From c7dcd82f035cf3492e2687d56b276522f9a33904 Mon Sep 17 00:00:00 2001 From: Julien Falque Date: Mon, 7 Sep 2020 20:13:13 +0200 Subject: [PATCH] Prevent parsing invalid octal digits as octal numbers --- src/Symfony/Component/Yaml/Inline.php | 8 ++++---- src/Symfony/Component/Yaml/Tests/InlineTest.php | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/Symfony/Component/Yaml/Inline.php b/src/Symfony/Component/Yaml/Inline.php index a5c520eb80e43..5f8fd55c793be 100644 --- a/src/Symfony/Component/Yaml/Inline.php +++ b/src/Symfony/Component/Yaml/Inline.php @@ -759,16 +759,16 @@ private static function evaluateScalar($scalar, $flags, $references = []) switch (true) { case ctype_digit($scalar): - if ('0' === $scalar[0]) { - return octdec(preg_replace('/[^0-7]/', '', $scalar)); + if (preg_match('/^0[0-7]+$/', $scalar)) { + return octdec($scalar); } $cast = (int) $scalar; return ($scalar === (string) $cast) ? $cast : $scalar; case '-' === $scalar[0] && ctype_digit(substr($scalar, 1)): - if ('0' === $scalar[1]) { - return -octdec(preg_replace('/[^0-7]/', '', substr($scalar, 1))); + if (preg_match('/^-0[0-7]+$/', $scalar)) { + return -octdec(substr($scalar, 1)); } $cast = (int) $scalar; diff --git a/src/Symfony/Component/Yaml/Tests/InlineTest.php b/src/Symfony/Component/Yaml/Tests/InlineTest.php index 32c6a681cea6b..d1eb2f7a5de76 100644 --- a/src/Symfony/Component/Yaml/Tests/InlineTest.php +++ b/src/Symfony/Component/Yaml/Tests/InlineTest.php @@ -853,11 +853,11 @@ public function phpConstTagWithEmptyValueProvider() public function testParsePositiveOctalNumberContainingInvalidDigits() { - self::assertSame(342391, Inline::parse('0123456789')); + self::assertSame('0123456789', Inline::parse('0123456789')); } public function testParseNegativeOctalNumberContainingInvalidDigits() { - self::assertSame(-342391, Inline::parse('-0123456789')); + self::assertSame('-0123456789', Inline::parse('-0123456789')); } } pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy