Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit a51c99b

Browse filesBrowse files
author
naitsirch
committed
[Dotenv] Fixed infinite loop with missing quote followed by quoted value
If there's a quote missing to end a value and in the next line there's again a quoted value Dotenv will run into an infinite loop. An .env file with the following content will result in this error: ``` FOO="foo BAR="bar" ``` See #34642 for more details.
1 parent ed101fb commit a51c99b
Copy full SHA for a51c99b

File tree

2 files changed

+13
-0
lines changed
Filter options

2 files changed

+13
-0
lines changed

‎src/Symfony/Component/Dotenv/Dotenv.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Dotenv/Dotenv.php
+12Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -203,9 +203,14 @@ private function lexValue()
203203
$this->cursor += 1 + $len;
204204
} elseif ('"' === $this->data[$this->cursor]) {
205205
$value = '';
206+
$prevLf = null;
206207
++$this->cursor;
207208

208209
while ('"' !== $this->data[$this->cursor] || ('\\' === $this->data[$this->cursor - 1] && '\\' !== $this->data[$this->cursor - 2])) {
210+
if ("\n" === $this->data[$this->cursor]) {
211+
$prevLf = $this->cursor;
212+
}
213+
209214
$value .= $this->data[$this->cursor];
210215
++$this->cursor;
211216

@@ -216,6 +221,13 @@ private function lexValue()
216221
if ("\n" === $this->data[$this->cursor]) {
217222
throw $this->createFormatException('Missing quote to end the value');
218223
}
224+
// After a multi line value a line break is expected. Otherwise we can be sure
225+
// that the ending quote of the previous line is missing.
226+
if (isset($this->data[$this->cursor + 1]) && "\n" !== $this->data[$this->cursor + 1] && $prevLf) {
227+
// Reset the cursor position to the previous line break to get the correct error message.
228+
$this->cursor = $prevLf;
229+
throw $this->createFormatException('Missing quote to end the value');
230+
}
219231
++$this->cursor;
220232
$value = str_replace(['\\"', '\r', '\n'], ['"', "\r", "\n"], $value);
221233
$resolvedValue = $value;

‎src/Symfony/Component/Dotenv/Tests/DotenvTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Dotenv/Tests/DotenvTest.php
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,7 @@ public function getEnvDataWithFormatErrors()
4040
['FOO', "Missing = in the environment variable declaration in \".env\" at line 1.\n...FOO...\n ^ line 1 offset 3"],
4141
['FOO="foo', "Missing quote to end the value in \".env\" at line 1.\n...FOO=\"foo...\n ^ line 1 offset 8"],
4242
['FOO=\'foo', "Missing quote to end the value in \".env\" at line 1.\n...FOO='foo...\n ^ line 1 offset 8"],
43+
["FOO=\"foo\nBAR=\"bar\"", "Missing quote to end the value in \".env\" at line 1.\n...FOO=\"foo\\nBAR=\"bar\"...\n ^ line 1 offset 8"],
4344
['FOO=\'foo'."\n", "Missing quote to end the value in \".env\" at line 1.\n...FOO='foo\\n...\n ^ line 1 offset 9"],
4445
['export FOO', "Unable to unset an environment variable in \".env\" at line 1.\n...export FOO...\n ^ line 1 offset 10"],
4546
['FOO=${FOO', "Unclosed braces on variable expansion in \".env\" at line 1.\n...FOO=\${FOO...\n ^ line 1 offset 9"],

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.