Add extension to gemspec

Ragel doesn't allow us to recurse so we simply
reinvoke the parser for each step.

.gitignore

@@ -6,3 +6,6 @@ pkg
 .rvmrc
 *.o
 *.bundle
+ext/liquid/Makefile
+ext/liquid/liquid_context.c
+

History.md

@@ -1,5 +1,13 @@
 # Liquid Version History
 
+## 2.5.0 / 2013-03-06
+
+* Prevent Object methods from being called on drops
+* Avoid symbol injection from liquid
+* Added break and continue statements
+* Fix filter parser for args without space separators
+* Add support for filter keyword arguments
+
 ## 2.4.0 / 2012-08-03
 
 * Performance improvements

Rakefile

@@ -9,11 +9,11 @@ require 'rubygems/package_task'
 
 task :default => [:compile, :test]
 
-task :ragel do
-  sh "find . -name '*.rl' | xargs ragel -C -G2"
+task :gen do
+  sh "leg -oext/liquid/liquid_context.c ext/liquid/liquid_context.leg"
 end
 
-task :compile => [:ragel, :liquid_ext]
+task :compile => [:gen, :liquid_ext]
 
 extension = "liquid_ext"
 ext = "ext/liquid"
@@ -21,7 +21,7 @@ ext_so = "#{ext}/#{extension}.#{RbConfig::CONFIG['DLEXT']}"
 ext_files = FileList[
   "#{ext}/*.c",
   "#{ext}/*.h",
-  "#{ext}/*.rl",
+  "#{ext}/*.leg",
   "#{ext}/extconf.rb",
   "#{ext}/Makefile",
   "lib"
@@ -32,7 +32,7 @@ task "lib" do
 end
 
 desc "Builds just the #{extension} extension"
-task extension.to_sym => [:ragel, "#{ext}/Makefile", ext_so ]
+task extension.to_sym => [:gen, "#{ext}/Makefile", ext_so ]
 
 file "#{ext}/Makefile" => ["#{ext}/extconf.rb"] do
   Dir.chdir(ext) do ruby "extconf.rb" end
@@ -45,7 +45,7 @@ file ext_so => ext_files do
   cp ext_so, "lib"
 end
 
-Rake::TestTask.new(:test => [:ragel, 'liquid_ext']) do |t|
+Rake::TestTask.new(:test => [:gen, 'liquid_ext']) do |t|
   t.libs << '.' << 'lib' << 'test'
   t.test_files = FileList['test/liquid/**/*_test.rb']
   t.verbose = false

ext/liquid/Makefile

@@ -1,213 +0,0 @@
-
-SHELL = /bin/sh
-
-# V=0 quiet, V=1 verbose.  other values don't work.
-V = 0
-Q1 = $(V:1=)
-Q = $(Q1:0=@)
-n=$(NULLCMD)
-ECHO1 = $(V:1=@$n)
-ECHO = $(ECHO1:0=@echo)
-
-#### Start of system configuration section. ####
-
-srcdir = .
-topdir = /Users/tobi/.rbenv/versions/1.9.3-p194-perf/include/ruby-1.9.1
-hdrdir = /Users/tobi/.rbenv/versions/1.9.3-p194-perf/include/ruby-1.9.1
-arch_hdrdir = /Users/tobi/.rbenv/versions/1.9.3-p194-perf/include/ruby-1.9.1/$(arch)
-VPATH = $(srcdir):$(arch_hdrdir)/ruby:$(hdrdir)/ruby
-prefix = $(DESTDIR)/Users/tobi/.rbenv/versions/1.9.3-p194-perf
-exec_prefix = $(prefix)
-rubylibprefix = $(libdir)/$(RUBY_BASE_NAME)
-bindir = $(exec_prefix)/bin
-sbindir = $(exec_prefix)/sbin
-libexecdir = $(exec_prefix)/libexec
-datarootdir = $(prefix)/share
-datadir = $(datarootdir)
-sysconfdir = $(prefix)/etc
-sharedstatedir = $(prefix)/com
-localstatedir = $(prefix)/var
-includedir = $(prefix)/include
-oldincludedir = $(DESTDIR)/usr/include
-docdir = $(datarootdir)/doc/$(PACKAGE)
-infodir = $(datarootdir)/info
-htmldir = $(docdir)
-dvidir = $(docdir)
-pdfdir = $(docdir)
-psdir = $(docdir)
-libdir = $(exec_prefix)/lib
-localedir = $(datarootdir)/locale
-mandir = $(datarootdir)/man
-ridir = $(datarootdir)/$(RI_BASE_NAME)
-sitedir = $(rubylibprefix)/site_ruby
-vendordir = $(rubylibprefix)/vendor_ruby
-rubyhdrdir = $(includedir)/$(RUBY_BASE_NAME)-$(ruby_version)
-sitehdrdir = $(rubyhdrdir)/site_ruby
-vendorhdrdir = $(rubyhdrdir)/vendor_ruby
-rubylibdir = $(rubylibprefix)/$(ruby_version)
-archdir = $(rubylibdir)/$(arch)
-sitelibdir = $(sitedir)/$(ruby_version)
-sitearchdir = $(sitelibdir)/$(sitearch)
-vendorlibdir = $(vendordir)/$(ruby_version)
-vendorarchdir = $(vendorlibdir)/$(sitearch)
-
-NULLCMD = :
-
-CC = /usr/bin/gcc-4.2
-CXX = g++
-LIBRUBY = $(LIBRUBY_A)
-LIBRUBY_A = lib$(RUBY_SO_NAME)-static.a
-LIBRUBYARG_SHARED = 
-LIBRUBYARG_STATIC = -l$(RUBY_SO_NAME)-static
-OUTFLAG = -o 
-COUTFLAG = -o 
-
-RUBY_EXTCONF_H = 
-cflags   =  $(optflags) $(debugflags) $(warnflags)
-optflags = -O3
-debugflags = -ggdb
-warnflags = -Wextra -Wno-unused-parameter -Wno-parentheses -Wno-long-long -Wno-missing-field-initializers -Wpointer-arith -Wwrite-strings -Wdeclaration-after-statement -Wshorten-64-to-32 -Wimplicit-function-declaration
-CFLAGS   = -fno-common $(cflags)  -pipe $(ARCH_FLAG)
-INCFLAGS = -I. -I$(arch_hdrdir) -I$(hdrdir)/ruby/backward -I$(hdrdir) -I$(srcdir)
-DEFS     = 
-CPPFLAGS =  -I'/Users/tobi/.rbenv/versions/1.9.3-p194-perf/include'  -D_XOPEN_SOURCE -D_DARWIN_C_SOURCE $(DEFS) $(cppflags)
-CXXFLAGS = $(CFLAGS) $(cxxflags)
-ldflags  = -L. -L'/Users/tobi/.rbenv/versions/1.9.3-p194-perf/lib'  -L/usr/local/lib
-dldflags = -Wl,-undefined,dynamic_lookup -Wl,-multiply_defined,suppress -Wl,-flat_namespace
-ARCH_FLAG = 
-DLDFLAGS = $(ldflags) $(dldflags) $(ARCH_FLAG)
-LDSHARED = $(CC) -dynamic -bundle
-LDSHAREDXX = $(CXX) -dynamic -bundle
-AR = ar
-EXEEXT = 
-
-RUBY_BASE_NAME = ruby
-RUBY_INSTALL_NAME = ruby
-RUBY_SO_NAME = ruby
-arch = x86_64-darwin12.0.0
-sitearch = $(arch)
-ruby_version = 1.9.1
-ruby = /Users/tobi/.rbenv/versions/1.9.3-p194-perf/bin/ruby
-RUBY = $(ruby)
-RM = rm -f
-RM_RF = $(RUBY) -run -e rm -- -rf
-RMDIRS = rmdir -p
-MAKEDIRS = mkdir -p
-INSTALL = /usr/bin/install -c
-INSTALL_PROG = $(INSTALL) -m 0755
-INSTALL_DATA = $(INSTALL) -m 644
-COPY = cp
-
-#### End of system configuration section. ####
-
-preload = 
-
-libpath = . $(libdir)
-LIBPATH =  -L. -L$(libdir)
-DEFFILE = 
-
-CLEANFILES = mkmf.log
-DISTCLEANFILES = 
-DISTCLEANDIRS = 
-
-extout = 
-extout_prefix = 
-target_prefix = 
-LOCAL_LIBS = 
-LIBS =  -lc  -lpthread -ldl -lobjc 
-SRCS = liquid_ext.c
-OBJS = liquid_ext.o
-TARGET = liquid_ext
-DLLIB = $(TARGET).bundle
-EXTSTATIC = 
-STATIC_LIB = 
-
-BINDIR        = $(bindir)
-RUBYCOMMONDIR = $(sitedir)$(target_prefix)
-RUBYLIBDIR    = $(sitelibdir)$(target_prefix)
-RUBYARCHDIR   = $(sitearchdir)$(target_prefix)
-HDRDIR        = $(rubyhdrdir)/ruby$(target_prefix)
-ARCHHDRDIR    = $(rubyhdrdir)/$(arch)/ruby$(target_prefix)
-
-TARGET_SO     = $(DLLIB)
-CLEANLIBS     = $(TARGET).bundle 
-CLEANOBJS     = *.o  *.bak
-
-all:    $(DLLIB)
-static: $(STATIC_LIB)
-.PHONY: all install static install-so install-rb
-.PHONY: clean clean-so clean-rb
-
-clean-rb-default::
-clean-rb::
-clean-so::
-clean: clean-so clean-rb-default clean-rb
-		@-$(RM) $(CLEANLIBS) $(CLEANOBJS) $(CLEANFILES)
-
-distclean-rb-default::
-distclean-rb::
-distclean-so::
-distclean: clean distclean-so distclean-rb-default distclean-rb
-		@-$(RM) Makefile $(RUBY_EXTCONF_H) conftest.* mkmf.log
-		@-$(RM) core ruby$(EXEEXT) *~ $(DISTCLEANFILES)
-		@-$(RMDIRS) $(DISTCLEANDIRS) 2> /dev/null || true
-
-realclean: distclean
-install: install-so install-rb
-
-install-so: $(RUBYARCHDIR)
-install-so: $(RUBYARCHDIR)/$(DLLIB)
-$(RUBYARCHDIR)/$(DLLIB): $(DLLIB)
-	@-$(MAKEDIRS) $(@D)
-	$(INSTALL_PROG) $(DLLIB) $(@D)
-install-rb: pre-install-rb install-rb-default
-install-rb-default: pre-install-rb-default
-pre-install-rb: Makefile
-pre-install-rb-default: Makefile
-pre-install-rb-default:
-	$(ECHO) installing default liquid_ext libraries
-$(RUBYARCHDIR):
-	$(Q) $(MAKEDIRS) $@
-
-site-install: site-install-so site-install-rb
-site-install-so: install-so
-site-install-rb: install-rb
-
-.SUFFIXES: .c .m .cc .mm .cxx .cpp .C .o
-
-.cc.o:
-	$(ECHO) compiling $(<)
-	$(Q) $(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) $(COUTFLAG)$@ -c $<
-
-.mm.o:
-	$(ECHO) compiling $(<)
-	$(Q) $(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) $(COUTFLAG)$@ -c $<
-
-.cxx.o:
-	$(ECHO) compiling $(<)
-	$(Q) $(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) $(COUTFLAG)$@ -c $<
-
-.cpp.o:
-	$(ECHO) compiling $(<)
-	$(Q) $(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) $(COUTFLAG)$@ -c $<
-
-.C.o:
-	$(ECHO) compiling $(<)
-	$(Q) $(CXX) $(INCFLAGS) $(CPPFLAGS) $(CXXFLAGS) $(COUTFLAG)$@ -c $<
-
-.c.o:
-	$(ECHO) compiling $(<)
-	$(Q) $(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) $(COUTFLAG)$@ -c $<
-
-.m.o:
-	$(ECHO) compiling $(<)
-	$(Q) $(CC) $(INCFLAGS) $(CPPFLAGS) $(CFLAGS) $(COUTFLAG)$@ -c $<
-
-$(DLLIB): $(OBJS) Makefile
-	$(ECHO) linking shared-object $(DLLIB)
-	@-$(RM) $(@)
-	$(Q) $(LDSHARED) -o $@ $(OBJS) $(LIBPATH) $(DLDFLAGS) $(LOCAL_LIBS) $(LIBS)
-
-
-
-$(OBJS): $(hdrdir)/ruby.h $(hdrdir)/ruby/defines.h $(arch_hdrdir)/ruby/config.h

ext/liquid/liquid_context.leg

@@ -0,0 +1,98 @@
+
+%{ 
+//uncomment to get more debug instrumentation
+//
+//#define YY_DEBUG 
+
+#include <ruby.h>
+
+#define EMIT(sym, data) \
+  rb_ary_push(ctx->rb_tokens, rb_ary_new3(2, ID2SYM(rb_intern(sym)), data)); 
+
+#define yy_rb_str rb_str_new(yytext, yyleng)
+
+#define YYSTYPE VALUE
+#define YY_CTX_LOCAL
+#define YY_CTX_MEMBERS VALUE rb_tokens; char *p; int p_len;
+
+#define YY_INPUT(buf, result, max_size) { \
+    result = ctx->p_len;  \
+    if (result>0 || EOF == ctx->p[0]) { \
+      if (max_size < result) { result = max_size; } \
+      strncpy(buf, ctx->p, result); \
+      buf[result] = '\0'; \
+      yyprintf((stderr, "\nREFILLING %d chars now:<%s>", result, buf));      \
+      ctx->p += result; ctx->p_len -= result; \
+      yyprintf((stderr, "\nREFILLING DONE size left: %d <%s>", ctx->p_len, ctx->p));      \
+    } \
+  }
+%}
+
+grammar  = primary
+         | entity
+         | range
+         | hash { EMIT("lookup", Qnil); }
+         ; 
+
+hash     = '[' (primary|entity) ']';
+
+primary  = var:const     { EMIT("id", var); }
+         | var:string    { EMIT("id", var); } 
+         | var:numeric   { EMIT("id", var); } 
+         ;
+
+accessors = hash         { EMIT("call", Qnil); }
+          | '.first'     { EMIT("buildin", rb_str_new2("first")); }
+          | '.last'      { EMIT("buildin", rb_str_new2("last")); }
+          | '.size'      { EMIT("buildin", rb_str_new2("size")); }          
+          | '.' <identifier>   { EMIT("id", yy_rb_str); EMIT("call", Qnil); } 
+          ;
+
+entity  = <identifier>   { EMIT("id", yy_rb_str); EMIT("lookup", Qnil); } 
+          accessors* 
+        ;
+
+rangelet = var:integer   { EMIT("id", var); }
+         | entity 
+         ;
+
+range    = '(' rangelet '..' rangelet ')' { EMIT("range", Qnil); } 
+
+
+string = ['] < ( !['] .  )* > [']  { $$ = yy_rb_str; }
+       | ["] < ( !["] .  )* > ["]  { $$ = yy_rb_str; }
+       ;
+
+numeric = float
+        | integer
+        ;
+
+float = <'-'? digit+'.'digit+>     { $$ = rb_funcall(rb_cObject, rb_intern("Float"), 1, yy_rb_str); }
+integer = <'-'? digit+>           { $$ = rb_funcall(rb_cObject, rb_intern("Integer"), 1, yy_rb_str); }
+
+
+const   = "true"    { $$ = Qtrue; }
+        | 'false'   { $$ = Qfalse; }
+        | 'nil'     { $$ = Qnil; }
+        | 'null'    { $$ = Qnil; }
+        ;
+
+digit = [0-9];
+identifier = [a-zA-Z][a-zA-Z0-9_\-]*[?!]?;
+
+%% 
+
+VALUE liquid_context_parse_impl(VALUE self, VALUE text) {
+  char *p; 
+  int len; 
+  yycontext ctx;  
+
+  memset(&ctx, 0, sizeof(yycontext));
+  ctx.p = RSTRING_PTR(text);  
+  ctx.p_len = (int) RSTRING_LEN(text);
+  ctx.rb_tokens = rb_ary_new();
+ 
+  yyparse(&ctx);
+
+  return ctx.rb_tokens;
+}

