Mail Security Policy
The use of merge fields in the operator panel is regulated by a strict policy for security reasons. This restricts what is possible for your help desk staff to do in terms of twig code and helps to keep the server secure.
For details on how to set the below configuration items, please read Environment Variables.
Components
The security policy is made up of the following components:
Component | Documentation |
---|---|
Functions | https://twig.symfony.com/doc/3.x/functions/index.html |
Tags | https://twig.symfony.com/doc/3.x/tags/index.html |
Filters | https://twig.symfony.com/doc/3.x/filters/index.html |
Methods | Methods that can be called on class objects. |
Properties | Properties that can be accessed on objects. |
Extending the policy
Create a new file /config/production/mail.php
:
<?php return [ 'policy' => \App\Modules\Core\Controllers\Mailer\MailPolicy::policy()->toArray() ];
Adding new functions
To add new functions to the policy
use the addFunctions(array $functions): self
method:
<?php return [ 'policy' => \App\Modules\Core\Controllers\Mailer\MailPolicy::policy()->addFunctions(['count'])->toArray() ];
Adding new tags
To add new tags to the policy
use the addTags(array $tags): self
method:
<?php return [ 'policy' => \App\Modules\Core\Controllers\Mailer\MailPolicy::policy()->addTags(['do'])->toArray() ];
Adding new filters
To add new filters to the policy
use the addFilters(array $filters): self
method:
<?php return [ 'policy' => \App\Modules\Core\Controllers\Mailer\MailPolicy::policy()->addFilters(['abs'])->toArray() ];
Adding new methods
To allow calling a new method on a class use the addMethod(string $class, array $methods): self
method:
<?php return [ 'policy' => \App\Modules\Core\Controllers\Mailer\MailPolicy::policy()->addMethod(\Illuminate\Support\Collection::class, ['lazy'])->toArray() ];
Adding new properties
To allow accessing a new property on a class use the addProperty(string $class, array $properties): self
method:
<?php return [ 'policy' => \App\Modules\Core\Controllers\Mailer\MailPolicy::policy()->addProperty(\stdClass::class, ['foo'])->toArray() ];