Install latest bundler on travis

Use start_with? instead of Regex

.travis.yml

@@ -10,10 +10,19 @@ rvm:
 
 sudo: false
 
+addons:
+  apt:
+    packages:
+    - libgmp3-dev
+
 matrix:
   allow_failures:
     - rvm: jruby-head
 
+before_install:
+  - gem update --system
+  - gem install bundler --pre
+
 script: "bundle exec rake"
 
 notifications:

CONTRIBUTING.md

@@ -4,23 +4,22 @@
 
 * Bugfixes
 * Performance improvements
-* Features which are likely to be useful to the majority of Liquid users
+* Features that are likely to be useful to the majority of Liquid users
 
 ## Things we won't merge
 
-* Code which introduces considerable performance degrations
-* Code which touches performance critical parts of Liquid and comes without benchmarks
-* Features which are not important for most people (we want to keep the core Liquid code small and tidy)
-* Features which can easily be implemented on top of Liquid (for example as a custom filter or custom filesystem)
-* Code which comes without tests
-* Code which breaks existing tests
+* Code that introduces considerable performance degrations
+* Code that touches performance-critical parts of Liquid and comes without benchmarks
+* Features that are not important for most people (we want to keep the core Liquid code small and tidy)
+* Features that can easily be implemented on top of Liquid (for example as a custom filter or custom filesystem)
+* Code that does not include tests
+* Code that breaks existing tests
 
 ## Workflow
 
 * Fork the Liquid repository
 * Create a new branch in your fork
-* If it makes sense, add tests for your code and run a performance benchmark
-* Make sure all tests pass
+* If it makes sense, add tests for your code and/or run a performance benchmark
+* Make sure all tests pass (`bundle exec rake`)
 * Create a pull request
-* In the description, ping one of [@boourns](https://github.com/boourns), [@fw42](https://github.com/fw42), [@camilo](https://github.com/camilo), [@dylanahsmith](https://github.com/dylanahsmith), or [@arthurnn](https://github.com/arthurnn) and ask for a code review.
 

History.md

@@ -3,6 +3,9 @@
 ## 4.0.0 / not yet released / branch "master"
 
 ### Changed
+* Add strict_variables and strict_filters options to detect undefined references (#691)
+* Improve loop performance (#681) [Florian Weingarten]
+* Rename Drop method `before_method` to `liquid_method_missing` (#661) [Thierry Joyal]
 * Add url_decode filter to invert url_encode (#645) [Larry Archer]
 * Add global_filter to apply a filter to all output (#610) [Loren Hale]
 * Add compact filter (#600) [Carson Reinke]
@@ -15,9 +18,12 @@
 * Ruby 1.9 support dropped (#491) [Justin Li]
 * Liquid::Template.file_system's read_template_file method is no longer passed the context. (#441) [James Reid-Smith]
 * Remove support for `liquid_methods`
-* Rename Drop method `before_method` as `liquid_method_missing` (#661) [Thierry Joyal]
+* Liquid::Template.register_filter raises when the module overrides registered public methods as private or protected (#705) [Gaurav Chande]
 
 ### Fixed
+* Fix map filter when value is a Proc (#672) [Guillaume Malette]
+* Fix truncate filter when value is not a string (#672) [Guillaume Malette]
+* Fix behaviour of escape filter when input is nil (#665) [Tanel Jakobsoo]
 * Fix sort filter behaviour with empty array input (#652) [Marcel Cary]
 * Fix test failure under certain timezones (#631) [Dylan Thacker-Smith]
 * Fix bug in uniq filter (#595) [Florian Weingarten]

README.md

@@ -73,3 +73,34 @@ This is useful for doing things like enabling strict mode only in the theme edit
 
