apply more encoding w/ tests

matomo-org / component-ini

Read and write INI configurations.

GNU Lesser General Public License v3.0

50 stars 25 forks source link

apply more encoding w/ tests #17

Closed diosmosis closed 3 years ago

sgiehl commented 3 years ago

@diosmosis not sure what problem you are trying to solve with the changes, but seems the tests are now failing on PHP 5.3.3 only. Not sure if that is relevant any longer. Maybe we could simply discontinue support for PHP 5.3 for this lib...

diosmosis commented 3 years ago

@sgiehl we recently merged a pr that fixed some output, in it it was seen that some fields will not escape for unsafe output allowing the INI to be injected (unless escaped by the caller). this was meant to fix that before releasing a new version of the component. The build fix should be simple.

sgiehl commented 3 years ago

ok. makes sense. Just out of curiosity: Is there a reason why we don't filter/escape " in values? If I see that correctly, that might also break the output, won't it?

diosmosis commented 3 years ago

:+1: didn't think of that, will look into that too

diosmosis commented 3 years ago

@sgiehl updated