- changed the way values are passed as arguments to calls to address …

…referencing issues

MANUAL.html

@@ -34,7 +34,7 @@ <h3>1 - About PHPSandbox &amp; PHPSandbox Toolkit</h3>
                 </a>
                 <br/>
                 <h1 style="margin: 0;">
-                    PHPSandbox Toolkit 1.3.8
+                    PHPSandbox Toolkit 1.3.9
                 </h1>
                 <br/>
                 <strong>Developed by: </strong> <a href="http://www.fieryprophet.com" target="_blank">Elijah Horton</a>

composer.json

@@ -21,6 +21,7 @@
         "phpdocumentor/phpdocumentor": "v2.3.0"
     },
     "autoload": {
+        "files": [ "src/functions.php" ],
         "psr-4": { "PHPSandbox\\": "src/" }
     }
 }

src/Error.php

@@ -11,7 +11,7 @@
      * @namespace PHPSandbox
      *
      * @author  Elijah Horton <[email protected]>
-     * @version 1.3.8
+     * @version 1.3.9
      */
     class Error extends \Exception {
         /* START ERROR CODES */

src/PHPSandbox.php

@@ -14,7 +14,7 @@
      * @namespace PHPSandbox
      *
      * @author  Elijah Horton <[email protected]>
-     * @version 1.3.8
+     * @version 1.3.9
      */
     class PHPSandbox implements \IteratorAggregate {
         /**
@@ -1977,20 +1977,6 @@ public function _func_num_args(array $arguments = array()){
             }
             return $count > 0 ? $count : 0;
         }
-        /** Wrap output value in SandboxString
-         *
-         * @param   mixed                   $value      Value to wrap
-         *
-         * @return  mixed|SandboxedString   Returns the wrapped value
-         */
-        public function _wrap($value){
-            if(is_object($value) && method_exists($value, '__toString')){
-                return $this->_wrap(strval($value));
-            } else if(is_string($value) && is_callable($value)){
-                return new SandboxedString($value, $this);
-            }
-            return $value;
-        }
         /** Get PHPSandbox redefined var_dump
          *
          * @return  array           Returns the redefined var_dump

src/SandboxWhitelistVisitor.php

@@ -13,7 +13,7 @@
      * @namespace PHPSandbox
      *
      * @author  Elijah Horton <[email protected]>
-     * @version 1.3.8
+     * @version 1.3.9
      */
     class SandboxWhitelistVisitor extends \PHPParser_NodeVisitorAbstract {
         /** The PHPSandbox instance to check against

src/SandboxedString.php

@@ -11,7 +11,7 @@
      * @namespace PHPSandbox
      *
      * @author  Elijah Horton <[email protected]>
-     * @version 1.3.8
+     * @version 1.3.9
      */
     class SandboxedString implements \ArrayAccess, \IteratorAggregate {
         /**

src/ValidatorVisitor.php

@@ -13,7 +13,7 @@
      * @namespace PHPSandbox
      *
      * @author  Elijah Horton <[email protected]>
-     * @version 1.3.8
+     * @version 1.3.9
      */
     class ValidatorVisitor extends \PHPParser_NodeVisitorAbstract {
         /** The PHPSandbox instance to check against
@@ -39,7 +39,7 @@ public function __construct(PHPSandbox $sandbox){
          */
         public function leaveNode(\PHPParser_Node $node){
             if($node instanceof \PHPParser_Node_Arg){
-                return new \PHPParser_Node_Expr_MethodCall(new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name))), '_wrap', array($node), $node->getAttributes());
+                return new \PHPParser_Node_Expr_FuncCall(new \PHPParser_Node_Name_FullyQualified(($node->value instanceof \PHPParser_Node_Expr_Variable) ? 'PHPSandbox\\wrapByRef' : 'PHPSandbox\\wrap'), array($node, new \PHPParser_Node_Expr_StaticCall(new \PHPParser_Node_Name_FullyQualified("PHPSandbox\\PHPSandbox"), 'getSandbox', array(new \PHPParser_Node_Scalar_String($this->sandbox->name)))), $node->getAttributes());
             } else if($node instanceof \PHPParser_Node_Stmt_InlineHTML){
                 if(!$this->sandbox->allow_escaping){
                     $this->sandbox->validation_error("Sandboxed code attempted to escape to HTML!", Error::ESCAPE_ERROR, $node);

src/WhitelistVisitor.php

@@ -13,7 +13,7 @@
      * @namespace PHPSandbox
      *
      * @author  Elijah Horton <[email protected]>
-     * @version 1.3.8
+     * @version 1.3.9
      */
     class WhitelistVisitor extends \PHPParser_NodeVisitorAbstract {
         /** The PHPSandbox instance to check against

src/functions.php

@@ -0,0 +1,36 @@
+<?php
+    namespace PHPSandbox;
+
+    /** Wrap output value in SandboxString
+     *
+     * @param   mixed                   $value      Value to wrap
+     * @param   PHPSandbox              $sandbox    Sandbox instance of calling code
+     *
+     * @return  mixed|SandboxedString   Returns the wrapped value
+     */
+    function wrap($value, $sandbox){
+        if(!($value instanceof SandboxedString) && is_object($value) && method_exists($value, '__toString')){
+            $strval = $value->__toString();
+            return is_callable($strval) ? new SandboxedString($strval, $sandbox) : $value;
+        } else if(is_string($value) && is_callable($value)){
+            return new SandboxedString($value, $sandbox);
+        }
+        return $value;
+    }
+
+    /** Wrap output value in SandboxString by reference
+     *
+     * @param   mixed                   $value      Value to wrap
+     * @param   PHPSandbox              $sandbox    Sandbox instance of calling code
+     *
+     * @return  mixed|SandboxedString   Returns the wrapped value
+     */
+    function &wrapByRef(&$value, $sandbox){
+        if(!($value instanceof SandboxedString) && is_object($value) && method_exists($value, '__toString')){
+            $strval = $value->__toString();
+            return is_callable($strval) ? new SandboxedString($strval, $sandbox) : $value;
+        } else if(is_string($value) && is_callable($value)){
+            return new SandboxedString($value, $sandbox);
+        }
+        return $value;
+    }