Properly escape all filenames when exporting breakpoints

2024-09-22 02:17:32 +00:00 · 2016-11-13 12:55:35 +01:00 · 2016-11-13 12:55:35 +01:00 · ba75d4c50b
commit ba75d4c50b
parent 57c0773cd7
6 changed files with 19 additions and 12 deletions
--- a/sapi/phpdbg/phpdbg_bp.c
+++ b/sapi/phpdbg/phpdbg_bp.c
@ -25,6 +25,7 @@
 #include "phpdbg_utils.h"
 #include "phpdbg_opcode.h"
 #include "zend_globals.h"
+#include "ext/standard/php_string.h"

 ZEND_EXTERN_MODULE_GLOBALS(phpdbg)

@ -135,10 +136,12 @@ PHPDBG_API void phpdbg_export_breakpoints_to_string(char **str) /* {{{ */

 					switch (brake->type) {
 						case PHPDBG_BREAK_FILE: {
+							zend_string *filename = php_addcslashes(zend_string_init(((phpdbg_breakfile_t*)brake)->filename, strlen(((phpdbg_breakfile_t*)brake)->filename), 0), 1, "\\\"\n", 3);
 							phpdbg_asprintf(&new_str,
 								"%sbreak \"%s\":%lu\n", *str,
-								((phpdbg_breakfile_t*)brake)->filename,
+								ZSTR_VAL(filename),
 								((phpdbg_breakfile_t*)brake)->line);
+							zend_string_release(filename);
 						} break;

 						case PHPDBG_BREAK_SYM: {
@ -170,10 +173,12 @@ PHPDBG_API void phpdbg_export_breakpoints_to_string(char **str) /* {{{ */
 						} break;

 						case PHPDBG_BREAK_FILE_OPLINE: {
+							zend_string *filename = php_addcslashes(zend_string_init(((phpdbg_breakopline_t*)brake)->class_name, strlen(((phpdbg_breakopline_t*)brake)->class_name), 0), 1, "\\\"\n", 3);
 							phpdbg_asprintf(&new_str,
-								"%sbreak %s:#%llu\n", *str,
-								((phpdbg_breakopline_t*)brake)->class_name,
+								"%sbreak \"%s\":#%llu\n", *str,
+								filename,
 								((phpdbg_breakopline_t*)brake)->opline_num);
+							zend_string_release(filename);
 						} break;

 						case PHPDBG_BREAK_OPCODE: {
@ -199,12 +204,14 @@ PHPDBG_API void phpdbg_export_breakpoints_to_string(char **str) /* {{{ */
 											conditional->code);
 									break;

-									case FILE_PARAM:
+									case FILE_PARAM: {
+										zend_string *filename = php_addcslashes(zend_string_init(conditional->param.file.name, strlen(conditional->param.file.name), 0), 1, "\\\"\n", 3);
 										phpdbg_asprintf(&new_str,
-											"%sbreak at %s:%lu if %s\n", *str,
+											"%sbreak at \"%s\":%lu if %s\n", *str,
 											conditional->param.file.name, conditional->param.file.line,
 											conditional->code);
-									break;
+										zend_string_release(filename);
+									} break;

 									default: { /* do nothing */ } break;
 								}
--- a/sapi/phpdbg/phpdbg_lexer.c
+++ b/sapi/phpdbg/phpdbg_lexer.c
@ -534,7 +534,7 @@ yy39:
 #line 161 "sapi/phpdbg/phpdbg_lexer.l"
 		{
 	phpdbg_init_param(yylval, STR_PARAM);
-	yylval->str = estrndup(yytext + (*yytext == '\'' || *yytext == '\"'), yyleng - unescape_string(yytext));
+	yylval->str = estrndup(yytext, yyleng - unescape_string(yytext));
 	yylval->len = yyleng;
 	return T_ID;
 }
--- a/sapi/phpdbg/phpdbg_lexer.l
+++ b/sapi/phpdbg/phpdbg_lexer.l
@ -160,7 +160,7 @@ INPUT       ("\\"[#"']|["]("\\\\"|"\\"["]|[^\n\000"])+["]|[']("\\"[']|"\\\\"|[^\

 <NORMAL>{GENERIC_ID} {
 	phpdbg_init_param(yylval, STR_PARAM);
-	yylval->str = estrndup(yytext + (*yytext == '\'' || *yytext == '\"'), yyleng - unescape_string(yytext));
+	yylval->str = estrndup(yytext, yyleng - unescape_string(yytext));
 	yylval->len = yyleng;
 	return T_ID;
 }
--- a/sapi/phpdbg/phpdbg_utils.c
+++ b/sapi/phpdbg/phpdbg_utils.c
@ -807,7 +807,7 @@ char *phpdbg_short_zval_print(zval *zv, int maxlen) /* {{{ */
 			break;
 		case IS_STRING: {
 			int i;
-			zend_string *str = php_addcslashes(Z_STR_P(zv), 0, "\\\"", 2);
+			zend_string *str = php_addcslashes(Z_STR_P(zv), 0, "\\\"\n\t\0", 5);
 			for (i = 0; i < ZSTR_LEN(str); i++) {
 				if (ZSTR_VAL(str)[i] < 32) {
 					ZSTR_VAL(str)[i] = ' ';
--- a/sapi/phpdbg/tests/exceptions_003.phpt
+++ b/sapi/phpdbg/tests/exceptions_003.phpt
@ -20,7 +20,7 @@ prompt> [L0 %s HANDLE_EXCEPTION
 >00005: 		x();
 00006: 	} finally {
 00007: 		print "ok\n";
-prompt> [L7 %s ECHO                    "ok "                                                          %s]
+prompt> [L7 %s ECHO                    "ok\n"                                                         %s]
 >00007: 		print "ok\n";
 00008: 	}
 00009: } catch (Error $e) {
@ -30,7 +30,7 @@ prompt> ok
 >00005: 		x();
 00006: 	} finally {
 00007: 		print "ok\n";
-prompt> [L10 %s ECHO                    "caught "                                                      %s]
+prompt> [L10 %s ECHO                    "caught\n"                                                     %s]
 >00010: 	print "caught\n";
 00011: }
 00012: 
--- a/sapi/phpdbg/tests/info_001.phpt
+++ b/sapi/phpdbg/tests/info_001.phpt
@ -32,7 +32,7 @@ prompt> string(4) "test"
 00017: 
 prompt> [Variables in foo() (1)]
 Address            Refs    Type      Variable
-%s 1       string    $baz
+%s %d       string    $baz
 string (4) "test"
 prompt> [Superglobal variables (8)]
 Address            Refs    Type      Variable