ext/liquid/liquid_ext.rl

@@ -1,159 +0,0 @@
-/*
-  Parser for context#[] method. Generated through ragel from parser.rl 
-  Only modify parser.rl. Run rake ragel afterwards to generate this file. 
-*/
-
-#include <ruby.h>
-
-%%{
-  machine fsm;
-
-  action mark {
-    mark = p;
-  }
-
-  action lookup {
-    EMIT("lookup", Qnil)
-  }
-
-  action call {
-    EMIT("call", Qnil)
-  }
-  action range {
-    EMIT("range", Qnil)
-  }
-
-  constants = ( "true" | "false" | "nil" | "null" );
-
-  # strings 
-  string = "\"" any* "\"" | "'" any* "'";
-
-  # nothingness
-  nil = "nil" | "null" ;
-
-  # numbers
-  integer = ('+'|'-')? digit+;
-  float = ('+'|'-')? digit+ '.' digit+;
-
-  # simple values
-  primitive = (
-
-    integer       >mark %{ 
-      EMIT("id", rb_funcall(rb_cObject, rb_intern("Integer"), 1, rb_str_new(mark, p - mark))); 
-    } |
-
-    float         >mark %{ 
-      EMIT("id", rb_funcall(rb_cObject, rb_intern("Float"), 1, rb_str_new(mark, p - mark))) 
-    } |
-
-    nil           %{ EMIT("id", Qnil) } | 
-    "true"        %{ EMIT("id", Qtrue) } |
-    "false"       %{ EMIT("id", Qfalse) } |
-    
-    string        >mark %{ EMIT("id", rb_str_new(mark + 1, p - mark - 2)) } 
-
-  );
-
-  entity = (
-    ((alpha [A-Za-z0-9_\-]*) - (constants)) >mark %{ 
-      EMIT("id", rb_str_new(mark, p - mark))
-      EMIT("lookup", Qnil) 
-    }
-  );
-
-  # Because of recursion we cannot immediatly resolve the content of this in 
-  # the current grammar. We simply re-invoke the parser here to descend into 
-  # the substring
-  recur = (
-    (any+ - ']') >mark %{
-      VALUE body = rb_str_new(mark, p - mark);
-      liquid_context_parse_impl(body, tokens);
-    }
-  );
-
-  expr = (
-    entity |
-    primitive |    
-    "(" (primitive | entity) ".." (primitive | entity) <: ")"  %range |
-    "[" recur "]" %lookup    
-  );
-
-  hash_accessors  = (
-    "[" recur "]" %call |
-
-    ".first"  %{ 
-      EMIT("buildin", rb_str_new2("first"))
-    } |
-
-    ".last"  %{ 
-      EMIT("buildin", rb_str_new2("last"))
-    } |
-
-    ".size"  %{ 
-      EMIT("buildin", rb_str_new2("size"))      
-    } |
-
-    "." ((alpha [A-Za-z0-9_\-]*) - ("first"|"last"|"size"))  >mark  %{ 
-      EMIT("id", rb_str_new(mark, p - mark))
-      EMIT("call", Qnil) 
-    }
-  );
-
-  main := ( 
-    
-    expr <: (hash_accessors)*
-
-  );
-    
-}%%
-
-%% write data nofinal;
-
-// def self.emit(sym, data, tokens) 
-//   puts "emitting: #{sym} -> #{data.inspect}" if $VERBOSE
-//   tokens.push [sym, data]
-// end
-
-#define EMIT(sym, data) rb_ary_push(tokens, rb_ary_new3(2, ID2SYM(rb_intern(sym)), data)); 
-
-
-void liquid_context_parse_impl(VALUE text, VALUE tokens)
-{
-  char *p;
-  char *pe;
-  char *eof;
-  char *mark;
-  int cs, res = 0;
-
-  if (RSTRING_LEN(text) <= 0) {
-    return;
-  }
-  
-  mark = p = RSTRING_PTR(text); 
-  eof = pe = RSTRING_PTR(text) + RSTRING_LEN(text);    
-
-  %% write init;
-  %% write exec;
-}
-
-VALUE liquid_context_parse(VALUE self, VALUE text) {
-  VALUE tokens;
-
-  //printf("text: %s\n", RSTRING_PTR(text));
-  
-  //Check_Type(text, T_STRING);
-
-  tokens = rb_ary_new();
-  liquid_context_parse_impl(text, tokens);
-  return tokens;
-}
-
-static VALUE rb_Liquid;
-static VALUE rb_Parser;
-
-void Init_liquid_ext()
-{
-  rb_Liquid = rb_define_module("Liquid");
-  rb_Parser = rb_define_class_under(rb_Liquid, "Parser", rb_cObject);
-  rb_define_singleton_method(rb_Parser, "parse", liquid_context_parse, 1);  
-}

ext/liquid/mkmf.log

@@ -1,22 +0,0 @@
-have_library: checking for main() in -lc... -------------------- yes
-
-"/usr/bin/gcc-4.2 -o conftest -I/Users/tobi/.rbenv/versions/1.9.3-p194-perf/include/ruby-1.9.1/x86_64-darwin12.0.0 -I/Users/tobi/.rbenv/versions/1.9.3-p194-perf/include/ruby-1.9.1/ruby/backward -I/Users/tobi/.rbenv/versions/1.9.3-p194-perf/include/ruby-1.9.1 -I. -I'/Users/tobi/.rbenv/versions/1.9.3-p194-perf/include'  -D_XOPEN_SOURCE -D_DARWIN_C_SOURCE  -I'/Users/tobi/.rbenv/versions/1.9.3-p194-perf/include'   -O3 -ggdb -Wextra -Wno-unused-parameter -Wno-parentheses -Wno-long-long -Wno-missing-field-initializers -Wpointer-arith -Wwrite-strings -Wdeclaration-after-statement -Wshorten-64-to-32 -Wimplicit-function-declaration  -pipe conftest.c  -L. -L/Users/tobi/.rbenv/versions/1.9.3-p194-perf/lib -L. -L'/Users/tobi/.rbenv/versions/1.9.3-p194-perf/lib'  -L/usr/local/lib     -lruby-static  -lpthread -ldl -lobjc "
-checked program was:
-/* begin */
-1: #include "ruby.h"
-2: 
-3: int main() {return 0;}
-/* end */
-
-"/usr/bin/gcc-4.2 -o conftest -I/Users/tobi/.rbenv/versions/1.9.3-p194-perf/include/ruby-1.9.1/x86_64-darwin12.0.0 -I/Users/tobi/.rbenv/versions/1.9.3-p194-perf/include/ruby-1.9.1/ruby/backward -I/Users/tobi/.rbenv/versions/1.9.3-p194-perf/include/ruby-1.9.1 -I. -I'/Users/tobi/.rbenv/versions/1.9.3-p194-perf/include'  -D_XOPEN_SOURCE -D_DARWIN_C_SOURCE  -I'/Users/tobi/.rbenv/versions/1.9.3-p194-perf/include'   -O3 -ggdb -Wextra -Wno-unused-parameter -Wno-parentheses -Wno-long-long -Wno-missing-field-initializers -Wpointer-arith -Wwrite-strings -Wdeclaration-after-statement -Wshorten-64-to-32 -Wimplicit-function-declaration  -pipe conftest.c  -L. -L/Users/tobi/.rbenv/versions/1.9.3-p194-perf/lib -L. -L'/Users/tobi/.rbenv/versions/1.9.3-p194-perf/lib'  -L/usr/local/lib     -lruby-static -lc  -lpthread -ldl -lobjc "
-checked program was:
-/* begin */
-1: #include "ruby.h"
-2: 
-3: /*top*/
-4: int main() {return 0;}
-5: int t() { void ((*volatile p)()); p = (void ((*)()))main; return 0; }
-/* end */
-
---------------------
-

lib/liquid/context.rb

@@ -40,6 +40,7 @@ module Liquid
 
       filters.each do |f|
         raise ArgumentError, "Expected module but got: #{f.class}" unless f.is_a?(Module)
+        Strainer.add_known_filter(f)
         strainer.extend(f)
       end
     end
@@ -72,11 +73,7 @@ module Liquid
     end
 
     def invoke(method, *args)
-      if strainer.respond_to?(method)
-        strainer.__send__(method, *args)
-      else
-        args.first
-      end
+      strainer.invoke(method, *args)
     end
 
     # Push new local scope on the stack. use <tt>Context#stack</tt> instead

lib/liquid/drop.rb

@@ -1,3 +1,5 @@
+require 'set'
+
 module Liquid
 
   # A drop in liquid is a class which allows you to export DOM like things to liquid.
@@ -31,8 +33,8 @@ module Liquid
 
     # called by liquid to invoke a drop
     def invoke_drop(method_or_key)
-      if method_or_key && method_or_key != EMPTY_STRING && self.class.public_method_defined?(method_or_key.to_s.to_sym)
-        send(method_or_key.to_s.to_sym)
+      if method_or_key && method_or_key != EMPTY_STRING && self.class.invokable?(method_or_key)
+        send(method_or_key)
       else
         before_method(method_or_key)
       end
@@ -47,5 +49,13 @@ module Liquid
     end
 
     alias :[] :invoke_drop
+
+    private
+
+    # Check for method existence without invoking respond_to?, which creates symbols
+    def self.invokable?(method_name)
+      @invokable_methods ||= Set.new((public_instance_methods - Liquid::Drop.public_instance_methods).map(&:to_s))
+      @invokable_methods.include?(method_name.to_s)
+    end
   end
 end

lib/liquid/strainer.rb

@@ -2,24 +2,15 @@ require 'set'
 
 module Liquid
 
-  parent_object = if defined? BlankObject
-    BlankObject
-  else
-    Object
-  end
-
   # Strainer is the parent class for the filters system.
-  # New filters are mixed into the strainer class which is then instanciated for each liquid template render run.
+  # New filters are mixed into the strainer class which is then instantiated for each liquid template render run.
   #
-  # One of the strainer's responsibilities is to keep malicious method calls out
-  class Strainer < parent_object #:nodoc:
-    INTERNAL_METHOD = /^__/
-    @@required_methods = Set.new([:__id__, :__send__, :respond_to?, :kind_of?, :extend, :methods, :singleton_methods, :class, :object_id])
-
-    # Ruby 1.9.2 introduces Object#respond_to_missing?, which is invoked by Object#respond_to?
-    @@required_methods << :respond_to_missing? if Object.respond_to? :respond_to_missing?
-
+  # The Strainer only allows method calls defined in filters given to it via Strainer.global_filter,
+  # Context#add_filters or Template.register_filter
+  class Strainer #:nodoc:
     @@filters = {}
+    @@known_filters = Set.new
+    @@known_methods = Set.new
 
     def initialize(context)
       @context = context
@@ -27,28 +18,36 @@ module Liquid
 
     def self.global_filter(filter)
       raise ArgumentError, "Passed filter is not a module" unless filter.is_a?(Module)
+      add_known_filter(filter)
       @@filters[filter.name] = filter
     end
 
+    def self.add_known_filter(filter)
+      unless @@known_filters.include?(filter)
+        @@method_blacklist ||= Set.new(Strainer.instance_methods.map(&:to_s))
+        new_methods = filter.instance_methods.map(&:to_s)
+        new_methods.reject!{ |m| @@method_blacklist.include?(m) }
+        @@known_methods.merge(new_methods)
+        @@known_filters.add(filter)
+      end
+    end
+
     def self.create(context)
       strainer = Strainer.new(context)
       @@filters.each { |k,m| strainer.extend(m) }
       strainer
     end
 
-    def respond_to?(method, include_private = false)
-      method_name = method.to_s
-      return false if method_name =~ INTERNAL_METHOD
-      return false if @@required_methods.include?(method_name)
-      super
+    def invoke(method, *args)
+      if invokable?(method)
+        send(method, *args)
+      else
+        args.first
+      end
     end
 
