8000 bug #34643 [Dotenv] Fixed infinite loop with missing quote followed b… · symfony/symfony@a4a1f12 · GitHub
[go: up one dir, main page]
Skip to content

Commit a4a1f12

Browse files
nicolas-grekasnicolas-grekas
committed
bug #34643 [Dotenv] Fixed infinite loop with missing quote followed by quoted value (naitsirch)
This PR was merged into the 3.4 branch. Discussion ---------- [Dotenv] Fixed infinite loop with missing quote followed by quoted value | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #34642 | License | MIT | Doc PR | If there's a quote missing to end a value and in the next line there's again a quoted value Dotenv will run into an infinite loop. An .env file with the following content will result in this error: ``` FOO="foo BAR="bar" ``` See #34642 for more details. Commits ------- eb69e13 [Dotenv] Fixed infinite loop with missing quote followed by quoted value
2 parents fd19bd7 + eb69e13 commit a4a1f12

File tree

2 files changed

+5
-1
lines changed

2 files changed

+5
-1
lines changed

src/Symfony/Component/Dotenv/Dotenv.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -203,7 +203,10 @@ private function lexValue()
203203
$this->cursor += 1 + $len;
204204
} elseif ('"' === $this->data[$this->cursor]) {
205205
$value = '';
206-
++$this->cursor;
206+
207+
if (++$this->cursor === $this->end) {
208+
throw $this->createFormatException('Missing quote to end the value');
209+
}
207210

208211
while ('"' !== $this->data[$this->cursor] || ('\\' === $this->data[$this->cursor - 1] && '\\' !== $this->data[$this->cursor - 2])) {
209212
$value .= $this->data[$this->cursor];

src/Symfony/Component/Dotenv/Tests/DotenvTest.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ public function getEnvDataWithFormatErrors()
4040
['FOO', "Missing = in the environment variable declaration in \".env\" at line 1.\n...FOO...\n ^ line 1 offset 3"],
4141
['FOO="foo', "Missing quote to end the value in \".env\" at line 1.\n...FOO=\"foo...\n ^ line 1 offset 8"],
4242
['FOO=\'foo', "Missing quote to end the value in \".env\" at line 1.\n...FOO='foo...\n ^ line 1 offset 8"],
43+
["FOO=\"foo\nBAR=\"bar\"", "Missing quote to end the value in \".env\" at line 1.\n...FOO=\"foo\\nBAR=\"bar\"...\n ^ line 1 offset 18"],
4344
['FOO=\'foo'."\n", "Missing quote to end the value in \".env\" at line 1.\n...FOO='foo\\n...\n ^ line 1 offset 9"],
4445
['export FOO', "Unable to unset an environment variable in \".env\" at line 1.\n...export FOO...\n ^ line 1 offset 10"],
4546
['FOO=${FOO', "Unclosed braces on variable expansion in \".env\" at line 1.\n...FOO=\${FOO...\n ^ line 1 offset 9"],

0 commit comments

Comments
 (0)
0