mustangostang / spyc

A simple YAML loader/dumper class for PHP
MIT License
712 stars 207 forks source link

Problems with string values that contain dollar sign followed by a number #72

Open kuntur-studio opened 6 years ago

kuntur-studio commented 6 years ago

Well, I was trying to store a hash of a password on a yaml file and the value retrieved by spyc had some missing characters. Looking closely I found that the missings were $1, $10 and that kind of combinations, then making some tracing I get to the line 780 and found this: $explode[$key] = preg_replace('/YAMLString/',$saved_strings[$stringi],$value, 1); So preg_replace thinks that those are backreferences and tries to do some replacing... I think, that the same will be happening on other places too.

To solve it look at: http://php.net/manual/en/function.preg-replace.php#106263

kuntur-studio commented 6 years ago

preg_quote will not work for quoting the replacement string, it is intended to work with patterns. So as written here: https://www.sitepoint.com/community/t/how-to-escape-replacement-string-for-preg-replace/5769/12

I've escaped the replacement string using this: $explode[$key] = preg_replace('/YAMLString/', strtr($saved_strings[$stringi], array('\\' => '\\\\', '$' => '\$')), $value, 1);

Tested and working!