @@ module Liquid
     end
 
     def render!(*args)
-      @rethrow_errors = true; render(*args)
+      @rethrow_errors = true
+      render(*args)
     end
 
     private
@@ -144,7 +228,8 @@ module Liquid
     def tokenize(source)
       source = source.source if source.respond_to?(:source)
       return [] if source.to_s.empty?
-      tokens = source.split(TemplateParser)
+
+      tokens = calculate_line_numbers(source.split(TemplateParser))
 
       # removes the rogue empty element at the beginning of the array
       tokens.shift if tokens[0] and tokens[0].empty?
@@ -152,5 +237,30 @@ module Liquid
       tokens
     end
 
+    def calculate_line_numbers(raw_tokens)
+      return raw_tokens unless @line_numbers
+
+      current_line = 1
+      raw_tokens.map do |token|
+        Token.new(token, current_line).tap do
+          current_line += token.count("\n")
+        end
+      end
+    end
+
+    def with_profiling
+      if @profiling && !@options[:included]
+        @profiler = Profiler.new
+        @profiler.start
+
+        begin
+          yield
+        ensure
+          @profiler.stop
+        end
+      else
+        yield
+      end
+    end
   end
 end

data/lib/liquid/token.rb

@@ -0,0 +1,18 @@
+module Liquid
+  class Token < String
+    attr_reader :line_number
+
+    def initialize(content, line_number)
+      super(content)
+      @line_number = line_number
+    end
+
+    def raw
+      "<raw>"
+    end
+
+    def child(string)
+      Token.new(string, @line_number)
+    end
+  end
+end

data/lib/liquid/utils.rb

@@ -1,5 +1,18 @@
 module Liquid
   module Utils
+
+    def self.slice_collection(collection, from, to)
+      if (from != 0 || to != nil) && collection.respond_to?(:load_slice)
+        collection.load_slice(from, to)
+      else
+        slice_collection_using_each(collection, from, to)
+      end
+    end
+
+    def self.non_blank_string?(collection)
+      collection.is_a?(String) && collection != ''.freeze
+    end
+
     def self.slice_collection_using_each(collection, from, to)
       segments = []
       index = 0
@@ -22,9 +35,5 @@ module Liquid
 
       segments
     end
-
-    def self.non_blank_string?(collection)
-      collection.is_a?(String) && collection != ''
-    end
   end
 end

data/lib/liquid/variable.rb

@@ -11,45 +11,123 @@ module Liquid
   #   {{ user | link }}
   #
   class Variable
-    FilterParser = /(?:#{FilterSeparator}|(?:\s*(?:#{QuotedFragment}|#{ArgumentSeparator})\s*)+)/o
-    attr_accessor :filters, :name
+    FilterParser = /(?:\s+|#{QuotedFragment}|#{ArgumentSeparator})+/o
+    EasyParse = /\A *(\w+(?:\.\w+)*) *\z/
+    attr_accessor :filters, :name, :warnings
+    attr_accessor :line_number
+    include ParserSwitching
 
-    def initialize(markup)
+    def initialize(markup, options = {})
       @markup  = markup
       @name    = nil
+      @options = options || {}
+
+      parse_with_selected_parser(markup)
+    end
+
+    def raw
+      @markup
+    end
+
+    def markup_context(markup)
+      "in \"{{#{markup}}}\""
+    end
+
+    def lax_parse(markup)
       @filters = []
-      if match = markup.match(/\s*(#{QuotedFragment})(.*)/o)
-        @name = match[1]
-        if match[2].match(/#{FilterSeparator}\s*(.*)/o)
-          filters = Regexp.last_match(1).scan(FilterParser)
+      if markup =~ /(#{QuotedFragment})(.*)/om
+        name_markup = $1
+        filter_markup = $2
+        @name = Expression.parse(name_markup)
+        if filter_markup =~ /#{FilterSeparator}\s*(.*)/om
+          filters = $1.scan(FilterParser)
           filters.each do |f|
-            if matches = f.match(/\s*(\w+)/)
-              filtername = matches[1]
+            if f =~ /\w+/
+              filtername = Regexp.last_match(0)
               filterargs = f.scan(/(?:#{FilterArgumentSeparator}|#{ArgumentSeparator})\s*((?:\w+\s*\:\s*)?#{QuotedFragment})/o).flatten
-              @filters << [filtername, filterargs]
+              @filters << parse_filter_expressions(filtername, filterargs)
             end
           end
         end
       end
     end
 
