security #cve-2019-11325 [VarExporter] fix exporting some strings (nicolas-grekas)
This PR was merged into the 4.2 branch.
This commit is contained in:
commit
9067fdc950
|
@ -212,27 +212,28 @@ class Exporter
|
||||||
$subIndent = $indent.' ';
|
$subIndent = $indent.' ';
|
||||||
|
|
||||||
if (\is_string($value)) {
|
if (\is_string($value)) {
|
||||||
$code = var_export($value, true);
|
$code = sprintf("'%s'", addcslashes($value, "'\\"));
|
||||||
|
|
||||||
if (false !== strpos($value, "\n") || false !== strpos($value, "\r")) {
|
$code = preg_replace_callback('/([\0\r\n]++)(.)/', function ($m) use ($subIndent) {
|
||||||
$code = strtr($code, [
|
$m[1] = sprintf('\'."%s".\'', str_replace(
|
||||||
"\r\n" => "'.\"\\r\\n\"\n".$subIndent.".'",
|
["\0", "\r", "\n", '\n\\'],
|
||||||
"\r" => "'.\"\\r\"\n".$subIndent.".'",
|
['\0', '\r', '\n', '\n"'."\n".$subIndent.'."\\'],
|
||||||
"\n" => "'.\"\\n\"\n".$subIndent.".'",
|
$m[1]
|
||||||
]);
|
));
|
||||||
}
|
|
||||||
|
|
||||||
if (false !== strpos($value, "\0")) {
|
if ("'" === $m[2]) {
|
||||||
$code = str_replace('\' . "\0" . \'', '\'."\0".\'', $code);
|
return substr($m[1], 0, -2);
|
||||||
$code = str_replace('".\'\'."', '', $code);
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if (false !== strpos($code, "''.")) {
|
if ('n".\'' === substr($m[1], -4)) {
|
||||||
$code = str_replace("''.", '', $code);
|
return substr_replace($m[1], "\n".$subIndent.".'".$m[2], -2);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (".''" === substr($code, -3)) {
|
return $m[1].$m[2];
|
||||||
$code = rtrim(substr($code, 0, -3));
|
}, $code, -1, $count);
|
||||||
|
|
||||||
|
if ($count && 0 === strpos($code, "''.")) {
|
||||||
|
$code = substr($code, 3);
|
||||||
}
|
}
|
||||||
|
|
||||||
return $code;
|
return $code;
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
return '\'BOOM\''."\n"
|
||||||
|
.'.var_dump(123)//\'';
|
|
@ -2,7 +2,6 @@
|
||||||
|
|
||||||
return [
|
return [
|
||||||
"\0\0\r\n"
|
"\0\0\r\n"
|
||||||
.'A' => 'B'."\r"
|
.'A' => 'B'."\r".'C'."\n"
|
||||||
.'C'."\n"
|
|
||||||
."\n",
|
."\n",
|
||||||
];
|
];
|
||||||
|
|
|
@ -109,6 +109,7 @@ class VarExporterTest extends TestCase
|
||||||
public function provideExport()
|
public function provideExport()
|
||||||
{
|
{
|
||||||
yield ['multiline-string', ["\0\0\r\nA" => "B\rC\n\n"], true];
|
yield ['multiline-string', ["\0\0\r\nA" => "B\rC\n\n"], true];
|
||||||
|
yield ['lf-ending-string', "'BOOM'\n.var_dump(123)//'", true];
|
||||||
|
|
||||||
yield ['bool', true, true];
|
yield ['bool', true, true];
|
||||||
yield ['simple-array', [123, ['abc']], true];
|
yield ['simple-array', [123, ['abc']], true];
|
||||||
|
|
Reference in New Issue