Calling any method on a "Cms\Classes\Page" object is blocked

Need Help
#1

Hi,
I am migrating a OC v1 theme to OC v3, and I am encountering this error in all my layouts

dev.ERROR: Twig\Sandbox\SecurityNotAllowedMethodError: Calling any method on a "Cms\Classes\Page" object is blocked in "/Users/christophevidal/Sites/mywebsite-new/themes/accm2022/layouts/static.htm" at line 8. in /Users/christophevidal/Sites/mywebsite-new/modules/system/twig/SecurityPolicy.php:181
Stack trace:
#0 /Users/christophevidal/Sites/mywebsite-new/modules/system/twig/SecurityPolicy.php(123): System\Twig\SecurityPolicy->checkMethodAllowedAllowlist(Object(Cms\Classes\Page), 'page_css')
#1 /Users/christophevidal/Sites/mywebsite-new/vendor/twig/twig/src/Extension/SandboxExtension.php(84): System\Twig\SecurityPolicy->checkMethodAllowed(Object(Cms\Classes\Page), 'page_css')
#2 /Users/christophevidal/Sites/mywebsite-new/vendor/twig/twig/src/Extension/CoreExtension.php(1629): Twig\Extension\SandboxExtension->checkMethodAllowed(Object(Cms\Classes\Page), 'page_css', 8, Object(Twig\Source))
#3 /Users/christophevidal/Sites/mywebsite-new/modules/cms/twig/GetAttrNode.php(138): twig_get_attribute(Object(Twig\Environment), Object(Twig\Source), Object(Cms\Classes\Page), 'page_css', Array, 'any', false, true, true, 8)
#4 /Users/christophevidal/Sites/mywebsite-new/storage/cms/twig/50/50d058efee79fd69bff1766848e72bed299b0ee8809bf18c8fa9439b6b2a2087.php(56): Cms\Twig\GetAttrNode::customGetAttribute(Object(Twig\Environment), Object(Twig\Source), Object(Cms\Classes\Page), 'page_css', Array, 'any', false, true, true, 8)
#5 /Users/christophevidal/Sites/mywebsite-new/vendor/twig/twig/src/Template.php(394): __TwigTemplate_2b33e691e9ecb97c49289291db7dbf6ea45dc9dfcfaa2aebc5ec7484614764d8->doDisplay(Array, Array)
#6 /Users/christophevidal/Sites/mywebsite-new/vendor/twig/twig/src/Template.php(367): Twig\Template->displayWithErrorHandling(Array, Array)

layouts looks like

description = "Layout for static page"

[session]
security = "all"

[staticPage]
useContent = 0
default = 1

[staticMenu HeaderStaticMenu]
code = "header-menu"

[staticMenu CreateStaticMenu]
code = "create-menu"

[staticMenu ManageStaticMenu]
code = "manage-menu"

[staticMenu UserStaticMenu]
code = "user-menu"

[googleTracker]

[popups]
activeOnly = 1
hide_with_cookie = 1

[voilaahForms]

==
<?php
function onStart()
{
    if( 'index' == $this->page->id) {

        $now = new \Carbon\Carbon();

        $this['partners'] = \Voilaah\Astar\Models\Company::take(4)->get();

        $this['events'] = \Voilaah\Astar\Models\Event::take(3)->get();

        $this['proposals'] = \Voilaah\Astar\Models\RFQ::get();
    }
}
?>
==
<!DOCTYPE html>
...
#2

Hi @chris

Try this setting in config/cms.php, it helps with migration:

/*
|--------------------------------------------------------------------------
| V1 Security Policy
|--------------------------------------------------------------------------
|
| When using safe mode configuration, the Twig sandbox becomes very strict and
| uses an allow-list to protect calling unapproved methods. Instead, you may
| use V1, which is a more relaxed policy that uses a block-list, it blocks
| most of the unsecure methods but is not as secure as an allow-list.
|
*/

'security_policy_v1' => env('CMS_SECURITY_POLICY_V1', false),
2 Likes
#3

thank you so much @daft