mirror of
				https://github.com/pelican-dev/panel.git
				synced 2025-10-25 12:36:51 +02:00 
			
		
		
		
	Merge remote-tracking branch 'upstream/develop' into develop
This commit is contained in:
		
						commit
						2cd64c0af4
					
				
							
								
								
									
										11
									
								
								CHANGELOG.md
									
									
									
									
									
								
							
							
						
						
									
										11
									
								
								CHANGELOG.md
									
									
									
									
									
								
							| @ -3,6 +3,17 @@ This file is a running track of new features and fixes to each version of the pa | |||||||
| 
 | 
 | ||||||
| This project follows [Semantic Versioning](http://semver.org) guidelines. | This project follows [Semantic Versioning](http://semver.org) guidelines. | ||||||
| 
 | 
 | ||||||
|  | ## v1.4.0 | ||||||
|  | ### Fixed | ||||||
|  | * Removes the use of tagging when storing server resource usage in the cache. This addresses errors encountered when using the `file` driver. | ||||||
|  | * Fixes Wings response handling if Wings returns an error response with a 200-level status code that would improperly be passed back to the client as a successful request. | ||||||
|  | * Fixes use of JSON specific functions in SQL queries to better support MariaDB users. | ||||||
|  | * Fixes a migration that could fail on some MySQL/MariaDB setups when trying to encrypt node token values. | ||||||
|  | 
 | ||||||
|  | ### Changed | ||||||
|  | * Increases the maximum length allowed for a server name using the Rust egg. | ||||||
|  | * Updated server resource utilization API call to Wings to use new API response format used by `Wings@1.4.0`. | ||||||
|  | 
 | ||||||
| ## v1.3.2 | ## v1.3.2 | ||||||
| ### Fixed | ### Fixed | ||||||
| * Fixes self-upgrade incorrectly executing the command to un-tar downloaded archives. | * Fixes self-upgrade incorrectly executing the command to un-tar downloaded archives. | ||||||
|  | |||||||
| @ -1,11 +1,4 @@ | |||||||
| <?php | <?php | ||||||
| /** |  | ||||||
|  * Pterodactyl - Panel |  | ||||||
|  * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>. |  | ||||||
|  * |  | ||||||
|  * This software is licensed under the terms of the MIT license. |  | ||||||
|  * https://opensource.org/licenses/MIT |  | ||||||
|  */ |  | ||||||
| 
 | 
 | ||||||
| namespace Pterodactyl\Traits\Commands; | namespace Pterodactyl\Traits\Commands; | ||||||
| 
 | 
 | ||||||
| @ -13,6 +6,20 @@ use Pterodactyl\Exceptions\PterodactylException; | |||||||
| 
 | 
 | ||||||
| trait EnvironmentWriterTrait | trait EnvironmentWriterTrait | ||||||
| { | { | ||||||
|  |     /** | ||||||
|  |      * Escapes an environment value by looking for any characters that could | ||||||
|  |      * reasonablly cause environment parsing issues. Those values are then wrapped | ||||||
|  |      * in quotes before being returned. | ||||||
|  |      */ | ||||||
|  |     public function escapeEnvironmentValue(string $value): string | ||||||
|  |     { | ||||||
|  |         if (!preg_match('/^\"(.*)\"$/', $value) && preg_match('/([^\w.\-+\/])+/', $value)) { | ||||||
|  |             return sprintf('"%s"', addslashes($value)); | ||||||
|  |         } | ||||||
|  | 
 | ||||||
|  |         return $value; | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|     /** |     /** | ||||||
|      * Update the .env file for the application using the passed in values. |      * Update the .env file for the application using the passed in values. | ||||||
|      * |      * | ||||||
| @ -28,14 +35,7 @@ trait EnvironmentWriterTrait | |||||||
|         $saveContents = file_get_contents($path); |         $saveContents = file_get_contents($path); | ||||||
|         collect($values)->each(function ($value, $key) use (&$saveContents) { |         collect($values)->each(function ($value, $key) use (&$saveContents) { | ||||||
|             $key = strtoupper($key); |             $key = strtoupper($key); | ||||||
|             // If the key value is not sorrounded by quotation marks, and contains anything that could reasonably
 |             $saveValue = sprintf('%s=%s', $key, $this->escapeEnvironmentValue($value)); | ||||||
|             // cause environment parsing issues, wrap it in quotes before writing it. This also adds slashes to the
 |  | ||||||
|             // value to ensure quotes within it don't cause us issues.
 |  | ||||||
|             if (!preg_match('/^\"(.*)\"$/', $value) && preg_match('/([^\w.\-+\/])+/', $value)) { |  | ||||||
|                 $value = sprintf('"%s"', addslashes($value)); |  | ||||||
|             } |  | ||||||
| 
 |  | ||||||
|             $saveValue = sprintf('%s=%s', $key, $value); |  | ||||||
| 
 | 
 | ||||||
|             if (preg_match_all('/^' . $key . '=(.*)$/m', $saveContents) < 1) { |             if (preg_match_all('/^' . $key . '=(.*)$/m', $saveContents) < 1) { | ||||||
|                 $saveContents = $saveContents . PHP_EOL . $saveValue; |                 $saveContents = $saveContents . PHP_EOL . $saveValue; | ||||||
|  | |||||||
							