 It is recommended that you enable `:strict` or `:warn` mode on new apps to stop invalid templates from being created.
 It is also recommended that you use it in the template editors of existing apps to give editors better error messages.
+
+### Undefined variables and filters
+
+By default, the renderer doesn't raise or in any other way notify you if some variables or filters are missing, i.e. not passed to the `render` method.
+You can improve this situation by passing `strict_variables: true` and/or `strict_filters: true` options to the `render` method.
+When one of these options is set to true, all errors about undefined variables and undefined filters will be stored in `errors` array of a `Liquid::Template` instance.
+Here are some examples:
+
+```ruby
+template = Liquid::Template.parse("{{x}} {{y}} {{z.a}} {{z.b}}")
+template.render({ 'x' => 1, 'z' => { 'a' => 2 } }, { strict_variables: true })
+#=> '1  2 ' # when a variable is undefined, it's rendered as nil
+template.errors
+#=> [#<Liquid::UndefinedVariable: Liquid error: undefined variable y>, #<Liquid::UndefinedVariable: Liquid error: undefined variable b>]
+```
+
+```ruby
+template = Liquid::Template.parse("{{x | filter1 | upcase}}")
+template.render({ 'x' => 'foo' }, { strict_filters: true })
+#=> '' # when at least one filter in the filter chain is undefined, a whole expression is rendered as nil
+template.errors
+#=> [#<Liquid::UndefinedFilter: Liquid error: undefined filter filter1>]
+```
+
+If you want to raise on a first exception instead of pushing all of them in `errors`, you can use `render!` method:
+
+```ruby
+template = Liquid::Template.parse("{{x}} {{y}}")
+template.render!({ 'x' => 1}, { strict_variables: true })
+#=> Liquid::UndefinedVariable: Liquid error: undefined variable y
+```

lib/liquid/block_body.rb

@@ -76,6 +76,9 @@ module Liquid
           end
         rescue MemoryError => e
           raise e
+        rescue UndefinedVariable, UndefinedDropMethod, UndefinedFilter => e
+          context.handle_error(e, token.line_number)
+          output << nil
         rescue ::StandardError => e
           output << context.handle_error(e, token.line_number)
         end

lib/liquid/context.rb

@@ -13,7 +13,7 @@ module Liquid
   #   context['bob']  #=> nil  class Context
   class Context
     attr_reader :scopes, :errors, :registers, :environments, :resource_limits
-    attr_accessor :exception_handler, :template_name, :partial, :global_filter
+    attr_accessor :exception_handler, :template_name, :partial, :global_filter, :strict_variables, :strict_filters
 
     def initialize(environments = {}, outer_scope = {}, registers = {}, rethrow_errors = false, resource_limits = nil)
       @environments     = [environments].flatten
@@ -205,7 +205,13 @@ module Liquid
     end
 
     def lookup_and_evaluate(obj, key)
-      if (value = obj[key]).is_a?(Proc) && obj.respond_to?(:[]=)
+      if @strict_variables && obj.respond_to?(:key?) && !obj.key?(key)
+        raise Liquid::UndefinedVariable, "undefined variable #{key}"
+      end
+
+      value = obj[key]
+
+      if value.is_a?(Proc) && obj.respond_to?(:[]=)
         obj[key] = (value.arity == 0) ? value.call : value.call(self)
       else
         value

lib/liquid/drop.rb

@@ -24,8 +24,9 @@ module Liquid
     attr_writer :context
 
     # Catch all for the method
-    def liquid_method_missing(_method)
-      nil
+    def liquid_method_missing(method)
+      return nil unless @context && @context.strict_variables
+      raise Liquid::UndefinedDropMethod, "undefined method #{method}"
     end
 
     # called by liquid to invoke a drop

lib/liquid/errors.rb

@@ -56,4 +56,8 @@ module Liquid
   MemoryError = Class.new(Error)
   ZeroDivisionError = Class.new(Error)
   FloatDomainError = Class.new(Error)
+  UndefinedVariable = Class.new(Error)
+  UndefinedDropMethod = Class.new(Error)
+  UndefinedFilter = Class.new(Error)
+  MethodOverrideError = Class.new(Error)
 end

lib/liquid/file_system.rb

@@ -65,7 +65,7 @@ module Liquid
         File.join(root, @pattern % template_path)
       end
 
-      raise FileSystemError, "Illegal template path '#{File.expand_path(full_path)}'" unless File.expand_path(full_path) =~ /\A#{File.expand_path(root)}/
+      raise FileSystemError, "Illegal template path '#{File.expand_path(full_path)}'" unless File.expand_path(full_path).start_with?(File.expand_path(root))
 
       full_path
     end

lib/liquid/standardfilters.rb

@@ -125,8 +125,6 @@ module Liquid
         []
       elsif ary.first.respond_to?(:[]) && !ary.first[property].nil?
         ary.sort { |a, b| a[property] <=> b[property] }
-      elsif ary.first.respond_to?(property)
-        ary.sort { |a, b| a.send(property) <=> b.send(property) }
       end
     end
 
@@ -141,8 +139,6 @@ module Liquid
         []
       elsif ary.first.respond_to?(:[]) && !ary.first[property].nil?
         ary.sort { |a, b| a[property].casecmp(b[property]) }
-      elsif ary.first.respond_to?(property)
-        ary.sort { |a, b| a.send(property).casecmp(b.send(property)) }
       end
     end
 
@@ -191,8 +187,6 @@ module Liquid
         []
       elsif ary.first.respond_to?(:[])
         ary.reject{ |a| a[property].nil? }
-      elsif ary.first.respond_to?(property)
-        ary.reject { |a| a.send(property).nil? }
       end
     end
 
@@ -341,9 +335,12 @@ module Liquid
       raise Liquid::FloatDomainError, e.message
     end
 
-    def default(input, default_value = "".freeze)
-      is_blank = input.respond_to?(:empty?) ? input.empty? : !input
-      is_blank ? default_value : input
+    def default(input, default_value = ''.freeze)
+      if !input || input.respond_to?(:empty?) && input.empty?
+        default_value
+      else
+        input
+      end
     end
 
     private

lib/liquid/strainer.rb

@@ -26,10 +26,15 @@ module Liquid
     end
 
     def self.add_filter(filter)
-      raise ArgumentError, "Expected module but got: #{f.class}" unless filter.is_a?(Module)
+      raise ArgumentError, "Expected module but got: #{filter.class}" unless filter.is_a?(Module)
       unless self.class.include?(filter)
-        send(:include, filter)
-        @filter_methods.merge(filter.public_instance_methods.map(&:to_s))
+        invokable_non_public_methods = (filter.private_instance_methods + filter.protected_instance_methods).select { |m| invokable?(m) }
+        if invokable_non_public_methods.any?
+          raise MethodOverrideError, "Filter overrides registered public methods as non public: #{invokable_non_public_methods.join(', ')}"
+        else
+          send(:include, filter)
+          @filter_methods.merge(filter.public_instance_methods.map(&:to_s))
+        end
       end
     end
 
@@ -48,6 +53,8 @@ module Liquid
     def invoke(method, *args)
       if self.class.invokable?(method)
         send(method, *args)
+      elsif @context && @context.strict_filters
+        raise Liquid::UndefinedFilter, "undefined filter #{method}"
       else
         args.first
       end

lib/liquid/tags/assign.rb

@@ -23,16 +23,28 @@ module Liquid
     def render(context)
       val = @from.render(context)
       context.scopes.last[@to] = val
-
-      inc = val.instance_of?(String) || val.instance_of?(Array) || val.instance_of?(Hash) ? val.length : 1
-      context.resource_limits.assign_score += inc
-
+      context.resource_limits.assign_score += assign_score_of(val)
       ''.freeze
     end
 
     def blank?
       true
     end
+
+    private
+
+    def assign_score_of(val)
+      if val.instance_of?(String)
+        val.length
+      elsif val.instance_of?(Array) || val.instance_of?(Hash)
+        sum = 1
+        # Uses #each to avoid extra allocations.
+        val.each { |child| sum += assign_score_of(child) }
+        sum
+      else
+        1
+      end
+    end
   end
 
