Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.6k
[HttpClient] Replaceescapeshellarg to prevent overpassingARG_MAX#52429
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
[HttpClient] Replaceescapeshellarg to prevent overpassingARG_MAX#52429
Uh oh!
There was an error while loading.Please reload this page.
Conversation
src/Symfony/Component/HttpClient/DataCollector/HttpClientDataCollector.phpShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
88259df tod8be8f5Comparealexandre-daubois commentedNov 3, 2023 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
@nicolas-grekas I really like your idea of leveraging Process. I updated the code to use it first if it exists. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
LGTM after minor changes
| { | ||
| return \strlen($payload) < ('\\' === \DIRECTORY_SEPARATOR ? 8100 : 256000); | ||
| if (class_exists(Process::class)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
| if (class_exists(Process::class)) { | |
| static$useProcess; | |
| if ($useProcess ??=class_exists(Process::class)) { |
alexandre-dauboisNov 3, 2023 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I addressed your comments, thanks 🙂
| return null; | ||
| } | ||
| $dataArg[] = '--data '.escapeshellarg($payload); | ||
| $dataArg[] = '--data-raw '.$this->sanitizeArg(self::jsonEncode($json)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
we don't sanitize, we escape
| return (new Process([$payload]))->getCommandLine(); | ||
| } | ||
| if (\DIRECTORY_SEPARATOR === '\\') { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
| if (\DIRECTORY_SEPARATOR ==='\\') { | |
| if ('\\' ===\DIRECTORY_SEPARATOR) { |
d8be8f5 to3b0bb11CompareThank you@alexandre-daubois. |
…nd when files are uploaded (MatTheCat)This PR was merged into the 6.3 branch.Discussion----------[HttpClient][WebProfilerBundle] Do not generate cURL command when files are uploaded| Q | A| ------------- | ---| Branch? | 6.3| Bug fix? | yes| New feature? | no| Deprecations? | no| Issues |Fix#51366| License | MITI also removed ``@requires` extension openssl` annotations since that does not seem to be the case since#45729.Failures in AppVeyor occur because double quotes are missing around `--data-raw` values. Possibly related to#52429.Commits-------4503f94 [HttpClient][WebProfilerBundle] Do not generate cURL command when files are uploaded
Uh oh!
There was an error while loading.Please reload this page.
I'm not 100% sure if it is a bugfix or a feature.
I used Nicolas' suggestion in the issue to sanitize the input and used
--data-rawto avoid any automatic formatting.Removing the use of
escapeshellarg()also allows to removeHttpClientDataCollectorTest::testItDoesNotGeneratesCurlCommandsForNotEncodableBody(). Indeed, the body can now be encoded and will result on the following cURL command: