Paths

Table of Contentst

Differential D19781

Make qsprintf() return an object, not a string, to support %P and hardening of %Q
ClosedPublic
Actions

Authored by epriestley on Nov 7 2018, 12:23 AM.

Tags

None

Referenced Files

	F19095737: D19781.id.diff
	Thu, Dec 4, 5:56 AM

	F19093209: D19781.diff
	Wed, Dec 3, 8:49 PM

	F19082848: D19781.id47284.diff
	Tue, Dec 2, 12:26 PM

	F18984950: D19781.id47247.diff
	Nov 17 2025, 12:49 PM

	F18952886: D19781.id.diff
	Nov 12 2025, 6:40 AM

	F18858074: D19781.diff
	Nov 1 2025, 8:40 PM

	F18764891: D19781.id47284.diff
	Oct 7 2025, 8:25 AM

	F18764657: D19781.diff
	Oct 7 2025, 7:05 AM

Subscribers

None

Details

Reviewers

Maniphest Tasks

T13216: 2018 Week 45-47 Bonus Content
T13217: Upgrading: Hardening of qsprintf()

Commits

rPHUe1e8d3ba95b2: Make qsprintf() return an object, not a string, to support %P and hardening of…

Summary

Ref T13217. Ref T13216. Previously, we changed csprintf() to return an object instead of a string to support %P for passwords. Prepare for a %P for qsprintf(...) too. T13217 discusses general plans here, although %P, %LA, %LO, and %LQ are not implemented yet.

This may be a little rocky, but the csprintf() change was generally fairly straightforward so I have reasonably high hopes about this one not being too terribly painful.

Test Plan

Loaded a Phabricator page -- which now generates hundreds of "unsafe query construction" errors, but still works.

Diff Detail

Repository

Branch

qobject1

Lint

Lint Passed

Severity	Location	Code	Message
Advice	src/xsprintf/qsprintf.php:300	XHP16	TODO Comment

Unit

Tests Passed

Build Status

Buildable 21096
Build 28670: Run Core Tests
Build 28669: arc lint + arc unit

Event Timeline

epriestley created this revision.Nov 7 2018, 12:23 AM

Harbormaster completed remote builds in B21096: Diff 47247.Nov 7 2018, 12:23 AM

epriestley requested review of this revision.Nov 7 2018, 12:23 AM

epriestley added a child revision: D19782: Support %P (Password or Secret) in qsprintf().Nov 7 2018, 12:34 AM

amckinley accepted this revision.Nov 7 2018, 8:27 PM

amckinley added inline comments.

src/xsprintf/qsprintf.php
200	Worth adding a "TODO" here to clean up later? Or is the conversion for this going to be effectively endless?

This revision is now accepted and ready to land.Nov 7 2018, 8:27 PM

Closed by commit rPHUe1e8d3ba95b2: Make qsprintf() return an object, not a string, to support %P and hardening of… (authored by epriestley). · Explain WhyNov 13 2018, 4:48 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

__phutil_library_map__.php

xsprintf/

PhutilQueryString.php

39 lines

40 lines

2 lines

Diff 47247

src/__phutil_library_map__.php

Loading...

src/xsprintf/PhutilQueryString.php

Loading...

src/xsprintf/qsprintf.php

Loading...

src/xsprintf/queryfx.php

Loading...