From dd5ee81089c9352f248d48f2114f34402b271a8e Mon Sep 17 00:00:00 2001
From: Justin Li <jli.justinli@gmail.com>
Date: Wed, 29 Oct 2014 12:08:00 -0400
Subject: [PATCH] Disallow number and dash identifier prefixes

---
 lib/liquid/lexer.rb             | 2 +-
 lib/liquid/variable.rb          | 8 --------
 test/unit/lexer_unit_test.rb    | 5 ++++-
 test/unit/variable_unit_test.rb | 2 ++
 4 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/lib/liquid/lexer.rb b/lib/liquid/lexer.rb
index d812fcc..7ab831c 100644
--- a/lib/liquid/lexer.rb
+++ b/lib/liquid/lexer.rb
@@ -13,7 +13,7 @@ module Liquid
       '?'.freeze => :question,
       '-'.freeze => :dash
     }
-    IDENTIFIER = /[\w-]+\??/
+    IDENTIFIER = /[a-zA-Z_]+[\w-]*\??/
     SINGLE_STRING_LITERAL = /'[^\']*'/
     DOUBLE_STRING_LITERAL = /"[^\"]*"/
     NUMBER_LITERAL = /-?\d+(\.\d+)?/
diff --git a/lib/liquid/variable.rb b/lib/liquid/variable.rb
index a93fed7..92b0537 100644
--- a/lib/liquid/variable.rb
+++ b/lib/liquid/variable.rb
@@ -12,7 +12,6 @@ module Liquid
   #
   class Variable
     FilterParser = /(?:\s+|#{QuotedFragment}|#{ArgumentSeparator})+/o
-    EasyParse = /\A *(\w+(?:\.\w+)*) *\z/
     attr_accessor :filters, :name, :warnings
     attr_accessor :line_number
     include ParserSwitching
@@ -53,13 +52,6 @@ module Liquid
     end
 
     def strict_parse(markup)
-      # Very simple valid cases
-      if markup =~ EasyParse
-        @name = Expression.parse($1)
-        @filters = []
-        return
-      end
-
       @filters = []
       p = Parser.new(markup)
 
diff --git a/test/unit/lexer_unit_test.rb b/test/unit/lexer_unit_test.rb
index cf268d1..c331380 100644
--- a/test/unit/lexer_unit_test.rb
+++ b/test/unit/lexer_unit_test.rb
@@ -32,7 +32,10 @@ class LexerUnitTest < Minitest::Test
 
   def test_fancy_identifiers
     tokens = Lexer.new('hi five?').tokenize
-    assert_equal [[:id,'hi'], [:id, 'five?'], [:end_of_string]], tokens
+    assert_equal [[:id, 'hi'], [:id, 'five?'], [:end_of_string]], tokens
+
+    tokens = Lexer.new('2foo').tokenize
+    assert_equal [[:number, '2'], [:id, 'foo'], [:end_of_string]], tokens
   end
 
   def test_whitespace
diff --git a/test/unit/variable_unit_test.rb b/test/unit/variable_unit_test.rb
index 9e170d4..084b846 100644
--- a/test/unit/variable_unit_test.rb
+++ b/test/unit/variable_unit_test.rb
@@ -108,6 +108,8 @@ class VariableUnitTest < Minitest::Test
 
     with_error_mode :strict do
       assert_raises(Liquid::SyntaxError) { Variable.new('foo - bar') }
+      assert_raises(Liquid::SyntaxError) { Variable.new('-foo') }
+      assert_raises(Liquid::SyntaxError) { Variable.new('2foo') }
     end
   end