Page MenuHomePhabricator

Make qsprintf() return an object, not a string, to support %P and hardening of %Q
ClosedPublic

Authored by epriestley on Nov 7 2018, 12:23 AM.

Details

Summary

Ref T13217. Ref T13216. Previously, we changed csprintf() to return an object instead of a string to support %P for passwords. Prepare for a %P for qsprintf(...) too. T13217 discusses general plans here, although %P, %LA, %LO, and %LQ are not implemented yet.

This may be a little rocky, but the csprintf() change was generally fairly straightforward so I have reasonably high hopes about this one not being too terribly painful.

Test Plan

Loaded a Phabricator page -- which now generates hundreds of "unsafe query construction" errors, but still works.

Diff Detail

Repository
rPHU libphutil
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Nov 7 2018, 12:23 AM
epriestley requested review of this revision.Nov 7 2018, 12:23 AM
amckinley accepted this revision.Nov 7 2018, 8:27 PM
amckinley added inline comments.
src/xsprintf/qsprintf.php
200

Worth adding a "TODO" here to clean up later? Or is the conversion for this going to be effectively endless?

This revision is now accepted and ready to land.Nov 7 2018, 8:27 PM
This revision was automatically updated to reflect the committed changes.