Page MenuHomePhabricator
Differential D19783

Support %LA (AND), %LO (OR) and %LQ (comma) conversions for qsprintf() to improve safety
ClosedPublic
Actions

Authored by epriestley on Nov 7 2018, 12:45 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Jun 25, 6:52 AM
Unknown Object (File)
Mon, Jun 22, 8:03 AM
Unknown Object (File)
Mar 6 2026, 9:41 PM
Unknown Object (File)
Mar 4 2026, 6:55 AM
Unknown Object (File)
Mar 1 2026, 10:22 PM
Unknown Object (File)
Jan 13 2026, 4:05 AM
Unknown Object (File)
Dec 2 2025, 12:11 PM
Unknown Object (File)
Nov 22 2025, 11:54 AM
View All Files
Subscribers
None

Details

Reviewers
amckinley
Maniphest Tasks
T6960: Support %P in qsprintf()
T13216: 2018 Week 45-47 Bonus Content
T13217: Upgrading: Hardening of qsprintf()
Commits
rPHUbe5a87463ac5: Support %LA (AND), %LO (OR) and %LQ (comma) conversions for qsprintf() to…
Summary

Depends on D19782. Ref T13217. Ref T13216. Ref T6960. We currently construct some queries by passing implode(...) directly to qsprintf().

I believe we can cover all these cases (or, at least, almost all these cases) with conversions for imploding on AND, OR, or comma. This will ultimately let us make %Q safer.

Test Plan

Played around with these in a toy qsprintf() script; upcoming changes will convert Phabricator callsites more aggressively.

Diff Detail

Repository
rPHU libphutil
Branch
qobject3
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 21098
Build 28674: Run Core Tests
Build 28673: arc lint + arc unit

Revision Contents
Changeset List

PathSize
src/
xsprintf/
39 lines

Diff 47249

View Options

src/xsprintf/qsprintf.php

Loading...
Phabricator · Built by Phacility