Bug #36056: Usage of " in the Policy.yaml - TYPO3.Flow - TYPO3 Forge

TYPO3 Flow Base Distribution TYPO3.Eel TYPO3.Flow TYPO3.Fluid TYPO3.Kickstart TYPO3.Welcome Packages Applications

Bug #36056

Usage of " in the Policy.yaml

Added by Patrick Kollodzik over 3 years ago. Updated over 2 years ago.

Status:

Resolved

Start date:

2012-04-14

Priority:

Should have

Due date:

Assigned To:

Karsten Dambekalns

% Done:

100%

Category:

Security

Target version:

TYPO3 Flow Base Distribution - 1.1

PHP Version:

Complexity:

Has patch:

Affected Flow version:

Git master

Description

The Policy.yaml that comes with TYPO3.FLOW3 has the following example:

# resources:
#   methods:
#     TYPO3_FooPackage_PropertySetter: "method(TYPO3\FooPackage\SomeClass->setSomeProperty())"

If you follow that example and wrap the string with the " character, then the following expression will fail:

# resources:
#   methods:
#     ResourceName: "method(Package\LoginController\SomeClass->setSomeProperty())"

Because of the " the \L will be removed and the expression will not work as expected. If you replace the " with ' it will work.

The examples in the documentation use all the ' character, so it should be enough to change the Policy.yaml that comes with TYPO3.FLOW3. It seems it is a legal escape character for YAML, but it is a bit confusing.

The stripping happens in the YAML paser and not in FLOW3.

http://www.yaml.org/refcard.html

Associated revisions

Revision 8e9332e7
Added by Karsten Dambekalns about 3 years ago

[BUGFIX] Do not use double quotes in Policy.yaml files

To avoid potential treatment of backslashes as escape character
in YAML files, wrap strings in single quotes.

Change-Id: I0cfda2bd731fd423cb36e4cfa02dec58e8ca0f77
Fixes: #36056
Releases: 1.1

History

#1 Updated by Karsten Dambekalns over 3 years ago

Status changed from New to Accepted
Assigned To set to Karsten Dambekalns
Target version set to 1.1

#2 Updated by Gerrit Code Review about 3 years ago

Status changed from Accepted to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/11219

#3 Updated by Karsten Dambekalns about 3 years ago

Status changed from Under Review to Resolved
% Done changed from 0 to 100

#4 Updated by Hartmann Andreas over 2 years ago

As far as i can tell, this Problem is not solved in FLOW 2 beta 1

Fails under Windows 7 but seems to Work in iOS:

Login: 'methods(Nelo\Artii\Controller\LoginController->.*Action())'

Works under Windows 7

Login: 'methods(Nelo\Artii\Controller\\LoginController->.*Action())'

Also available in: Atom PDF

TYPO3.Flow

Issues

Custom queries