   Template.register_tag('assign'.freeze, Assign)

lib/liquid/template.rb

@@ -181,12 +181,7 @@ module Liquid
 
         registers.merge!(options[:registers]) if options[:registers].is_a?(Hash)
 
-        context.add_filters(options[:filters]) if options[:filters]
-
-        context.global_filter = options[:global_filter] if options[:global_filter]
-
-        context.exception_handler = options[:exception_handler] if options[:exception_handler]
-
+        apply_options_to_context(context, options)
       when Module, Array
         context.add_filters(args.pop)
       end
@@ -235,5 +230,13 @@ module Liquid
         yield
       end
     end
+
+    def apply_options_to_context(context, options)
+      context.add_filters(options[:filters]) if options[:filters]
+      context.global_filter = options[:global_filter] if options[:global_filter]
+      context.exception_handler = options[:exception_handler] if options[:exception_handler]
+      context.strict_variables = options[:strict_variables] if options[:strict_variables]
+      context.strict_filters = options[:strict_filters] if options[:strict_filters]
+    end
   end
 end

lib/liquid/variable_lookup.rb

@@ -55,9 +55,11 @@ module Liquid
           object = object.send(key).to_liquid
 
           # No key was present with the desired value and it wasn't one of the directly supported
-          # keywords either. The only thing we got left is to return nil
+          # keywords either. The only thing we got left is to return nil or
+          # raise an exception if `strict_variables` option is set to true
         else
-          return nil
+          return nil unless context.strict_variables
+          raise Liquid::UndefinedVariable, "undefined variable #{key}"
         end
 
         # If we are dealing with a drop here we have to

test/integration/template_test.rb

@@ -27,6 +27,12 @@ class ErroneousDrop < Liquid::Drop
   end
 end
 
+class DropWithUndefinedMethod < Liquid::Drop
+  def foo
+    'foo'
+  end
+end
+
 class TemplateTest < Minitest::Test
   include Liquid
 
@@ -133,6 +139,17 @@ class TemplateTest < Minitest::Test
     refute_nil t.resource_limits.assign_score
   end
 
+  def test_resource_limits_assign_score_nested
+    t = Template.parse("{% assign foo = 'aaaa' | reverse %}")
+
+    t.resource_limits.assign_score_limit = 3
+    assert_equal "Liquid error: Memory limits exceeded", t.render
+    assert t.resource_limits.reached?
+
+    t.resource_limits.assign_score_limit = 5
+    assert_equal "", t.render!
+  end
+
   def test_resource_limits_aborts_rendering_after_first_error
     t = Template.parse("{% for a in (1..100) %} foo1 {% endfor %} bar {% for a in (1..100) %} foo2 {% endfor %}")
     t.resource_limits.render_score_limit = 50
@@ -225,4 +242,68 @@ class TemplateTest < Minitest::Test
 