+    def strict_parse(markup)
+      # Very simple valid cases
+      if markup =~ EasyParse
+        @name = Expression.parse($1)
+        @filters = []
+        return
+      end
+
+      @filters = []
+      p = Parser.new(markup)
+      # Could be just filters with no input
+      @name = p.look(:pipe) ? nil : Expression.parse(p.expression)
+      while p.consume?(:pipe)
+        filtername = p.consume(:id)
+        filterargs = p.consume?(:colon) ? parse_filterargs(p) : []
+        @filters << parse_filter_expressions(filtername, filterargs)
+      end
+      p.consume(:end_of_string)
+    end
+
+    def parse_filterargs(p)
+      # first argument
+      filterargs = [p.argument]
+      # followed by comma separated others
+      while p.consume?(:comma)
+        filterargs << p.argument
+      end
+      filterargs
+    end
+
     def render(context)
-      return '' if @name.nil?
-      @filters.inject(context[@name]) do |output, filter|
-        filterargs = []
-        keyword_args = {}
-        filter[1].to_a.each do |a|
-          if matches = a.match(/\A#{TagAttributes}\z/o)
-            keyword_args[matches[1]] = context[matches[2]]
-          else
-            filterargs << context[a]
-          end
+      @filters.inject(context.evaluate(@name)) do |output, (filter_name, filter_args, filter_kwargs)|
+        filter_args = evaluate_filter_expressions(context, filter_args, filter_kwargs)
+        output = context.invoke(filter_name, output, *filter_args)
+      end.tap{ |obj| taint_check(obj) }
+    end
+
+    private
+
+    def parse_filter_expressions(filter_name, unparsed_args)
+      filter_args = []
+      keyword_args = {}
+      unparsed_args.each do |a|
+        if matches = a.match(/\A#{TagAttributes}\z/o)
+          keyword_args[matches[1]] = Expression.parse(matches[2])
+        else
+          filter_args << Expression.parse(a)
         end
-        filterargs << keyword_args unless keyword_args.empty?
-        begin
-          output = context.invoke(filter[0], output, *filterargs)
-        rescue FilterNotFound
-          raise FilterNotFound, "Error - filter '#{filter[0]}' in '#{@markup.strip}' could not be found."
+      end
+      result = [filter_name, filter_args]
+      result << keyword_args unless keyword_args.empty?
+      result
+    end
+
+    def evaluate_filter_expressions(context, filter_args, filter_kwargs)
+      parsed_args = filter_args.map{ |expr| context.evaluate(expr) }
+      if filter_kwargs
+        parsed_kwargs = {}
+        filter_kwargs.each do |key, expr|
+          parsed_kwargs[key] = context.evaluate(expr)
+        end
+        parsed_args << parsed_kwargs
+      end
+      parsed_args
+    end
+
+    def taint_check(obj)
+      if obj.tainted?
+        @markup =~ QuotedFragment
+        name = Regexp.last_match(0)
+        case Template.taint_mode
+        when :warn
+          @warnings ||= []
+          @warnings << "variable '#{name}' is tainted and was not escaped"
+        when :error
+          raise TaintedError, "Error - variable '#{name}' is tainted and was not escaped"
         end
       end
     end

data/lib/liquid/variable_lookup.rb

@@ -0,0 +1,78 @@
+module Liquid
+  class VariableLookup
+    SQUARE_BRACKETED = /\A\[(.*)\]\z/m
+    COMMAND_METHODS = ['size'.freeze, 'first'.freeze, 'last'.freeze]
+
+    def self.parse(markup)
+      new(markup)
+    end
+
+    def initialize(markup)
+      lookups = markup.scan(VariableParser)
+
+      name = lookups.shift
+      if name =~ SQUARE_BRACKETED
+        name = Expression.parse($1)
+      end
+      @name = name
+
+      @lookups = lookups
+      @command_flags = 0
+
+      @lookups.each_index do |i|
+        lookup = lookups[i]
+        if lookup =~ SQUARE_BRACKETED
+          lookups[i] = Expression.parse($1)
+        elsif COMMAND_METHODS.include?(lookup)
+          @command_flags |= 1 << i
+        end
+      end
+    end
+
+    def evaluate(context)
+      name = context.evaluate(@name)
+      object = context.find_variable(name)
+
+      @lookups.each_index do |i|
+        key = context.evaluate(@lookups[i])
+
+        # If object is a hash- or array-like object we look for the
+        # presence of the key and if its available we return it
+        if object.respond_to?(:[]) &&
+          ((object.respond_to?(:has_key?) && object.has_key?(key)) ||
+           (object.respond_to?(:fetch) && key.is_a?(Integer)))
+
+          # if its a proc we will replace the entry with the proc
+          res = context.lookup_and_evaluate(object, key)
+          object = res.to_liquid
+
+          # Some special cases. If the part wasn't in square brackets and
+          # no key with the same name was found we interpret following calls
+          # as commands and call them on the current object
+        elsif @command_flags & (1 << i) != 0 && object.respond_to?(key)
+          object = object.send(key).to_liquid
+
+          # No key was present with the desired value and it wasn't one of the directly supported
+          # keywords either. The only thing we got left is to return nil
+        else
+          return nil
+        end
+
+        # If we are dealing with a drop here we have to
+        object.context = context if object.respond_to?(:context=)
+      end
+
+      object
+    end
+
+    def ==(other)
+      self.class == other.class && self.state == other.state
+    end
+
+    protected
+
+    def state
+      [@name, @lookups, @command_flags]
+    end
+  end
+end

data/lib/liquid/version.rb

@@ -1,4 +1,4 @@
 # encoding: utf-8
 module Liquid
-  VERSION = "2.6.3"
+  VERSION = "3.0.0"
 end