Skip to content

Commit d2228e8

Browse files
j92j92
committed
Updated regex and excluded certain characters
1 parent 3806a60 commit d2228e8

File tree

3 files changed

+9
-1
lines changed

3 files changed

+9
-1
lines changed

src/Symfony/Component/Dotenv/.env

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
FOOBAR=${BAR:=production}

src/Symfony/Component/Dotenv/Dotenv.php

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -427,7 +427,7 @@ private function resolveVariables($value)
427427
(?!\() # no opening parenthesis
428428
(?P<opening_brace>\{)? # optional brace
429429
(?P<name>'.self::VARNAME_REGEX.')? # var name
430-
(?P<default_value>(?:(:-)([^\}]+)))? # optional default value
430+
(?P<default_value>:-[^\}]+)? # optional default value
431431
(?P<closing_brace>\})? # optional closing brace
432432
/x';
433433

@@ -458,6 +458,10 @@ private function resolveVariables($value)
458458
}
459459

460460
if ('' === $value && isset($matches['default_value'])) {
461+
if (strpbrk($matches['default_value'], '\'"{}$')) {
462+
throw $this->createFormatException('Invalid character in default value');
463+
}
464+
461465
$value = substr($matches['default_value'], 2);
462466
}
463467

src/Symfony/Component/Dotenv/Tests/DotenvTest.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,9 @@ public function getEnvDataWithFormatErrors()
4848
['FOO!', "Missing = in the environment variable declaration in \".env\" at line 1.\n...FOO!...\n ^ line 1 offset 3"],
4949
['FOO=$(echo foo', "Missing closing parenthesis. in \".env\" at line 1.\n...FOO=$(echo foo...\n ^ line 1 offset 14"],
5050
['FOO=$(echo foo'."\n", "Missing closing parenthesis. in \".env\" at line 1.\n...FOO=$(echo foo\\n...\n ^ line 1 offset 14"],
51+
["FOO=\nBAR=\${FOO:-\'a{a}a}", "Invalid character in default value in \".env\" at line 2.\n...\\nBAR=\${FOO:-\'a{a}a}...\n ^ line 2 offset 24"],
52+
["FOO=\nBAR=\${FOO:-a\$a}", "Invalid character in default value in \".env\" at line 2.\n...FOO=\\nBAR=\${FOO:-a\$a}...\n ^ line 2 offset 20"],
53+
["FOO=\nBAR=\${FOO:-a\"a}", "Unclosed braces on variable expansion in \".env\" at line 2.\n...FOO=\\nBAR=\${FOO:-a\"a}...\n ^ line 2 offset 17"],
5154
];
5255

5356
if ('\\' !== \DIRECTORY_SEPARATOR) {

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy