mirror of
				https://github.com/pelican-dev/panel.git
				synced 2025-10-25 01:26:51 +02:00 
			
		
		
		
	Merge remote-tracking branch 'upstream/develop' into develop
This commit is contained in:
		
						commit
						2cd64c0af4
					
				
							
								
								
									
										11
									
								
								CHANGELOG.md
									
									
									
									
									
								
							
							
						
						
									
										11
									
								
								CHANGELOG.md
									
									
									
									
									
								
							| @ -3,6 +3,17 @@ This file is a running track of new features and fixes to each version of the pa | ||||
| 
 | ||||
| This project follows [Semantic Versioning](http://semver.org) guidelines. | ||||
| 
 | ||||
| ## v1.4.0 | ||||
| ### Fixed | ||||
| * Removes the use of tagging when storing server resource usage in the cache. This addresses errors encountered when using the `file` driver. | ||||
| * Fixes Wings response handling if Wings returns an error response with a 200-level status code that would improperly be passed back to the client as a successful request. | ||||
| * Fixes use of JSON specific functions in SQL queries to better support MariaDB users. | ||||
| * Fixes a migration that could fail on some MySQL/MariaDB setups when trying to encrypt node token values. | ||||
| 
 | ||||
| ### Changed | ||||
| * Increases the maximum length allowed for a server name using the Rust egg. | ||||
| * Updated server resource utilization API call to Wings to use new API response format used by `Wings@1.4.0`. | ||||
| 
 | ||||
| ## v1.3.2 | ||||
| ### Fixed | ||||
| * Fixes self-upgrade incorrectly executing the command to un-tar downloaded archives. | ||||
|  | ||||
| @ -1,11 +1,4 @@ | ||||
| <?php | ||||
| /** | ||||
|  * Pterodactyl - Panel | ||||
|  * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>. | ||||
|  * | ||||
|  * This software is licensed under the terms of the MIT license. | ||||
|  * https://opensource.org/licenses/MIT | ||||
|  */ | ||||
| 
 | ||||
| namespace Pterodactyl\Traits\Commands; | ||||
| 
 | ||||
| @ -13,6 +6,20 @@ use Pterodactyl\Exceptions\PterodactylException; | ||||
| 
 | ||||
| trait EnvironmentWriterTrait | ||||
| { | ||||
|     /** | ||||
|      * Escapes an environment value by looking for any characters that could | ||||
|      * reasonablly cause environment parsing issues. Those values are then wrapped | ||||
|      * in quotes before being returned. | ||||
|      */ | ||||
|     public function escapeEnvironmentValue(string $value): string | ||||
|     { | ||||
|         if (!preg_match('/^\"(.*)\"$/', $value) && preg_match('/([^\w.\-+\/])+/', $value)) { | ||||
|             return sprintf('"%s"', addslashes($value)); | ||||
|         } | ||||
| 
 | ||||
|         return $value; | ||||
|     } | ||||
| 
 | ||||
|     /** | ||||
|      * Update the .env file for the application using the passed in values. | ||||
|      * | ||||
| @ -28,14 +35,7 @@ trait EnvironmentWriterTrait | ||||
|         $saveContents = file_get_contents($path); | ||||
|         collect($values)->each(function ($value, $key) use (&$saveContents) { | ||||
|             $key = strtoupper($key); | ||||
|             // If the key value is not sorrounded by quotation marks, and contains anything that could reasonably
 | ||||
|             // cause environment parsing issues, wrap it in quotes before writing it. This also adds slashes to the
 | ||||
|             // value to ensure quotes within it don't cause us issues.
 | ||||
|             if (!preg_match('/^\"(.*)\"$/', $value) && preg_match('/([^\w.\-+\/])+/', $value)) { | ||||
|                 $value = sprintf('"%s"', addslashes($value)); | ||||
|             } | ||||
| 
 | ||||
|             $saveValue = sprintf('%s=%s', $key, $value); | ||||
|             $saveValue = sprintf('%s=%s', $key, $this->escapeEnvironmentValue($value)); | ||||
| 
 | ||||
|             if (preg_match_all('/^' . $key . '=(.*)$/m', $saveContents) < 1) { | ||||
|                 $saveContents = $saveContents . PHP_EOL . $saveValue; | ||||
|  | ||||
							
								
								
									
										43
									
								
								tests/Unit/Helpers/EnvironmentWriterTraitTest.php
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										43
									
								
								tests/Unit/Helpers/EnvironmentWriterTraitTest.php
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,43 @@ | ||||
| <?php | ||||
| 
 | ||||
| namespace Pterodactyl\Tests\Unit\Helpers; | ||||
| 
 | ||||
| use Pterodactyl\Tests\TestCase; | ||||
| use Pterodactyl\Traits\Commands\EnvironmentWriterTrait; | ||||
| 
 | ||||
| class EnvironmentWriterTraitTest extends TestCase | ||||
| { | ||||
|     /** | ||||
|      * @dataProvider variableDataProvider | ||||
|      */ | ||||
|     public function testVariableIsEscapedProperly($input, $expected) | ||||
|     { | ||||
|         $output = (new FooClass())->escapeEnvironmentValue($input); | ||||
| 
 | ||||
|         $this->assertSame($expected, $output); | ||||
|     } | ||||
| 
 | ||||
|     public function variableDataProvider(): array | ||||
|     { | ||||
|         return [ | ||||
|             ['foo', 'foo'], | ||||
|             ['abc123', 'abc123'], | ||||
|             ['val"ue', '"val\"ue"'], | ||||
|             ['my test value', '"my test value"'], | ||||
|             ['mysql_p@assword', '"mysql_p@assword"'], | ||||
|             ['mysql_p#assword', '"mysql_p#assword"'], | ||||
|             ['mysql p@$$word', '"mysql p@$$word"'], | ||||
|             ['mysql p%word', '"mysql p%word"'], | ||||
|             ['mysql p#word', '"mysql p#word"'], | ||||
|             ['abc_@#test', '"abc_@#test"'], | ||||
|             ['test 123 $$$', '"test 123 $$$"'], | ||||
|             ['#password%', '"#password%"'], | ||||
|             ['$pass ', '"$pass "'], | ||||
|         ]; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| class FooClass | ||||
| { | ||||
|     use EnvironmentWriterTrait; | ||||
| } | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 Julien Tant
						Julien Tant