Development

#7802 ([PATCH] Routing config handler writes unescaped serializations as PHP single quoted strings)

You must first sign up to be able to contribute.

Ticket #7802 (closed defect: fixed)

Opened 3 years ago

Last modified 3 years ago

[PATCH] Routing config handler writes unescaped serializations as PHP single quoted strings

Reported by: bvleur Assigned to: FabianLange
Priority: minor Milestone: 1.3.0
Component: routing Version: 1.4.0
Keywords: Cc:
Qualification: Unreviewed

Description

In sfRoutingConfigHandler.class.php the return value of serialze is written to a PHP file in the cache as if it is valid PHP.

When the routing.yml contains a double backslash (e.g. in a requirements regex), the double backslash remains inside the serialized string. This double backslash therefore is written in between the single quoted string to config_routing.yml.php. When interpreted back as PHP, this double backslash is read as an escaped backslash, and results in errors like

Warning: Insufficient data for unserializing - 1927 required, 1926 present in C:\ ... \cache\gp\dev\config\config_routing.yml.php on line 32.

The serialization output needs to be escaped properly.

Attachments

sfRoutingConfigHandler.class.php-escape-string (0.6 kB) - added by bvleur on 12/03/09 21:32:20.
sfRoutingConfigHandler.class.php-escape-string-var_export.patch (0.6 kB) - added by bvleur on 12/04/09 18:42:09.

Change History

12/03/09 21:32:20 changed by bvleur

  • attachment sfRoutingConfigHandler.class.php-escape-string added.

12/03/09 21:34:33 changed by bvleur

  • summary changed from Routing config handler writes unescaped serializations as PHP single quoted strings to [PATCH] Routing config handler writes unescaped serializations as PHP single quoted strings.

The attached patch escapes \\ and ' in the serialize output. I'm not sure if this covers all cases and maybe more config handlers need this.

12/04/09 17:42:13 changed by FabianLange

looks like a valid issue. that strtr looks awful, inst there a better way?

12/04/09 17:42:36 changed by FabianLange

  • owner changed from fabien to FabianLange.
  • status changed from new to assigned.

12/04/09 18:30:19 changed by Kris.Wallsmith

  • milestone set to 1.3.0.

Won't var_export($foo, true) do the trick?

12/04/09 18:42:09 changed by bvleur

  • attachment sfRoutingConfigHandler.class.php-escape-string-var_export.patch added.

12/04/09 18:43:51 changed by bvleur

var_export is much nicer indeed and seems to work fine in my (limited) testing.

12/04/09 21:39:42 changed by FabianLange

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [24962]) [1.3, 1.4] using var export on serialisation to prevent invalid php code (fixes #7802)