Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F15419858
D20249.id.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
2 KB
Referenced Files
None
Subscribers
None
D20249.id.diff
View Options
diff --git a/src/xsprintf/PhutilQueryString.php b/src/xsprintf/PhutilQueryString.php
--- a/src/xsprintf/PhutilQueryString.php
+++ b/src/xsprintf/PhutilQueryString.php
@@ -2,16 +2,44 @@
final class PhutilQueryString extends Phobject {
- private $escaper;
- private $argv;
+ private $maskedString;
+ private $unmaskedString;
public function __construct(PhutilQsprintfInterface $escaper, array $argv) {
- $this->escaper = $escaper;
- $this->argv = $argv;
+ // Immediately render the query into a static scalar value.
// This makes sure we throw immediately if there are errors in the
- // parameters.
- $this->getMaskedString();
+ // parameters, which is much better than throwing later on.
+
+ // This also makes sure that later mutations to objects passed as
+ // parameters won't affect the outcome. Consider:
+ //
+ // $object->setTableName('X');
+ // $query = qsprintf($conn, '%R', $object);
+ // $object->setTableName('Y');
+ //
+ // We'd like "$query" to reference "X", reflecting the object as it
+ // existed when it was passed to "qsprintf(...)". It's surprising if the
+ // modification to the object after "qsprintf(...)" can affect "$query".
+
+ $masked_string = xsprintf(
+ 'xsprintf_query',
+ array(
+ 'escaper' => $escaper,
+ 'unmasked' => false,
+ ),
+ $argv);
+
+ $unmasked_string = xsprintf(
+ 'xsprintf_query',
+ array(
+ 'escaper' => $escaper,
+ 'unmasked' => true,
+ ),
+ $argv);
+
+ $this->maskedString = $masked_string;
+ $this->unmaskedString = $unmasked_string;
}
public function __toString() {
@@ -19,21 +47,11 @@
}
public function getUnmaskedString() {
- return $this->renderString(true);
+ return $this->unmaskedString;
}
public function getMaskedString() {
- return $this->renderString(false);
- }
-
- private function renderString($unmasked) {
- return xsprintf(
- 'xsprintf_query',
- array(
- 'escaper' => $this->escaper,
- 'unmasked' => $unmasked,
- ),
- $this->argv);
+ return $this->maskedString;
}
}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sat, Mar 22, 9:28 AM (1 d, 11 h ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7709589
Default Alt Text
D20249.id.diff (2 KB)
Attached To
Mode
D20249: Render query strings into concrete scalar "string" values immediately, not lazily
Attached
Detach File
Event Timeline
Log In to Comment