-    # remove all standard methods from the bucket so circumvent security
-    # problems
-    instance_methods.each do |m|
-      unless @@required_methods.include?(m.to_sym)
-        undef_method m
-      end
+    def invokable?(method)
+      @@known_methods.include?(method.to_s) && respond_to?(method)
     end
   end
 end

lib/liquid/variable.rb

@@ -11,7 +11,7 @@ module Liquid
   #   {{ user | link }}
   #
   class Variable
-    FilterParser = /(?:#{FilterSeparator}|(?:\s*(?!(?:#{FilterSeparator}))(?:#{QuotedFragment}|\S+)\s*)+)/o
+    FilterParser = /(?:#{FilterSeparator}|(?:\s*(?:#{QuotedFragment}|#{ArgumentSeparator})\s*)+)/o
     attr_accessor :filters, :name
 
     def initialize(markup)
@@ -23,10 +23,10 @@ module Liquid
         if match[2].match(/#{FilterSeparator}\s*(.*)/o)
           filters = Regexp.last_match(1).scan(FilterParser)
           filters.each do |f|
-            if matches = f.match(/\s*(\w+)/)
+            if matches = f.match(/\s*(\w+)(?:\s*#{FilterArgumentSeparator}(.*))?/)
               filtername = matches[1]
-              filterargs = f.scan(/(?:#{FilterArgumentSeparator}|#{ArgumentSeparator})\s*(#{QuotedFragment})/o).flatten
-              @filters << [filtername.to_sym, filterargs]
+              filterargs = matches[2].to_s.scan(/(?:\A|#{ArgumentSeparator})\s*((?:\w+\s*\:\s*)?#{QuotedFragment})/o).flatten
+              @filters << [filtername, filterargs]
             end
           end
         end
@@ -36,9 +36,16 @@ module Liquid
     def render(context)
       return '' if @name.nil?
       @filters.inject(context[@name]) do |output, filter|
-        filterargs = filter[1].to_a.collect do |a|
-          context[a]
+        filterargs = []
+        keyword_args = {}
+        filter[1].to_a.each do |a|
+          if matches = a.match(/\A#{TagAttributes}\z/o)
+            keyword_args[matches[1]] = context[matches[2]]
+          else
+            filterargs << context[a]
+          end
         end
+        filterargs << keyword_args unless keyword_args.empty?
         begin
           output = context.invoke(filter[0], output, *filterargs)
         rescue FilterNotFound

liquid.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |s|
   s.name        = "liquid"
-  s.version     = "2.4.1"
+  s.version     = "2.5.0"
   s.platform    = Gem::Platform::RUBY
   s.summary     = "A secure, non-evaling end user template engine with aesthetic markup."
   s.authors     = ["Tobias Luetke"]
@@ -13,9 +13,12 @@ Gem::Specification.new do |s|
   s.required_rubygems_version = ">= 1.3.7"
 
   s.test_files  = Dir.glob("{test}/**/*")
-  s.files       = Dir.glob("{lib}/**/*") + %w(MIT-LICENSE README.md)
+  s.files       = Dir.glob("{lib}/**/*") +
+                  Dir.glob("{ext}/**/*") + %w(MIT-LICENSE README.md)
+
+  s.extensions = ['ext/liquid/extconf.rb']
 
   s.extra_rdoc_files  = ["History.md", "README.md"]
 
-  s.require_path = "lib"
+  s.require_paths = ["lib", "ext"]
 end

test/liquid/context_test.rb

@@ -189,10 +189,10 @@ class ContextTest < Test::Unit::TestCase
     end
 
     context = Context.new
-    methods_before = context.strainer.methods.map { |method| method.to_s }
+    assert_equal "Wookie", context.invoke("hi", "Wookie")
+
     context.add_filters(filter)
-    methods_after = context.strainer.methods.map { |method| method.to_s }
-    assert_equal (methods_before + ["hi"]).sort, methods_after.sort
+    assert_equal "Wookie hi!", context.invoke("hi", "Wookie")
   end
 
   def test_add_item_in_outer_scope

test/liquid/drop_test.rb

@@ -115,6 +115,13 @@ class DropsTest < Test::Unit::TestCase
     assert_equal '  ', output
   end
 
+  def test_object_methods_not_allowed
+    [:dup, :clone, :singleton_class, :eval, :class_eval, :inspect].each do |method|
+      output = Liquid::Template.parse(" {{ product.#{method} }} ").render('product' => ProductDrop.new)
+      assert_equal '  ', output
+    end
+  end
+
   def test_scope
     assert_equal '1', Liquid::Template.parse( '{{ context.scopes }}'  ).render('context' => ContextDrop.new)
     assert_equal '2', Liquid::Template.parse( '{%for i in dummy%}{{ context.scopes }}{%endfor%}'  ).render('context' => ContextDrop.new, 'dummy' => [1])

test/liquid/filter_test.rb

@@ -16,6 +16,12 @@ module CanadianMoneyFilter
   end
 end
 
+module SubstituteFilter
+  def substitute(input, params={})
+    input.gsub(/%\{(\w+)\}/) { |match| params[$1] }
+  end
+end
+
 class FiltersTest < Test::Unit::TestCase
   include Liquid
 
