Support.php: Constant for double curly braces redefined from '#&@[[@_#',...

Support.php: Constant for double curly braces redefined from '#&@[[@_#', '#&@]]@_#' to '#/+open+/#', '#/+close+/#' - it's more secure not to use '[' or ']' for the substitution string, cause square braces are now allowed as nesting chars.

Support.php: Constant for double curly braces redefined from '#&@[[@_#',...
Support.php: Constant for double curly braces redefined from '#&@[[@_#', '#&@]]@_#' to '#/+open+/#', '#/+close+/#' - it's more secure not to use '[' or ']' for the substitution string, cause square braces are now allowed as nesting chars.
014e0fde · Carsten Rose · 08dcb1df · 014e0fde · 014e0fde
Commit 014e0fde authored Jun 04, 2016 by Carsten Rose
--- a/extension/qfq/qfq/helper/Support.php
+++ b/extension/qfq/qfq/helper/Support.php
@@ -11,6 +11,9 @@ namespace qfq;
 require_once(__DIR__ . '/../Constants.php');
 require_once(__DIR__ . '/Sanitize.php');

+const LONG_CURLY_OPEN = '#/+open+/#';
+const LONG_CURLY_CLOSE = '#/+close+/#';
+
 class Support {

    /**
@@ -490,8 +493,8 @@ class Support {
     */
    public
    static function encryptDoubleCurlyBraces($text) {
-        $text = str_replace('{{', '#&@[[@_#', $text);
-        $text = str_replace('}}', '#&@]]@_#', $text);
+        $text = str_replace('{{', LONG_CURLY_OPEN, $text);
+        $text = str_replace('}}', LONG_CURLY_CLOSE, $text);

        return $text;
    }
@@ -503,8 +506,8 @@ class Support {
     * @return mixed
     */
    public static function decryptDoubleCurlyBraces($text) {
-        $text = str_replace('#&@[[@_#', '{{', $text);
-        $text = str_replace('#&@]]@_#', '}}', $text);
+        $text = str_replace(LONG_CURLY_OPEN, '{{', $text);
+        $text = str_replace(LONG_CURLY_CLOSE, '}}', $text);

        return $text;
    }

--- a/extension/qfq/tests/phpunit/SupportTest.php
+++ b/extension/qfq/tests/phpunit/SupportTest.php
@@ -291,17 +291,20 @@ class SupportTest extends \PHPUnit_Framework_TestCase {
    }

    public function testEncryptDoubleCurlyBraces() {
+#/+open+/#
+#/+close+/#
+

        $arr = [
            ['', ''],
            ['1', '1'],
            ["1\n2", "1\n2"],
            ['{', '{'],
-            ['#&@[[@_#', '{{'],
+            ['#/+open+/#', '{{'],
            ['-\{-', '-\{-'],
-            ['#&@[[@_##&@]]@_#-#&@[[@_##&@]]@_#', '{{}}-{{}}'],
-            ['#&@[[@_#hello#&@[[@_#world#&@]]@_##&@]]@_#', '{{hello{{world}}}}'],
-            ["\n\n##&@[[@_#\n#&@]]@_#", "\n\n#{{\n}}"],
+            ['#/+open+/##/+close+/#-#/+open+/##/+close+/#', '{{}}-{{}}'],
+            ['#/+open+/#hello#/+open+/#world#/+close+/##/+close+/#', '{{hello{{world}}}}'],
+            ["\n\n##/+open+/#\n#/+close+/#", "\n\n#{{\n}}"],
        ];

        foreach ($arr as $tuple) {