liquid 3.0.0.rc1 → 3.0.0

data/lib/liquid/tags/assign.rb

@@ -15,7 +15,8 @@ module Liquid
       super
       if markup =~ Syntax
         @to = $1
-        @from = Variable.new($2)
+        @from = Variable.new($2,options)
+        @from.line_number = line_number
       else
         raise SyntaxError.new options[:locale].t("errors.syntax.assign".freeze)
       end

data/lib/liquid/tags/case.rb

@@ -15,7 +15,7 @@ module Liquid
     end
 
     def nodelist
-      @blocks.map(&:attachment).flatten
+      @blocks.flat_map(&:attachment)
     end
 
     def unknown_tag(tag, markup, tokens)

data/lib/liquid/tags/if.rb

@@ -21,7 +21,7 @@ module Liquid
     end
 
     def nodelist
-      @blocks.map(&:attachment).flatten
+      @blocks.flat_map(&:attachment)
     end
 
     def unknown_tag(tag, markup, tokens)
@@ -57,15 +57,15 @@ module Liquid
       end
 
       def lax_parse(markup)
-        expressions = markup.scan(ExpressionsAndOperators).reverse
-        raise(SyntaxError.new(options[:locale].t("errors.syntax.if".freeze))) unless expressions.shift =~ Syntax
+        expressions = markup.scan(ExpressionsAndOperators)
+        raise(SyntaxError.new(options[:locale].t("errors.syntax.if".freeze))) unless expressions.pop =~ Syntax
 
         condition = Condition.new($1, $2, $3)
 
         while not expressions.empty?
-          operator = (expressions.shift).to_s.strip
+          operator = expressions.pop.to_s.strip
 
-          raise(SyntaxError.new(options[:locale].t("errors.syntax.if".freeze))) unless expressions.shift.to_s =~ Syntax
+          raise(SyntaxError.new(options[:locale].t("errors.syntax.if".freeze))) unless expressions.pop.to_s =~ Syntax
 
           new_condition = Condition.new($1, $2, $3)
           raise(SyntaxError.new(options[:locale].t("errors.syntax.if".freeze))) unless BOOLEAN_OPERATORS.include?(operator)

data/lib/liquid/tags/ifchanged.rb

@@ -4,7 +4,7 @@ module Liquid
     def render(context)
       context.stack do
 
-        output = render_all(@nodelist, context)
+        output = super
 
         if output != context.registers[:ifchanged]
           context.registers[:ifchanged] = output

data/lib/liquid/tags/include.rb

@@ -69,7 +69,7 @@ module Liquid
           return cached
         end
         source = read_template_from_file_system(context)
-        partial = Liquid::Template.parse(source)
+        partial = Liquid::Template.parse(source, pass_options)
         cached_partials[template_name] = partial
         context.registers[:cached_partials] = cached_partials
         partial
@@ -88,6 +88,16 @@ module Liquid
           raise ArgumentError, "file_system.read_template_file expects two parameters: (template_name, context)"
         end
       end
+
+      def pass_options
+        dont_pass = @options[:include_options_blacklist]
+        return {locale: @options[:locale]} if dont_pass == true
+        opts = @options.merge(included: true, include_options_blacklist: false)
+        if dont_pass.is_a?(Array)
+          dont_pass.each {|o| opts.delete(o)}
+        end
+        opts
+      end
   end
 
   Template.register_tag('include'.freeze, Include)

data/lib/liquid/tags/raw.rb

@@ -8,10 +8,7 @@ module Liquid
       while token = tokens.shift
         if token =~ FullTokenPossiblyInvalid
           @nodelist << $1 if $1 != "".freeze
-          if block_delimiter == $2
-            end_tag
-            return
-          end
+          return if block_delimiter == $2
         end
         @nodelist << token if not token.empty?
       end

data/lib/liquid/tags/table_row.rb

@@ -54,7 +54,7 @@ module Liquid
 
           col += 1
 
-          result << "<td class=\"col#{col}\">" << render_all(@nodelist, context) << '</td>'
+          result << "<td class=\"col#{col}\">" << super << '</td>'
 
           if col == cols and (index != length - 1)
             col  = 0

data/lib/liquid/template.rb

@@ -51,6 +51,8 @@ module Liquid
       end
     end
 
+    attr_reader :profiler
+
     class << self
       # Sets how strict the parser should be.
       # :lax acts like liquid 2.5 and silently ignores malformed tags in most cases.
@@ -58,6 +60,12 @@ module Liquid
       # :strict will enforce correct syntax.
       attr_writer :error_mode
 
