Page MenuHomePhabricator
Differential D19783

Support %LA (AND), %LO (OR) and %LQ (comma) conversions for qsprintf() to improve safety
ClosedPublic
Actions

Authored by epriestley on Nov 7 2018, 12:45 AM.
Tags
None
Referenced Files
F19512874: D19783.id.diff
Tue, Jan 13, 4:05 AM
F19082728: D19783.diff
Dec 2 2025, 12:11 PM
F19012117: D19783.id.diff
Nov 22 2025, 11:54 AM
F18984041: D19783.id47249.diff
Nov 17 2025, 10:30 AM
F18874956: D19783.id.diff
Nov 5 2025, 4:23 PM
F18857018: D19783.diff
Nov 1 2025, 12:41 PM
F18852069: D19783.diff
Oct 31 2025, 6:38 AM
F18850924: D19783.id47249.diff
Oct 30 2025, 8:34 PM
View All Files
Subscribers
None

Details

Reviewers
amckinley
Maniphest Tasks
T6960: Support %P in qsprintf()
T13216: 2018 Week 45-47 Bonus Content
T13217: Upgrading: Hardening of qsprintf()
Commits
rPHUbe5a87463ac5: Support %LA (AND), %LO (OR) and %LQ (comma) conversions for qsprintf() to…
Summary

Depends on D19782. Ref T13217. Ref T13216. Ref T6960. We currently construct some queries by passing implode(...) directly to qsprintf().

I believe we can cover all these cases (or, at least, almost all these cases) with conversions for imploding on AND, OR, or comma. This will ultimately let us make %Q safer.

Test Plan

Played around with these in a toy qsprintf() script; upcoming changes will convert Phabricator callsites more aggressively.

Diff Detail

Repository
rPHU libphutil
Branch
qobject3
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 21098
Build 28674: Run Core Tests
Build 28673: arc lint + arc unit

Revision Contents
Changeset List

PathSize
src/
xsprintf/
39 lines

Diff 47249

View Options

src/xsprintf/qsprintf.php

Loading...
Phabricator · Built by Phacility