@@ -92,6 +98,13 @@ class FiltersTest < Test::Unit::TestCase
 
     assert_equal 1000, Variable.new("var | xyzzy").render(@context)
   end
+
+  def test_filter_with_keyword_arguments
+    @context['surname'] = 'john'
+    @context.add_filters(SubstituteFilter)
+    output = Variable.new(%! 'hello %{first_name}, %{last_name}' | substitute: first_name: surname, last_name: 'doe' !).render(@context)
+    assert_equal 'hello john, doe', output
+  end
 end
 
 class FiltersInTemplate < Test::Unit::TestCase

test/liquid/parser_test.rb

@@ -42,6 +42,7 @@ class ParserTest < Test::Unit::TestCase
   def test_lookups
     assert_equal [[:id, "variable"], [:lookup, nil]], Parser.parse('variable')
     assert_equal [[:id, "underscored_variable"], [:lookup, nil]], Parser.parse('underscored_variable')
+    assert_equal [[:id, "c"], [:lookup, nil]], Parser.parse('c')
   end
 
   def test_global_hash
@@ -56,6 +57,9 @@ class ParserTest < Test::Unit::TestCase
   def test_descent
     assert_equal [[:id, "variable1"], [:lookup, nil], [:id, "variable2"], [:call, nil]], Parser.parse('variable1.variable2')
     assert_equal [[:id, "variable1"], [:lookup, nil], [:id, "variable2"], [:call, nil], [:id, "variable3"], [:call, nil]], Parser.parse('variable1.variable2.variable3')
+    assert_equal [[:id, "variable1"], [:lookup, nil], [:id, "under_score"], [:call, nil]], Parser.parse('variable1.under_score')
+    assert_equal [[:id, "variable1"], [:lookup, nil], [:id, "question?"], [:call, nil]], Parser.parse('variable1.question?')    
+    assert_equal [[:id, "variable1"], [:lookup, nil], [:id, "exclaimation!"], [:call, nil]], Parser.parse('variable1.exclaimation!')    
   end
 
   def test_descent_hash
@@ -76,11 +80,11 @@ class ParserTest < Test::Unit::TestCase
     assert_equal [[:id, "variable1"], [:lookup, nil], [:id, "test1"], [:lookup, nil], [:id, "test2"], [:call, nil], [:call, nil]], 
       Parser.parse('variable1[test1.test2]'), "resolove: variable1[test1.test2]"
 
-    # assert_equal [[:id, "variable1"], [:lookup, nil], [:id, "test1"], [:lookup, nil], [:id, "test2"], [:call, nil], [:call, nil]], 
-    #   Parser.parse('variable1[test1["test2"]]'), 'resolove: variable1[test1["test2"]]'
+    assert_equal [[:id, "variable1"], [:lookup, nil], [:id, "test1"], [:lookup, nil], [:id, "test2"], [:call, nil], [:call, nil]], 
+      Parser.parse('variable1[test1["test2"]]'), 'resolove: variable1[test1["test2"]]'
 
-    # assert_equal [[:id, "variable1"], [:lookup, nil], [:id, "test1"], [:lookup, nil], [:id, "test2"], [:lookup, nil], [:call, nil], [:call, nil]], 
-    #   Parser.parse('variable1[test1[test2]]'), "resolove: variable1[test1[test2]]"
+    assert_equal [[:id, "variable1"], [:lookup, nil], [:id, "test1"], [:lookup, nil], [:id, "test2"], [:lookup, nil], [:call, nil], [:call, nil]], 
+      Parser.parse('variable1[test1[test2]]'), "resolove: variable1[test1[test2]]"
 
   end
 

test/liquid/security_test.rb

@@ -38,4 +38,27 @@ class SecurityTest < Test::Unit::TestCase
 
     assert_equal expected, Template.parse(text).render(@assigns, :filters => SecurityFilter)
   end
+
+  def test_does_not_add_filters_to_symbol_table
+    current_symbols = Symbol.all_symbols
+
+    test = %( {{ "some_string" | a_bad_filter }} )
+
+    template = Template.parse(test)
+    assert_equal [], (Symbol.all_symbols - current_symbols)
+
+    template.render
+    assert_equal [], (Symbol.all_symbols - current_symbols)
+  end
+
+  def test_does_not_add_drop_methods_to_symbol_table
+    current_symbols = Symbol.all_symbols
+
+    drop = Drop.new
+    drop.invoke_drop("custom_method_1")
+    drop.invoke_drop("custom_method_2")
+    drop.invoke_drop("custom_method_3")
+
+    assert_equal [], (Symbol.all_symbols - current_symbols)
+  end
 end # SecurityTest

test/liquid/strainer_test.rb

@@ -3,23 +3,50 @@ require 'test_helper'
 class StrainerTest < Test::Unit::TestCase
   include Liquid
 
+  module AccessScopeFilters
+    def public_filter
+      "public"
+    end
+
+    def private_filter
+      "private"
+    end
+    private :private_filter
+  end
+
+  Strainer.global_filter(AccessScopeFilters)
+
   def test_strainer
     strainer = Strainer.create(nil)
-    assert_equal false, strainer.respond_to?('__test__')
-    assert_equal false, strainer.respond_to?('test')
-    assert_equal false, strainer.respond_to?('instance_eval')
-    assert_equal false, strainer.respond_to?('__send__')
-    assert_equal true, strainer.respond_to?('size') # from the standard lib
+    assert_equal 5, strainer.invoke('size', 'input')
+    assert_equal "public", strainer.invoke("public_filter")
   end
 
-  def test_should_respond_to_two_parameters
+  def test_strainer_only_invokes_public_filter_methods
     strainer = Strainer.create(nil)
-    assert_equal true, strainer.respond_to?('size', false)
+    assert_equal false, strainer.invokable?('__test__')
+    assert_equal false, strainer.invokable?('test')
+    assert_equal false, strainer.invokable?('instance_eval')
+    assert_equal false, strainer.invokable?('__send__')
+    assert_equal true, strainer.invokable?('size') # from the standard lib
   end
 