     assert_equal 'BOB filtered', rendered_template
   end
+
+  def test_undefined_variables
+    t = Template.parse("{{x}} {{y}} {{z.a}} {{z.b}} {{z.c.d}}")
+    result = t.render({ 'x' => 33, 'z' => { 'a' => 32, 'c' => { 'e' => 31 } } }, { strict_variables: true })
+
+    assert_equal '33  32  ', result
+    assert_equal 3, t.errors.count
+    assert_instance_of Liquid::UndefinedVariable, t.errors[0]
+    assert_equal 'Liquid error: undefined variable y', t.errors[0].message
+    assert_instance_of Liquid::UndefinedVariable, t.errors[1]
+    assert_equal 'Liquid error: undefined variable b', t.errors[1].message
+    assert_instance_of Liquid::UndefinedVariable, t.errors[2]
+    assert_equal 'Liquid error: undefined variable d', t.errors[2].message
+  end
+
+  def test_undefined_variables_raise
+    t = Template.parse("{{x}} {{y}} {{z.a}} {{z.b}} {{z.c.d}}")
+
+    assert_raises UndefinedVariable do
+      t.render!({ 'x' => 33, 'z' => { 'a' => 32, 'c' => { 'e' => 31 } } }, { strict_variables: true })
+    end
+  end
+
+  def test_undefined_drop_methods
+    d = DropWithUndefinedMethod.new
+    t = Template.new.parse('{{ foo }} {{ woot }}')
+    result = t.render(d, { strict_variables: true })
+
+    assert_equal 'foo ', result
+    assert_equal 1, t.errors.count
+    assert_instance_of Liquid::UndefinedDropMethod, t.errors[0]
+  end
+
+  def test_undefined_drop_methods_raise
+    d = DropWithUndefinedMethod.new
+    t = Template.new.parse('{{ foo }} {{ woot }}')
+
+    assert_raises UndefinedDropMethod do
+      t.render!(d, { strict_variables: true })
+    end
+  end
+
+  def test_undefined_filters
+    t = Template.parse("{{a}} {{x | upcase | somefilter1 | somefilter2 | somefilter3}}")
+    filters = Module.new do
+      def somefilter3(v)
+        "-#{v}-"
+      end
+    end
+    result = t.render({ 'a' => 123, 'x' => 'foo' }, { filters: [filters], strict_filters: true })
+
+    assert_equal '123 ', result
+    assert_equal 1, t.errors.count
+    assert_instance_of Liquid::UndefinedFilter, t.errors[0]
+    assert_equal 'Liquid error: undefined filter somefilter1', t.errors[0].message
+  end
+
+  def test_undefined_filters_raise
+    t = Template.parse("{{x | somefilter1 | upcase | somefilter2}}")
+
+    assert_raises UndefinedFilter do
+      t.render!({ 'x' => 'foo' }, { strict_filters: true })
+    end
+  end
 end

test/unit/strainer_unit_test.rb

@@ -77,4 +77,60 @@ class StrainerUnitTest < Minitest::Test
     assert_kind_of b, strainer
     assert_kind_of Liquid::StandardFilters, strainer
   end
+
+  def test_add_filter_when_wrong_filter_class
+    c = Context.new
+    s = c.strainer
+    wrong_filter = ->(v) { v.reverse }
+
+    assert_raises ArgumentError do
+      s.class.add_filter(wrong_filter)
+    end
+  end
+
+  module PrivateMethodOverrideFilter
+    private
+
+    def public_filter
+      "overriden as private"
+    end
+  end
+
+  def test_add_filter_raises_when_module_privately_overrides_registered_public_methods
+    strainer = Context.new.strainer
+
+    error = assert_raises(Liquid::MethodOverrideError) do
+      strainer.class.add_filter(PrivateMethodOverrideFilter)
+    end
+    assert_equal 'Liquid error: Filter overrides registered public methods as non public: public_filter', error.message
+  end
+
+  module ProtectedMethodOverrideFilter
+    protected
+
+    def public_filter
+      "overriden as protected"
+    end
+  end
+
+  def test_add_filter_raises_when_module_overrides_registered_public_method_as_protected
+    strainer = Context.new.strainer
+
+    error = assert_raises(Liquid::MethodOverrideError) do
+      strainer.class.add_filter(ProtectedMethodOverrideFilter)
+    end
+    assert_equal 'Liquid error: Filter overrides registered public methods as non public: public_filter', error.message
+  end
+
+  module PublicMethodOverrideFilter
+    def public_filter
+      "public"
+    end
+  end
+
+  def test_add_filter_does_not_raise_when_module_overrides_previously_registered_method
+    strainer = Context.new.strainer
+    strainer.class.add_filter(PublicMethodOverrideFilter)
+    assert strainer.class.filter_methods.include?('public_filter')
+  end
 end # StrainerTest