From 6ef60633d3b73a1fe1d65b1fe54aa4d510f883e1 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sat, 24 Apr 2021 16:39:56 -0700 Subject: [PATCH] Additional coverage to ensure values are wrapped as expected; ref #3287 --- .../Commands/EnvironmentWriterTrait.php | 30 ++++++------- .../Helpers/EnvironmentWriterTraitTest.php | 43 +++++++++++++++++++ 2 files changed, 58 insertions(+), 15 deletions(-) create mode 100644 tests/Unit/Helpers/EnvironmentWriterTraitTest.php diff --git a/app/Traits/Commands/EnvironmentWriterTrait.php b/app/Traits/Commands/EnvironmentWriterTrait.php index 10692a9a..5435dc32 100644 --- a/app/Traits/Commands/EnvironmentWriterTrait.php +++ b/app/Traits/Commands/EnvironmentWriterTrait.php @@ -1,11 +1,4 @@ . - * - * This software is licensed under the terms of the MIT license. - * https://opensource.org/licenses/MIT - */ namespace Pterodactyl\Traits\Commands; @@ -13,6 +6,20 @@ use Pterodactyl\Exceptions\PterodactylException; trait EnvironmentWriterTrait { + /** + * Escapes an environment value by looking for any characters that could + * reasonablly cause environment parsing issues. Those values are then wrapped + * in quotes before being returned. + */ + public function escapeEnvironmentValue(string $value): string + { + if (!preg_match('/^\"(.*)\"$/', $value) && preg_match('/([^\w.\-+\/])+/', $value)) { + return sprintf('"%s"', addslashes($value)); + } + + return $value; + } + /** * Update the .env file for the application using the passed in values. * @@ -28,14 +35,7 @@ trait EnvironmentWriterTrait $saveContents = file_get_contents($path); collect($values)->each(function ($value, $key) use (&$saveContents) { $key = strtoupper($key); - // If the key value is not sorrounded by quotation marks, and contains anything that could reasonably - // cause environment parsing issues, wrap it in quotes before writing it. This also adds slashes to the - // value to ensure quotes within it don't cause us issues. - if (!preg_match('/^\"(.*)\"$/', $value) && preg_match('/([^\w.\-+\/])+/', $value)) { - $value = sprintf('"%s"', addslashes($value)); - } - - $saveValue = sprintf('%s=%s', $key, $value); + $saveValue = sprintf('%s=%s', $key, $this->escapeEnvironmentValue($value)); if (preg_match_all('/^' . $key . '=(.*)$/m', $saveContents) < 1) { $saveContents = $saveContents . PHP_EOL . $saveValue; diff --git a/tests/Unit/Helpers/EnvironmentWriterTraitTest.php b/tests/Unit/Helpers/EnvironmentWriterTraitTest.php new file mode 100644 index 00000000..f2022f79 --- /dev/null +++ b/tests/Unit/Helpers/EnvironmentWriterTraitTest.php @@ -0,0 +1,43 @@ +escapeEnvironmentValue($input); + + $this->assertSame($expected, $output); + } + + public function variableDataProvider(): array + { + return [ + ['foo', 'foo'], + ['abc123', 'abc123'], + ['val"ue', '"val\"ue"'], + ['my test value', '"my test value"'], + ['mysql_p@assword', '"mysql_p@assword"'], + ['mysql_p#assword', '"mysql_p#assword"'], + ['mysql p@$$word', '"mysql p@$$word"'], + ['mysql p%word', '"mysql p%word"'], + ['mysql p#word', '"mysql p#word"'], + ['abc_@#test', '"abc_@#test"'], + ['test 123 $$$', '"test 123 $$$"'], + ['#password%', '"#password%"'], + ['$pass ', '"$pass "'], + ]; + } +} + +class FooClass +{ + use EnvironmentWriterTrait; +}