-  # Asserts that Object#respond_to_missing? is not being undefined in Ruby versions where it has been implemented
-  # Currently this method is only present in Ruby v1.9.2, or higher
-  def test_object_respond_to_missing
-    assert_equal Object.respond_to?(:respond_to_missing?), Strainer.create(nil).respond_to?(:respond_to_missing?)
+  def test_strainer_returns_nil_if_no_filter_method_found
+    strainer = Strainer.create(nil)
+    assert_nil strainer.invoke("private_filter")
+    assert_nil strainer.invoke("undef_the_filter")
   end
+
+  def test_strainer_returns_first_argument_if_no_method_and_arguments_given
+    strainer = Strainer.create(nil)
+    assert_equal "password", strainer.invoke("undef_the_method", "password")
+  end
+
+  def test_strainer_only_allows_methods_defined_in_filters
+    strainer = Strainer.create(nil)
+    assert_equal "1 + 1", strainer.invoke("instance_eval", "1 + 1")
+    assert_equal "puts",  strainer.invoke("__send__", "puts", "Hi Mom")
+    assert_equal "has_method?", strainer.invoke("invoke", "has_method?", "invoke")
+  end
+
 end # StrainerTest

test/liquid/variable_test.rb

@@ -11,67 +11,71 @@ class VariableTest < Test::Unit::TestCase
   def test_filters
     var = Variable.new('hello | textileze')
     assert_equal 'hello', var.name
-    assert_equal [[:textileze,[]]], var.filters
+    assert_equal [["textileze",[]]], var.filters
 
     var = Variable.new('hello | textileze | paragraph')
     assert_equal 'hello', var.name
-    assert_equal [[:textileze,[]], [:paragraph,[]]], var.filters
+    assert_equal [["textileze",[]], ["paragraph",[]]], var.filters
 
     var = Variable.new(%! hello | strftime: '%Y'!)
     assert_equal 'hello', var.name
-    assert_equal [[:strftime,["'%Y'"]]], var.filters
+    assert_equal [["strftime",["'%Y'"]]], var.filters
 
     var = Variable.new(%! 'typo' | link_to: 'Typo', true !)
     assert_equal %!'typo'!, var.name
-    assert_equal [[:link_to,["'Typo'", "true"]]], var.filters
+    assert_equal [["link_to",["'Typo'", "true"]]], var.filters
 
     var = Variable.new(%! 'typo' | link_to: 'Typo', false !)
     assert_equal %!'typo'!, var.name
-    assert_equal [[:link_to,["'Typo'", "false"]]], var.filters
+    assert_equal [["link_to",["'Typo'", "false"]]], var.filters
 
     var = Variable.new(%! 'foo' | repeat: 3 !)
     assert_equal %!'foo'!, var.name
-    assert_equal [[:repeat,["3"]]], var.filters
+    assert_equal [["repeat",["3"]]], var.filters
 
     var = Variable.new(%! 'foo' | repeat: 3, 3 !)
     assert_equal %!'foo'!, var.name
-    assert_equal [[:repeat,["3","3"]]], var.filters
+    assert_equal [["repeat",["3","3"]]], var.filters
 
     var = Variable.new(%! 'foo' | repeat: 3, 3, 3 !)
     assert_equal %!'foo'!, var.name
-    assert_equal [[:repeat,["3","3","3"]]], var.filters
+    assert_equal [["repeat",["3","3","3"]]], var.filters
 
     var = Variable.new(%! hello | strftime: '%Y, okay?'!)
     assert_equal 'hello', var.name
-    assert_equal [[:strftime,["'%Y, okay?'"]]], var.filters
+    assert_equal [["strftime",["'%Y, okay?'"]]], var.filters
 
     var = Variable.new(%! hello | things: "%Y, okay?", 'the other one'!)
     assert_equal 'hello', var.name
-    assert_equal [[:things,["\"%Y, okay?\"","'the other one'"]]], var.filters
+    assert_equal [["things",["\"%Y, okay?\"","'the other one'"]]], var.filters
   end
 
   def test_filter_with_date_parameter
 
     var = Variable.new(%! '2006-06-06' | date: "%m/%d/%Y"!)
     assert_equal "'2006-06-06'", var.name
-    assert_equal [[:date,["\"%m/%d/%Y\""]]], var.filters
+    assert_equal [["date",["\"%m/%d/%Y\""]]], var.filters
 
   end
 
   def test_filters_without_whitespace
     var = Variable.new('hello | textileze | paragraph')
     assert_equal 'hello', var.name
-    assert_equal [[:textileze,[]], [:paragraph,[]]], var.filters
+    assert_equal [["textileze",[]], ["paragraph",[]]], var.filters
 
     var = Variable.new('hello|textileze|paragraph')
     assert_equal 'hello', var.name
-    assert_equal [[:textileze,[]], [:paragraph,[]]], var.filters
+    assert_equal [["textileze",[]], ["paragraph",[]]], var.filters
+
+    var = Variable.new("hello|replace:'foo','bar'|textileze")
+    assert_equal 'hello', var.name
+    assert_equal [["replace", ["'foo'", "'bar'"]], ["textileze", []]], var.filters
   end
 
   def test_symbol
     var = Variable.new("http://disney.com/logo.gif | image: 'med' ")
     assert_equal 'http://disney.com/logo.gif', var.name
-    assert_equal [[:image,["'med'"]]], var.filters
+    assert_equal [["image",["'med'"]]], var.filters
   end
 
   def test_string_single_quoted
@@ -103,6 +107,12 @@ class VariableTest < Test::Unit::TestCase
     var = Variable.new(%| test.test |)
     assert_equal 'test.test', var.name
   end
+
+  def test_filter_with_keyword_arguments
+    var = Variable.new(%! hello | things: greeting: "world", farewell: 'goodbye'!)
+    assert_equal 'hello', var.name
+    assert_equal [['things',["greeting: \"world\"","farewell: 'goodbye'"]]], var.filters
+  end
 end