Fabien Potencier discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This could result in potential information disclosure.