+      # Sets how strict the taint checker should be.
+      # :lax is the default, and ignores the taint flag completely
+      # :warn adds a warning, but does not interrupt the rendering
+      # :error raises an error when tainted output is used
+      attr_writer :taint_mode
+
       def file_system
         @@file_system
       end
@@ -78,27 +86,39 @@ module Liquid
         @error_mode || :lax
       end
 
+      def taint_mode
+        @taint_mode || :lax
+      end
+
       # Pass a module with filter methods which should be available
       # to all liquid views. Good for registering the standard library
       def register_filter(mod)
         Strainer.global_filter(mod)
       end
 
+      def default_resource_limits
+        @default_resource_limits ||= {}
+      end
+
       # creates a new <tt>Template</tt> object from liquid source code
+      # To enable profiling, pass in <tt>profile: true</tt> as an option.
+      # See Liquid::Profiler for more information
       def parse(source, options = {})
         template = Template.new
         template.parse(source, options)
       end
     end
 
-    # creates a new <tt>Template</tt> from an array of tokens. Use <tt>Template.parse</tt> instead
     def initialize
-      @resource_limits = {}
+      @resource_limits = self.class.default_resource_limits.dup
     end
 
     # Parse source code.
     # Returns self for easy chaining
     def parse(source, options = {})
+      @options = options
+      @profiling = options[:profile]
+      @line_numbers = options[:line_numbers] || @profiling
       @root = Document.parse(tokenize(source), DEFAULT_OPTIONS.merge(options))
       @warnings = nil
       self
@@ -130,6 +150,9 @@ module Liquid
     # if you use the same filters over and over again consider registering them globally
     # with <tt>Template.register_filter</tt>
     #
+    # if profiling was enabled in <tt>Template#parse</tt> then the resulting profiling information
+    # will be available via <tt>Template#profiler</tt>
+    #
     # Following options can be passed:
     #
     #  * <tt>filters</tt> : array with local filters
@@ -183,7 +206,9 @@ module Liquid
       begin
         # render the nodelist.
         # for performance reasons we get an array back here. join will make a string out of it.
-        result = @root.render(context)
+        result = with_profiling do
+          @root.render(context)
+        end
         result.respond_to?(:join) ? result.join : result
       rescue Liquid::MemoryError => e
         context.handle_error(e)
@@ -203,7 +228,8 @@ module Liquid
     def tokenize(source)
       source = source.source if source.respond_to?(:source)
       return [] if source.to_s.empty?
-      tokens = source.split(TemplateParser)
+
+      tokens = calculate_line_numbers(source.split(TemplateParser))
 
       # removes the rogue empty element at the beginning of the array
       tokens.shift if tokens[0] and tokens[0].empty?
@@ -211,5 +237,30 @@ module Liquid
       tokens
     end
 
+    def calculate_line_numbers(raw_tokens)
+      return raw_tokens unless @line_numbers
+
+      current_line = 1
+      raw_tokens.map do |token|
+        Token.new(token, current_line).tap do
+          current_line += token.count("\n")
+        end
+      end
+    end
+
+    def with_profiling
+      if @profiling && !@options[:included]
+        @profiler = Profiler.new
+        @profiler.start
+
+        begin
+          yield
+        ensure
+          @profiler.stop
+        end
+      else
+        yield
+      end
+    end
   end
 end

data/lib/liquid/token.rb

@@ -0,0 +1,18 @@
+module Liquid
+  class Token < String
+    attr_reader :line_number
+
+    def initialize(content, line_number)
+      super(content)
+      @line_number = line_number
+    end
+
+    def raw
+      "<raw>"
+    end
+
+    def child(string)
+      Token.new(string, @line_number)
+    end
+  end
+end

