Paths

Table of Contentst

Differential D19781

Make qsprintf() return an object, not a string, to support %P and hardening of %Q
ClosedPublic
Actions

Authored by epriestley on Nov 7 2018, 12:23 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Mon, Nov 18, 9:24 PM

	Unknown Object (File)
	Fri, Nov 15, 11:00 AM

	Unknown Object (File)
	Sun, Nov 10, 10:11 PM

	Unknown Object (File)
	Thu, Nov 7, 8:02 AM

	Unknown Object (File)
	Wed, Oct 30, 6:53 PM

	Unknown Object (File)
	Oct 22 2024, 1:15 PM

	Unknown Object (File)
	Oct 18 2024, 11:52 AM

	Unknown Object (File)
	Oct 9 2024, 10:32 AM

Subscribers

None

Details

Reviewers

Maniphest Tasks

T13216: 2018 Week 45-47 Bonus Content
T13217: Upgrading: Hardening of qsprintf()

Commits

rPHUe1e8d3ba95b2: Make qsprintf() return an object, not a string, to support %P and hardening of…

Summary

Ref T13217. Ref T13216. Previously, we changed csprintf() to return an object instead of a string to support %P for passwords. Prepare for a %P for qsprintf(...) too. T13217 discusses general plans here, although %P, %LA, %LO, and %LQ are not implemented yet.

This may be a little rocky, but the csprintf() change was generally fairly straightforward so I have reasonably high hopes about this one not being too terribly painful.

Test Plan

Loaded a Phabricator page -- which now generates hundreds of "unsafe query construction" errors, but still works.

Diff Detail

Repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley created this revision.Nov 7 2018, 12:23 AM

Harbormaster completed remote builds in B21096: Diff 47247.Nov 7 2018, 12:23 AM

epriestley requested review of this revision.Nov 7 2018, 12:23 AM

epriestley added a child revision: D19782: Support %P (Password or Secret) in qsprintf().Nov 7 2018, 12:34 AM

amckinley accepted this revision.Nov 7 2018, 8:27 PM

amckinley added inline comments.

src/xsprintf/qsprintf.php
200	Worth adding a "TODO" here to clean up later? Or is the conversion for this going to be effectively endless?

This revision is now accepted and ready to land.Nov 7 2018, 8:27 PM

Closed by commit rPHUe1e8d3ba95b2: Make qsprintf() return an object, not a string, to support %P and hardening of… (authored by epriestley). · Explain WhyNov 13 2018, 4:48 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

__phutil_library_map__.php

xsprintf/

PhutilQueryString.php

39 lines

40 lines

2 lines

Diff 47284

src/__phutil_library_map__.php

Loading...

src/xsprintf/PhutilQueryString.php

Loading...

src/xsprintf/qsprintf.php

Loading...

src/xsprintf/queryfx.php

Loading...