[Yaml] deprecated non-escaped \ in double-quoted strings when parsing

2015-10-11 14:05:15 +02:00 · 2015-10-11 14:05:15 +02:00 · e599a72fc7
parent 6907498c21
commit e599a72fc7
4 changed files with 40 additions and 2 deletions
--- a/src/Symfony/Component/Yaml/CHANGELOG.md
+++ b/src/Symfony/Component/Yaml/CHANGELOG.md
@ -1,6 +1,12 @@
 CHANGELOG
 =========

+2.8.0
+-----
+
+ * Deprecated non-escaped \ in double-quoted strings when parsing Yaml
+   ("Foo\Var" is not valid whereas "Foo\\Var" is)
+
 2.1.0
 -----

--- a/src/Symfony/Component/Yaml/Tests/Fixtures/escapedCharacters.yml
+++ b/src/Symfony/Component/Yaml/Tests/Fixtures/escapedCharacters.yml
@ -145,3 +145,11 @@ php: |
    array(
        'double' => "some value\n \"some quoted string\" and 'some single quotes one'"
    )
+---
+test: Backslashes
+yaml: |
+    { single: 'foo\Var', no-quotes: foo\Var, double: "foo\\Var" }
+php: |
+    array(
+        'single' => 'foo\Var', 'no-quotes' => 'foo\Var', 'double' => 'foo\Var'
+    )
--- a/src/Symfony/Component/Yaml/Tests/InlineTest.php
+++ b/src/Symfony/Component/Yaml/Tests/InlineTest.php
@ -72,6 +72,23 @@ class InlineTest extends \PHPUnit_Framework_TestCase
        $this->assertSame($value, Inline::parse(Inline::dump($value)));
    }

+    /**
+     * @group legacy
+     * throws \Symfony\Component\Yaml\Exception\ParseException in 3.0
+     */
+    public function testParseScalarWithNonEscapedBlackslashShouldThrowException()
+    {
+        $this->assertSame('Foo\Var', Inline::parse('"Foo\Var"'));
+    }
+
+    /**
+     * @expectedException \Symfony\Component\Yaml\Exception\ParseException
+     */
+    public function testParseScalarWithNonEscapedBlackslashAtTheEndShouldThrowException()
+    {
+        Inline::parse('"Foo\\"');
+    }
+
    /**
     * @expectedException \Symfony\Component\Yaml\Exception\ParseException
     */
--- a/src/Symfony/Component/Yaml/Unescaper.php
+++ b/src/Symfony/Component/Yaml/Unescaper.php
@ -32,7 +32,7 @@ class Unescaper
    /**
     * Regex fragment that matches an escaped character in a double quoted string.
     */
-    const REGEX_ESCAPED_CHARACTER = "\\\\([0abt\tnvfre \\\"\\/\\\\N_LP]|x[0-9a-fA-F]{2}|u[0-9a-fA-F]{4}|U[0-9a-fA-F]{8})";
+    const REGEX_ESCAPED_CHARACTER = "\\\\(x[0-9a-fA-F]{2}|u[0-9a-fA-F]{4}|U[0-9a-fA-F]{8}|.)";

    /**
     * Unescapes a single quoted string.
@ -70,10 +70,13 @@ class Unescaper
     * @param string $value An escaped character
     *
     * @return string The unescaped character
+     *
+     * @internal This method is public to be usable as callback. It should not
+     *           be used in user code. Should be changed in 3.0.
     */
    public function unescapeCharacter($value)
    {
-        switch ($value{1}) {
+        switch ($value[1]) {
            case '0':
                return "\x0";
            case 'a':
@ -120,6 +123,10 @@ class Unescaper
                return self::utf8chr(hexdec(substr($value, 2, 4)));
            case 'U':
                return self::utf8chr(hexdec(substr($value, 2, 8)));
+            default:
+                @trigger_error('Not escaping a backslash in a double-quoted string is deprecated since Symfony 2.8 and will throw a ParseException in 3.0.', E_USER_DEPRECATED);
+
+                return $value;
        }
    }