Skip to content

Navigation Menu

Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit a4a1f12

Browse filesBrowse files
nicolas-grekasnicolas-grekas
committed
bug #34643 [Dotenv] Fixed infinite loop with missing quote followed by quoted value (naitsirch)
This PR was merged into the 3.4 branch. Discussion ---------- [Dotenv] Fixed infinite loop with missing quote followed by quoted value | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #34642 | License | MIT | Doc PR | If there's a quote missing to end a value and in the next line there's again a quoted value Dotenv will run into an infinite loop. An .env file with the following content will result in this error: ``` FOO="foo BAR="bar" ``` See #34642 for more details. Commits ------- eb69e13 [Dotenv] Fixed infinite loop with missing quote followed by quoted value
2 parents fd19bd7 + eb69e13 commit a4a1f12
Copy full SHA for a4a1f12

File tree

2 files changed

+5
-1
lines changed
Filter options

2 files changed

+5
-1
lines changed

‎src/Symfony/Component/Dotenv/Dotenv.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Dotenv/Dotenv.php
+4-1Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -203,7 +203,10 @@ private function lexValue()
203203
$this->cursor += 1 + $len;
204204
} elseif ('"' === $this->data[$this->cursor]) {
205205
$value = '';
206-
++$this->cursor;
206+
207+
if (++$this->cursor === $this->end) {
208+
throw $this->createFormatException('Missing quote to end the value');
209+
}
207210

208211
while ('"' !== $this->data[$this->cursor] || ('\\' === $this->data[$this->cursor - 1] && '\\' !== $this->data[$this->cursor - 2])) {
209212
$value .= $this->data[$this->cursor];

‎src/Symfony/Component/Dotenv/Tests/DotenvTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Dotenv/Tests/DotenvTest.php
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ public function getEnvDataWithFormatErrors()
4040
['FOO', "Missing = in the environment variable declaration in \".env\" at line 1.\n...FOO...\n ^ line 1 offset 3"],
4141
['FOO="foo', "Missing quote to end the value in \".env\" at line 1.\n...FOO=\"foo...\n ^ line 1 offset 8"],
4242
['FOO=\'foo', "Missing quote to end the value in \".env\" at line 1.\n...FOO='foo...\n ^ line 1 offset 8"],
43+
["FOO=\"foo\nBAR=\"bar\"", "Missing quote to end the value in \".env\" at line 1.\n...FOO=\"foo\\nBAR=\"bar\"...\n ^ line 1 offset 18"],
4344
['FOO=\'foo'."\n", "Missing quote to end the value in \".env\" at line 1.\n...FOO='foo\\n...\n ^ line 1 offset 9"],
4445
['export FOO', "Unable to unset an environment variable in \".env\" at line 1.\n...export FOO...\n ^ line 1 offset 10"],
4546
['FOO=${FOO', "Unclosed braces on variable expansion in \".env\" at line 1.\n...FOO=\${FOO...\n ^ line 1 offset 9"],

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.