Commit 014e0fde authored by Carsten  Rose's avatar Carsten Rose
Browse files

Support.php: Constant for double curly braces redefined from '#&@[[@_#',...

Support.php: Constant for double curly braces redefined from '#&@[[@_#', '#&@]]@_#' to '#/+open+/#', '#/+close+/#' - it's more secure not to use '[' or ']' for the substitution string, cause square braces are now allowed as nesting chars.
parent 08dcb1df
......@@ -11,6 +11,9 @@ namespace qfq;
require_once(__DIR__ . '/../Constants.php');
require_once(__DIR__ . '/Sanitize.php');
const LONG_CURLY_OPEN = '#/+open+/#';
const LONG_CURLY_CLOSE = '#/+close+/#';
class Support {
/**
......@@ -490,8 +493,8 @@ class Support {
*/
public
static function encryptDoubleCurlyBraces($text) {
$text = str_replace('{{', '#&@[[@_#', $text);
$text = str_replace('}}', '#&@]]@_#', $text);
$text = str_replace('{{', LONG_CURLY_OPEN, $text);
$text = str_replace('}}', LONG_CURLY_CLOSE, $text);
return $text;
}
......@@ -503,8 +506,8 @@ class Support {
* @return mixed
*/
public static function decryptDoubleCurlyBraces($text) {
$text = str_replace('#&@[[@_#', '{{', $text);
$text = str_replace('#&@]]@_#', '}}', $text);
$text = str_replace(LONG_CURLY_OPEN, '{{', $text);
$text = str_replace(LONG_CURLY_CLOSE, '}}', $text);
return $text;
}
......
......@@ -291,17 +291,20 @@ class SupportTest extends \PHPUnit_Framework_TestCase {
}
public function testEncryptDoubleCurlyBraces() {
#/+open+/#
#/+close+/#
$arr = [
['', ''],
['1', '1'],
["1\n2", "1\n2"],
['{', '{'],
['#&@[[@_#', '{{'],
['#/+open+/#', '{{'],
['-\{-', '-\{-'],
['#&@[[@_##&@]]@_#-#&@[[@_##&@]]@_#', '{{}}-{{}}'],
['#&@[[@_#hello#&@[[@_#world#&@]]@_##&@]]@_#', '{{hello{{world}}}}'],
["\n\n##&@[[@_#\n#&@]]@_#", "\n\n#{{\n}}"],
['#/+open+/##/+close+/#-#/+open+/##/+close+/#', '{{}}-{{}}'],
['#/+open+/#hello#/+open+/#world#/+close+/##/+close+/#', '{{hello{{world}}}}'],
["\n\n##/+open+/#\n#/+close+/#", "\n\n#{{\n}}"],
];
foreach ($arr as $tuple) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment