Paths

Table of Contentst

Differential D19781

Make qsprintf() return an object, not a string, to support %P and hardening of %Q
ClosedPublic
Actions

Authored by epriestley on Nov 7 2018, 12:23 AM.

Tags

None

Referenced Files

	F18733822: D19781.id.diff
	Tue, Sep 30, 10:42 PM

	F18568707: D19781.id47284.diff
	Wed, Sep 10, 12:22 AM

	F18568706: D19781.id47247.diff
	Wed, Sep 10, 12:22 AM

	F18509911: D19781.id.diff
	Fri, Sep 5, 3:40 AM

	F18503453: D19781.diff
	Thu, Sep 4, 11:06 PM

	F18459515: D19781.id47247.diff
	Sep 1 2025, 5:17 PM

	F18368287: D19781.diff
	Aug 28 2025, 12:42 AM

	F18169907: D19781.id47284.diff
	Aug 15 2025, 5:34 PM

Subscribers

None

Details

Reviewers

Maniphest Tasks

T13216: 2018 Week 45-47 Bonus Content
T13217: Upgrading: Hardening of qsprintf()

Commits

rPHUe1e8d3ba95b2: Make qsprintf() return an object, not a string, to support %P and hardening of…

Summary

Ref T13217. Ref T13216. Previously, we changed csprintf() to return an object instead of a string to support %P for passwords. Prepare for a %P for qsprintf(...) too. T13217 discusses general plans here, although %P, %LA, %LO, and %LQ are not implemented yet.

This may be a little rocky, but the csprintf() change was generally fairly straightforward so I have reasonably high hopes about this one not being too terribly painful.

Test Plan

Loaded a Phabricator page -- which now generates hundreds of "unsafe query construction" errors, but still works.

Diff Detail

Repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley created this revision.Nov 7 2018, 12:23 AM

Harbormaster completed remote builds in B21096: Diff 47247.Nov 7 2018, 12:23 AM

epriestley requested review of this revision.Nov 7 2018, 12:23 AM

epriestley added a child revision: D19782: Support %P (Password or Secret) in qsprintf().Nov 7 2018, 12:34 AM

amckinley accepted this revision.Nov 7 2018, 8:27 PM

amckinley added inline comments.

src/xsprintf/qsprintf.php
200	Worth adding a "TODO" here to clean up later? Or is the conversion for this going to be effectively endless?

This revision is now accepted and ready to land.Nov 7 2018, 8:27 PM

Closed by commit rPHUe1e8d3ba95b2: Make qsprintf() return an object, not a string, to support %P and hardening of… (authored by epriestley). · Explain WhyNov 13 2018, 4:48 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

__phutil_library_map__.php

xsprintf/

PhutilQueryString.php

39 lines

40 lines

2 lines

Diff 47284

src/__phutil_library_map__.php

Loading...

src/xsprintf/PhutilQueryString.php

Loading...

src/xsprintf/qsprintf.php

Loading...

src/xsprintf/queryfx.php

Loading...