Fix escaping for EnvironmentWriterTrait (#610)

* fix escaping for EnvironmentWriterTrait * remove alphaNum from app name field * add test for `'` escaping
2025-05-19 23:24:46 +02:00 · 2024-10-08 23:46:06 +02:00 · 2024-10-08 23:46:06 +02:00 · e23a4a667a
commit e23a4a667a
parent a946669dc8
3 changed files with 2 additions and 2 deletions
--- a/app/Filament/Pages/Settings.php
+++ b/app/Filament/Pages/Settings.php
@ -92,7 +92,6 @@ class Settings extends Page implements HasForms
            TextInput::make('APP_NAME')
                ->label('App Name')
                ->required()
-                ->alphaNum()
                ->default(env('APP_NAME', 'Pelican')),
            TextInput::make('APP_FAVICON')
                ->label('App Favicon')
--- a/app/Traits/EnvironmentWriterTrait.php
+++ b/app/Traits/EnvironmentWriterTrait.php
@ -14,7 +14,7 @@ trait EnvironmentWriterTrait
    public function escapeEnvironmentValue(string $value): string
    {
        if (!preg_match('/^\"(.*)\"$/', $value) && preg_match('/([^\w.\-+\/])+/', $value)) {
-            return sprintf('"%s"', addslashes($value));
+            return sprintf('"%s"', addcslashes($value, '\\"'));
        }

        return $value;
--- a/tests/Unit/Helpers/EnvironmentWriterTraitTest.php
+++ b/tests/Unit/Helpers/EnvironmentWriterTraitTest.php
@ -23,6 +23,7 @@ class EnvironmentWriterTraitTest extends TestCase
            ['foo', 'foo'],
            ['abc123', 'abc123'],
            ['val"ue', '"val\"ue"'],
+            ['val\'ue', '"val\'ue"'],
            ['my test value', '"my test value"'],
            ['mysql_p@assword', '"mysql_p@assword"'],
            ['mysql_p#assword', '"mysql_p#assword"'],