From e23a4a667a5906fe389bebe287deed88063f02d7 Mon Sep 17 00:00:00 2001 From: Boy132 Date: Tue, 8 Oct 2024 23:46:06 +0200 Subject: [PATCH] Fix escaping for `EnvironmentWriterTrait` (#610) * fix escaping for EnvironmentWriterTrait * remove alphaNum from app name field * add test for `'` escaping --- app/Filament/Pages/Settings.php | 1 - app/Traits/EnvironmentWriterTrait.php | 2 +- tests/Unit/Helpers/EnvironmentWriterTraitTest.php | 1 + 3 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Filament/Pages/Settings.php b/app/Filament/Pages/Settings.php index 12d6f46af..f3ef2c2b9 100644 --- a/app/Filament/Pages/Settings.php +++ b/app/Filament/Pages/Settings.php @@ -92,7 +92,6 @@ class Settings extends Page implements HasForms TextInput::make('APP_NAME') ->label('App Name') ->required() - ->alphaNum() ->default(env('APP_NAME', 'Pelican')), TextInput::make('APP_FAVICON') ->label('App Favicon') diff --git a/app/Traits/EnvironmentWriterTrait.php b/app/Traits/EnvironmentWriterTrait.php index cd7fbdfe0..460d8000e 100644 --- a/app/Traits/EnvironmentWriterTrait.php +++ b/app/Traits/EnvironmentWriterTrait.php @@ -14,7 +14,7 @@ trait EnvironmentWriterTrait public function escapeEnvironmentValue(string $value): string { if (!preg_match('/^\"(.*)\"$/', $value) && preg_match('/([^\w.\-+\/])+/', $value)) { - return sprintf('"%s"', addslashes($value)); + return sprintf('"%s"', addcslashes($value, '\\"')); } return $value; diff --git a/tests/Unit/Helpers/EnvironmentWriterTraitTest.php b/tests/Unit/Helpers/EnvironmentWriterTraitTest.php index a700c592f..18fee0f65 100644 --- a/tests/Unit/Helpers/EnvironmentWriterTraitTest.php +++ b/tests/Unit/Helpers/EnvironmentWriterTraitTest.php @@ -23,6 +23,7 @@ class EnvironmentWriterTraitTest extends TestCase ['foo', 'foo'], ['abc123', 'abc123'], ['val"ue', '"val\"ue"'], + ['val\'ue', '"val\'ue"'], ['my test value', '"my test value"'], ['mysql_p@assword', '"mysql_p@assword"'], ['mysql_p#assword', '"mysql_p#assword"'],