Paths

Table of Contentst

Differential D19781

Make qsprintf() return an object, not a string, to support %P and hardening of %Q
ClosedPublic
Actions

Authored by epriestley on Nov 7 2018, 12:23 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Thu, Apr 25, 2:35 AM

	Unknown Object (File)
	Sun, Apr 21, 12:36 PM

	Unknown Object (File)
	Fri, Apr 19, 8:04 PM

	Unknown Object (File)
	Fri, Apr 19, 8:10 AM

	Unknown Object (File)
	Fri, Apr 19, 8:09 AM

	Unknown Object (File)
	Fri, Apr 19, 5:12 AM

	Unknown Object (File)
	Wed, Apr 17, 5:20 AM

	Unknown Object (File)
	Sun, Apr 14, 2:15 AM

Subscribers

None

Details

Reviewers

Maniphest Tasks

T13216: 2018 Week 45-47 Bonus Content
T13217: Upgrading: Hardening of qsprintf()

Commits

rPHUe1e8d3ba95b2: Make qsprintf() return an object, not a string, to support %P and hardening of…

Summary

Ref T13217. Ref T13216. Previously, we changed csprintf() to return an object instead of a string to support %P for passwords. Prepare for a %P for qsprintf(...) too. T13217 discusses general plans here, although %P, %LA, %LO, and %LQ are not implemented yet.

This may be a little rocky, but the csprintf() change was generally fairly straightforward so I have reasonably high hopes about this one not being too terribly painful.

Test Plan

Loaded a Phabricator page -- which now generates hundreds of "unsafe query construction" errors, but still works.

Diff Detail

Repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley created this revision.Nov 7 2018, 12:23 AM

Harbormaster completed remote builds in B21096: Diff 47247.Nov 7 2018, 12:23 AM

epriestley requested review of this revision.Nov 7 2018, 12:23 AM

epriestley added a child revision: D19782: Support %P (Password or Secret) in qsprintf().Nov 7 2018, 12:34 AM

amckinley accepted this revision.Nov 7 2018, 8:27 PM

amckinley added inline comments.

src/xsprintf/qsprintf.php
200	Worth adding a "TODO" here to clean up later? Or is the conversion for this going to be effectively endless?

This revision is now accepted and ready to land.Nov 7 2018, 8:27 PM

Closed by commit rPHUe1e8d3ba95b2: Make qsprintf() return an object, not a string, to support %P and hardening of… (authored by epriestley). · Explain WhyNov 13 2018, 4:48 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

__phutil_library_map__.php

xsprintf/

PhutilQueryString.php

39 lines

40 lines

2 lines

Diff 47284

src/__phutil_library_map__.php

Loading...

src/xsprintf/PhutilQueryString.php

Loading...

src/xsprintf/qsprintf.php

Loading...

src/xsprintf/queryfx.php

Loading...