								
								
									
										43
									
								
								tests/Unit/Helpers/EnvironmentWriterTraitTest.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										43
									
								
								tests/Unit/Helpers/EnvironmentWriterTraitTest.php
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,43 @@ | |||||||
|  | <?php | ||||||
|  | 
 | ||||||
|  | namespace Pterodactyl\Tests\Unit\Helpers; | ||||||
|  | 
 | ||||||
|  | use Pterodactyl\Tests\TestCase; | ||||||
|  | use Pterodactyl\Traits\Commands\EnvironmentWriterTrait; | ||||||
|  | 
 | ||||||
|  | class EnvironmentWriterTraitTest extends TestCase | ||||||
|  | { | ||||||
|  |     /** | ||||||
|  |      * @dataProvider variableDataProvider | ||||||
|  |      */ | ||||||
|  |     public function testVariableIsEscapedProperly($input, $expected) | ||||||
|  |     { | ||||||
|  |         $output = (new FooClass())->escapeEnvironmentValue($input); | ||||||
|  | 
 | ||||||
|  |         $this->assertSame($expected, $output); | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     public function variableDataProvider(): array | ||||||
|  |     { | ||||||
|  |         return [ | ||||||
|  |             ['foo', 'foo'], | ||||||
|  |             ['abc123', 'abc123'], | ||||||
|  |             ['val"ue', '"val\"ue"'], | ||||||
|  |             ['my test value', '"my test value"'], | ||||||
|  |             ['mysql_p@assword', '"mysql_p@assword"'], | ||||||
|  |             ['mysql_p#assword', '"mysql_p#assword"'], | ||||||
|  |             ['mysql p@$$word', '"mysql p@$$word"'], | ||||||
|  |             ['mysql p%word', '"mysql p%word"'], | ||||||
|  |             ['mysql p#word', '"mysql p#word"'], | ||||||
|  |             ['abc_@#test', '"abc_@#test"'], | ||||||
|  |             ['test 123 $$$', '"test 123 $$$"'], | ||||||
|  |             ['#password%', '"#password%"'], | ||||||
|  |             ['$pass ', '"$pass "'], | ||||||
|  |         ]; | ||||||
|  |     } | ||||||
|  | } | ||||||
|  | 
 | ||||||
|  | class FooClass | ||||||
|  | { | ||||||
|  |     use EnvironmentWriterTrait; | ||||||
|  | } | ||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 Julien Tant
						Julien Tant