HomePhabricator
Diffusion libphutil e1e8d3ba95b2

Make qsprintf() return an object, not a string, to support %P and hardening of…
e1e8d3ba95b2
Actions

Description

Make qsprintf() return an object, not a string, to support %P and hardening of %Q

Summary:
Ref T13217. Ref T13216. Previously, we changed csprintf() to return an object instead of a string to support %P for passwords. Prepare for a %P for qsprintf(...) too. T13217 discusses general plans here, although %P, %LA, %LO, and %LQ are not implemented yet.

This may be a little rocky, but the csprintf() change was generally fairly straightforward so I have reasonably high hopes about this one not being too terribly painful.

Test Plan: Loaded a Phabricator page -- which now generates hundreds of "unsafe query construction" errors, but still works.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13217, T13216

Differential Revision: https://secure.phabricator.com/D19781

Details

Provenance
epriestleyAuthored on Nov 6 2018, 11:57 PM
epriestleyPushed on Nov 13 2018, 4:48 PM
Reviewer
amckinley
Differential Revision
D19781: Make qsprintf() return an object, not a string, to support %P and hardening of %Q
Parents
rPHU335a9f8c2dce: Add a convenience function for computing elapsed microtime deltas
Branches
Unknown
Tags
Unknown
Tasks
T13217: Upgrading: Hardening of qsprintf()
T13216: 2018 Week 45-47 Bonus Content
Build Status
Buildable 21133
Build 28729: Run Core Tests

Changes (4)

PathSize
src/
xsprintf/

rPHUe1e8d3ba95b2

View Options

src/__phutil_library_map__.php

Loading...
View Options

src/xsprintf/PhutilQueryString.php

Loading...
View Options

src/xsprintf/qsprintf.php

Loading...
View Options

src/xsprintf/queryfx.php

Loading...
Phabricator · Built by Phacility