From 62d4625468ea1fe29f3e5459d0dd5430ce20f5ef Mon Sep 17 00:00:00 2001
From: Dylan Thacker-Smith <dylan.smith@shopify.com>
Date: Wed, 10 May 2017 10:41:52 -0400
Subject: [PATCH] Use a loop to strictly parse binary comparisons to avoid
 recursion (#892)

Using recursion allows a malicious template to cause a SystemStackError
---
 lib/liquid/tags/if.rb | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/lib/liquid/tags/if.rb b/lib/liquid/tags/if.rb
index 40176bb..904369d 100644
--- a/lib/liquid/tags/if.rb
+++ b/lib/liquid/tags/if.rb
@@ -83,17 +83,20 @@ module Liquid
 
     def strict_parse(markup)
       p = Parser.new(markup)
-      condition = parse_binary_comparison(p)
+      condition = parse_binary_comparisons(p)
       p.consume(:end_of_string)
       condition
     end
 
-    def parse_binary_comparison(p)
+    def parse_binary_comparisons(p)
       condition = parse_comparison(p)
-      if op = (p.id?('and'.freeze) || p.id?('or'.freeze))
-        condition.send(op, parse_binary_comparison(p))
+      first_condition = condition
+      while op = (p.id?('and'.freeze) || p.id?('or'.freeze))
+        child_condition = parse_comparison(p)
+        condition.send(op, child_condition)
+        condition = child_condition
       end
-      condition
+      first_condition
     end
 
     def parse_comparison(p)