data/lib/liquid/variable.rb

@@ -11,40 +11,41 @@ module Liquid
   #   {{ user | link }}
   #
   class Variable
-    FilterParser = /(?:#{FilterSeparator}|(?:\s*(?:#{QuotedFragment}|#{ArgumentSeparator})\s*)+)/o
+    FilterParser = /(?:\s+|#{QuotedFragment}|#{ArgumentSeparator})+/o
     EasyParse = /\A *(\w+(?:\.\w+)*) *\z/
     attr_accessor :filters, :name, :warnings
+    attr_accessor :line_number
+    include ParserSwitching
 
     def initialize(markup, options = {})
       @markup  = markup
       @name    = nil
       @options = options || {}
 
-      case @options[:error_mode] || Template.error_mode
-      when :strict then strict_parse(markup)
-      when :lax    then lax_parse(markup)
-      when :warn
-        begin
-          strict_parse(markup)
-        rescue SyntaxError => e
-          @warnings ||= []
-          @warnings << e
-          lax_parse(markup)
-        end
-      end
+      parse_with_selected_parser(markup)
+    end
+
+    def raw
+      @markup
+    end
+
+    def markup_context(markup)
+      "in \"{{#{markup}}}\""
     end
 
     def lax_parse(markup)
       @filters = []
-      if markup =~ /\s*(#{QuotedFragment})(.*)/om
-        @name = Regexp.last_match(1)
-        if Regexp.last_match(2) =~ /#{FilterSeparator}\s*(.*)/om
-          filters = Regexp.last_match(1).scan(FilterParser)
+      if markup =~ /(#{QuotedFragment})(.*)/om
+        name_markup = $1
+        filter_markup = $2
+        @name = Expression.parse(name_markup)
+        if filter_markup =~ /#{FilterSeparator}\s*(.*)/om
+          filters = $1.scan(FilterParser)
           filters.each do |f|
-            if f =~ /\s*(\w+)/
-              filtername = Regexp.last_match(1)
+            if f =~ /\w+/
+              filtername = Regexp.last_match(0)
               filterargs = f.scan(/(?:#{FilterArgumentSeparator}|#{ArgumentSeparator})\s*((?:\w+\s*\:\s*)?#{QuotedFragment})/o).flatten
-              @filters << [filtername, filterargs]
+              @filters << parse_filter_expressions(filtername, filterargs)
             end
           end
         end
@@ -54,7 +55,7 @@ module Liquid
     def strict_parse(markup)
       # Very simple valid cases
       if markup =~ EasyParse
-        @name = $1
+        @name = Expression.parse($1)
         @filters = []
         return
       end
@@ -62,16 +63,13 @@ module Liquid
       @filters = []
       p = Parser.new(markup)
       # Could be just filters with no input
-      @name = p.look(:pipe) ? ''.freeze : p.expression
+      @name = p.look(:pipe) ? nil : Expression.parse(p.expression)
       while p.consume?(:pipe)
         filtername = p.consume(:id)
         filterargs = p.consume?(:colon) ? parse_filterargs(p) : []
-        @filters << [filtername, filterargs]
+        @filters << parse_filter_expressions(filtername, filterargs)
       end
       p.consume(:end_of_string)
-    rescue SyntaxError => e
-      e.message << " in \"{{#{markup}}}\""
-      raise e
     end
 
