Paths

Table of Contentst

Differential D19781

Make qsprintf() return an object, not a string, to support %P and hardening of %Q
ClosedPublic
Actions

Authored by epriestley on Nov 7 2018, 12:23 AM.

Tags

None

Referenced Files

	F15404342: D19781.id47247.diff
	Tue, Mar 18, 7:16 AM

	F15394607: D19781.id47247.diff
	Sat, Mar 15, 11:57 PM

	F15381711: D19781.diff
	Fri, Mar 14, 9:01 AM

	Unknown Object (File)
	Fri, Feb 28, 4:57 PM

	Unknown Object (File)
	Feb 19 2025, 6:26 PM

	Unknown Object (File)
	Feb 9 2025, 1:37 PM

	Unknown Object (File)
	Feb 9 2025, 1:36 PM

	Unknown Object (File)
	Feb 9 2025, 1:36 PM

Subscribers

None

Details

Reviewers

Maniphest Tasks

T13216: 2018 Week 45-47 Bonus Content
T13217: Upgrading: Hardening of qsprintf()

Commits

rPHUe1e8d3ba95b2: Make qsprintf() return an object, not a string, to support %P and hardening of…

Summary

Ref T13217. Ref T13216. Previously, we changed csprintf() to return an object instead of a string to support %P for passwords. Prepare for a %P for qsprintf(...) too. T13217 discusses general plans here, although %P, %LA, %LO, and %LQ are not implemented yet.

This may be a little rocky, but the csprintf() change was generally fairly straightforward so I have reasonably high hopes about this one not being too terribly painful.

Test Plan

Loaded a Phabricator page -- which now generates hundreds of "unsafe query construction" errors, but still works.

Diff Detail

Repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley created this revision.Nov 7 2018, 12:23 AM

Harbormaster completed remote builds in B21096: Diff 47247.Nov 7 2018, 12:23 AM

epriestley requested review of this revision.Nov 7 2018, 12:23 AM

epriestley added a child revision: D19782: Support %P (Password or Secret) in qsprintf().Nov 7 2018, 12:34 AM

amckinley accepted this revision.Nov 7 2018, 8:27 PM

amckinley added inline comments.

src/xsprintf/qsprintf.php
200	Worth adding a "TODO" here to clean up later? Or is the conversion for this going to be effectively endless?

This revision is now accepted and ready to land.Nov 7 2018, 8:27 PM

Closed by commit rPHUe1e8d3ba95b2: Make qsprintf() return an object, not a string, to support %P and hardening of… (authored by epriestley). · Explain WhyNov 13 2018, 4:48 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

__phutil_library_map__.php

xsprintf/

PhutilQueryString.php

39 lines

40 lines

2 lines

Diff 47284

src/__phutil_library_map__.php

Loading...

src/xsprintf/PhutilQueryString.php

Loading...

src/xsprintf/qsprintf.php

Loading...

src/xsprintf/queryfx.php

Loading...