Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F15411634
D19782.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
2 KB
Referenced Files
None
Subscribers
None
D19782.diff
View Options
diff --git a/src/xsprintf/qsprintf.php b/src/xsprintf/qsprintf.php
--- a/src/xsprintf/qsprintf.php
+++ b/src/xsprintf/qsprintf.php
@@ -20,23 +20,28 @@
* "List" versions of %d, %s, %f and %B. These are appropriate for use in
* an "IN" clause. For example:
*
- * qsprintf($escaper, 'WHERE hatID IN(%Ld)', $list_of_hats);
+ * qsprintf($escaper, 'WHERE hatID IN (%Ld)', $list_of_hats);
*
* %B ("Binary String")
* Escapes a string for insertion into a pure binary column, ignoring
* tests for characters outside of the basic multilingual plane.
*
- * %T ("Table")
- * Escapes a table name.
- *
- * %C, %LC
+ * %C, %LC ("Column")
* Escapes a column name or a list of column names.
*
* %K ("Comment")
* Escapes a comment.
*
* %Q ("Query Fragment")
- * Injects a raw query fragment. Extremely dangerous! Not escaped!
+ * Injects a query fragment from a prior call to qsprintf().
+ *
+ * %R ("Database and Table Reference")
+ * Behaves like "%T.%T" and prints a full reference to a table including
+ * the database. Accepts a AphrontDatabaseTableRefInterface.
+ *
+ * %P ("Password or Secret")
+ * Behaves like "%s", but shows "********" when the query is printed in
+ * logs or traces. Accepts a PhutilOpaqueEnvelope.
*
* %~ ("Substring")
* Escapes a substring query for a LIKE (or NOT LIKE) clause. For example:
@@ -57,6 +62,9 @@
*
* // Find all rows where `name` ends with $suffix.
* qsprintf($escaper, 'WHERE name LIKE %<', $suffix);
+ *
+ * %T ("Table")
+ * Escapes a table name. In most cases, you should use "%R" instead.
*/
function qsprintf(PhutilQsprintfInterface $escaper, $pattern /* , ... */) {
$args = func_get_args();
@@ -255,6 +263,16 @@
$type = 's';
break;
+ case 'P': // Password or Secret
+ if ($unmasked) {
+ $value = $value->openEnvelope();
+ $value = "'".$escaper->escapeUTF8String($value)."'";
+ } else {
+ $value = '********';
+ }
+ $type = 's';
+ break;
+
default:
throw new XsprintfUnknownConversionException($type);
}
@@ -263,6 +281,7 @@
if ($prefix) {
$value = $prefix.$value;
}
+
$pattern[$pos] = $type;
}
@@ -361,6 +380,16 @@
}
break;
+ case 'P':
+ if (!($value instanceof PhutilOpaqueEnvelope)) {
+ throw new AphrontParameterQueryException(
+ pht(
+ 'Parameter to "%s" conversion in "qsprintf(...)" is not an '.
+ 'instance of PhutilOpaqueEnvelope.',
+ '%P'));
+ }
+ break;
+
default:
throw new XsprintfUnknownConversionException($type);
}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Thu, Mar 20, 9:30 AM (2 d, 21 h ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7688273
Default Alt Text
D19782.diff (2 KB)
Attached To
Mode
D19782: Support %P (Password or Secret) in qsprintf()
Attached
Detach File
Event Timeline
Log In to Comment