     def parse_filterargs(p)
@@ -85,22 +83,51 @@ module Liquid
     end
 
     def render(context)
-      return ''.freeze if @name.nil?
-      @filters.inject(context[@name]) do |output, filter|
-        filterargs = []
-        keyword_args = {}
-        filter[1].to_a.each do |a|
-          if matches = a.match(/\A#{TagAttributes}\z/o)
-            keyword_args[matches[1]] = context[matches[2]]
-          else
-            filterargs << context[a]
-          end
+      @filters.inject(context.evaluate(@name)) do |output, (filter_name, filter_args, filter_kwargs)|
+        filter_args = evaluate_filter_expressions(context, filter_args, filter_kwargs)
+        output = context.invoke(filter_name, output, *filter_args)
+      end.tap{ |obj| taint_check(obj) }
+    end
+
+    private
+
+    def parse_filter_expressions(filter_name, unparsed_args)
+      filter_args = []
+      keyword_args = {}
+      unparsed_args.each do |a|
+        if matches = a.match(/\A#{TagAttributes}\z/o)
+          keyword_args[matches[1]] = Expression.parse(matches[2])
+        else
+          filter_args << Expression.parse(a)
+        end
+      end
+      result = [filter_name, filter_args]
+      result << keyword_args unless keyword_args.empty?
+      result
+    end
+
+    def evaluate_filter_expressions(context, filter_args, filter_kwargs)
+      parsed_args = filter_args.map{ |expr| context.evaluate(expr) }
+      if filter_kwargs
+        parsed_kwargs = {}
+        filter_kwargs.each do |key, expr|
+          parsed_kwargs[key] = context.evaluate(expr)
         end
-        filterargs << keyword_args unless keyword_args.empty?
-        begin
-          output = context.invoke(filter[0], output, *filterargs)
-        rescue FilterNotFound
-          raise FilterNotFound, "Error - filter '#{filter[0]}' in '#{@markup.strip}' could not be found."
+        parsed_args << parsed_kwargs
+      end
+      parsed_args
+    end
+
+    def taint_check(obj)
+      if obj.tainted?
+        @markup =~ QuotedFragment
+        name = Regexp.last_match(0)
+        case Template.taint_mode
+        when :warn
+          @warnings ||= []
+          @warnings << "variable '#{name}' is tainted and was not escaped"
+        when :error
+          raise TaintedError, "Error - variable '#{name}' is tainted and was not escaped"
         end
       end
     end

data/lib/liquid/variable_lookup.rb

@@ -0,0 +1,78 @@
+module Liquid
+  class VariableLookup
+    SQUARE_BRACKETED = /\A\[(.*)\]\z/m
+    COMMAND_METHODS = ['size'.freeze, 'first'.freeze, 'last'.freeze]
+
+    def self.parse(markup)
+      new(markup)
+    end
+
+    def initialize(markup)
+      lookups = markup.scan(VariableParser)
+
+      name = lookups.shift
+      if name =~ SQUARE_BRACKETED
+        name = Expression.parse($1)
+      end
+      @name = name
+
+      @lookups = lookups
+      @command_flags = 0
+
+      @lookups.each_index do |i|
+        lookup = lookups[i]
+        if lookup =~ SQUARE_BRACKETED
+          lookups[i] = Expression.parse($1)
+        elsif COMMAND_METHODS.include?(lookup)
+          @command_flags |= 1 << i
+        end
+      end
+    end
+
+    def evaluate(context)
+      name = context.evaluate(@name)
+      object = context.find_variable(name)
+
+      @lookups.each_index do |i|
+        key = context.evaluate(@lookups[i])
+
+        # If object is a hash- or array-like object we look for the
+        # presence of the key and if its available we return it
+        if object.respond_to?(:[]) &&
+          ((object.respond_to?(:has_key?) && object.has_key?(key)) ||
+           (object.respond_to?(:fetch) && key.is_a?(Integer)))
+
+          # if its a proc we will replace the entry with the proc
+          res = context.lookup_and_evaluate(object, key)
+          object = res.to_liquid
+
+          # Some special cases. If the part wasn't in square brackets and
+          # no key with the same name was found we interpret following calls
+          # as commands and call them on the current object
+        elsif @command_flags & (1 << i) != 0 && object.respond_to?(key)
+          object = object.send(key).to_liquid
+
+          # No key was present with the desired value and it wasn't one of the directly supported
+          # keywords either. The only thing we got left is to return nil
+        else
+          return nil
+        end
+
+        # If we are dealing with a drop here we have to
+        object.context = context if object.respond_to?(:context=)
+      end
+
+      object
+    end
+
+    def ==(other)
+      self.class == other.class && self.state == other.state
+    end
+
+    protected
+
+    def state
+      [@name, @lookups, @command_flags]
+    end
+  end
+end