TYPO3.Flow

TYPO3 Flow Base Distribution Doctrine 2 Symfony.Component.DomCrawler Symfony.Component.Yaml TYPO3.Flow TYPO3.Fluid TYPO3.Kickstart TYPO3.Party TYPO3.Welcome Packages Applications

Bug #36056

Usage of " in the Policy.yaml

Added by Patrick Kollodzik about 1 year ago. Updated 5 months ago.

Status:

Resolved

Start date:

2012-04-14

Priority:

Should have

Due date:

Assignee:

Karsten Dambekalns

% Done:

100%

Category:

Security

Target version:

TYPO3 Flow Base Distribution - 1.1

PHP Version:

Complexity:

Has patch:

FLOW3 version affected:

Git master

Votes:

Description

The Policy.yaml that comes with TYPO3.FLOW3 has the following example:

# resources:
#   methods:
#     TYPO3_FooPackage_PropertySetter: "method(TYPO3\FooPackage\SomeClass->setSomeProperty())"

If you follow that example and wrap the string with the " character, then the following expression will fail:

# resources:
#   methods:
#     ResourceName: "method(Package\LoginController\SomeClass->setSomeProperty())"

Because of the " the \L will be removed and the expression will not work as expected. If you replace the " with ' it will work.

The examples in the documentation use all the ' character, so it should be enough to change the Policy.yaml that comes with TYPO3.FLOW3. It seems it is a legal escape character for YAML, but it is a bit confusing.

The stripping happens in the YAML paser and not in FLOW3.

http://www.yaml.org/refcard.html

Associated revisions

Revision 8e9332e7
Added by Karsten Dambekalns about 1 year ago

[BUGFIX] Do not use double quotes in Policy.yaml files

To avoid potential treatment of backslashes as escape character
in YAML files, wrap strings in single quotes.

Change-Id: I0cfda2bd731fd423cb36e4cfa02dec58e8ca0f77
Fixes: #36056
Releases: 1.1

History

#1
Updated by Karsten Dambekalns about 1 year ago

Status changed from New to Accepted
Assignee set to Karsten Dambekalns
Target version set to 1.1

#2
Updated by Gerrit Code Review about 1 year ago

Status changed from Accepted to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/11219

#3
Updated by Karsten Dambekalns about 1 year ago

Status changed from Under Review to Resolved
% Done changed from 0 to 100

#4
Updated by Hartmann Andreas 5 months ago

As far as i can tell, this Problem is not solved in FLOW 2 beta 1

Fails under Windows 7 but seems to Work in iOS:

Login: 'methods(Nelo\Artii\Controller\LoginController->.*Action())'

Works under Windows 7

Login: 'methods(Nelo\Artii\Controller\\LoginController->.*Action())'

Also available in: Atom PDF

Issues

Custom queries

Bug #36056

Usage of " in the Policy.yaml

Associated revisions

History

#1
Updated by Karsten Dambekalns about 1 year ago

#2
Updated by Gerrit Code Review about 1 year ago

#3
Updated by Karsten Dambekalns about 1 year ago

#4
Updated by Hartmann Andreas 5 months ago

TYPO3.Flow

Issues

Custom queries

Bug #36056

Usage of " in the Policy.yaml

Associated revisions

History

#1 Updated by Karsten Dambekalns about 1 year ago

#2 Updated by Gerrit Code Review about 1 year ago

#3 Updated by Karsten Dambekalns about 1 year ago

#4 Updated by Hartmann Andreas 5 months ago

#1
Updated by Karsten Dambekalns about 1 year ago

#2
Updated by Gerrit Code Review about 1 year ago

#3
Updated by Karsten Dambekalns about 1 year ago

#4
Updated by Hartmann Andreas 5 months ago