Skip to content

Commit

Permalink
Add raw string filter for environment variables
Browse files Browse the repository at this point in the history
This allows secret-like environment variables such as db passwords to contain special characters and not being escaped by previous `FILTER_STRING` filter.
  • Loading branch information
amiut committed Feb 23, 2024
1 parent 76ef537 commit f8cfbf5
Show file tree
Hide file tree
Showing 5 changed files with 44 additions and 15 deletions.
16 changes: 16 additions & 0 deletions src/Env/Filters.php
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ final class Filters
public const FILTER_INT_OR_BOOL = 'int|bool';
public const FILTER_STRING_OR_BOOL = 'string|bool';
public const FILTER_STRING = 'string';
public const FILTER_RAW_STRING = 'raw-string';
public const FILTER_OCTAL_MOD = 'mod';
public const FILTER_TABLE_PREFIX = 'table-prefix';

Expand Down Expand Up @@ -87,6 +88,8 @@ private function applyFilter(string $mode, $value)
return $this->filterFloat($value);
case self::FILTER_STRING:
return $this->filterString($value);
case self::FILTER_RAW_STRING:
return $this->filterRawString($value);
case self::FILTER_INT_OR_BOOL:
return $this->filterIntOrBool($value);
case self::FILTER_STRING_OR_BOOL:
Expand Down Expand Up @@ -157,6 +160,19 @@ private function filterString($value): string
return htmlspecialchars(strip_tags((string)$value), ENT_QUOTES, 'UTF-8', false);
}

/**
* @param mixed $value
* @return string
*/
private function filterRawString($value): string
{
if (!is_scalar($value)) {
throw new \Exception('Invalid scalar.');
}

return addslashes((string)$value);
}

/**
* @param mixed $value
* @return bool|int
Expand Down
26 changes: 13 additions & 13 deletions src/Env/WordPressEnvBridge.php
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,8 @@ class WordPressEnvBridge
'ALLOW_UNFILTERED_UPLOADS' => Filters::FILTER_BOOL,
'ALTERNATE_WP_CRON' => Filters::FILTER_BOOL,
'AUTH_COOKIE' => Filters::FILTER_STRING,
'AUTH_KEY' => Filters::FILTER_STRING,
'AUTH_SALT' => Filters::FILTER_STRING,
'AUTH_KEY' => Filters::FILTER_RAW_STRING,
'AUTH_SALT' => Filters::FILTER_RAW_STRING,
'AUTOMATIC_UPDATER_DISABLED' => Filters::FILTER_BOOL,
'AUTOSAVE_INTERVAL' => Filters::FILTER_INT,

Expand All @@ -50,7 +50,7 @@ class WordPressEnvBridge
'DB_COLLATE' => Filters::FILTER_STRING,
'DB_HOST' => Filters::FILTER_STRING,
'DB_NAME' => Filters::FILTER_STRING,
'DB_PASSWORD' => Filters::FILTER_STRING,
'DB_PASSWORD' => Filters::FILTER_RAW_STRING,
'DB_USER' => Filters::FILTER_STRING,
'DIEONDBERROR' => Filters::FILTER_BOOL,
'DISABLE_WP_CRON' => Filters::FILTER_BOOL,
Expand Down Expand Up @@ -80,7 +80,7 @@ class WordPressEnvBridge
'FTP_FORCE' => Filters::FILTER_BOOL,
'FTP_HOST' => Filters::FILTER_STRING,
'FTP_LANG_DIR' => Filters::FILTER_STRING,
'FTP_PASS' => Filters::FILTER_STRING,
'FTP_PASS' => Filters::FILTER_RAW_STRING,
'FTP_PLUGIN_DIR' => Filters::FILTER_STRING,
'FTP_PRIKEY' => Filters::FILTER_STRING,
'FTP_PUBKEY' => Filters::FILTER_STRING,
Expand All @@ -97,8 +97,8 @@ class WordPressEnvBridge

'LANGDIR' => Filters::FILTER_STRING,
'LOGGED_IN_COOKIE' => Filters::FILTER_STRING,
'LOGGED_IN_KEY' => Filters::FILTER_STRING,
'LOGGED_IN_SALT' => Filters::FILTER_STRING,
'LOGGED_IN_KEY' => Filters::FILTER_RAW_STRING,
'LOGGED_IN_SALT' => Filters::FILTER_RAW_STRING,

'MEDIA_TRASH' => Filters::FILTER_BOOL,
'MULTISITE' => Filters::FILTER_BOOL,
Expand All @@ -108,8 +108,8 @@ class WordPressEnvBridge
'MYSQL_NEW_LINK' => Filters::FILTER_BOOL,

'NOBLOGREDIRECT' => Filters::FILTER_STRING,
'NONCE_KEY' => Filters::FILTER_STRING,
'NONCE_SALT' => Filters::FILTER_STRING,
'NONCE_KEY' => Filters::FILTER_RAW_STRING,
'NONCE_SALT' => Filters::FILTER_RAW_STRING,
'NO_HEADER_TEXT' => Filters::FILTER_STRING,

'PASS_COOKIE' => Filters::FILTER_STRING,
Expand All @@ -129,11 +129,11 @@ class WordPressEnvBridge

'SAVEQUERIES' => Filters::FILTER_BOOL,
'SCRIPT_DEBUG' => Filters::FILTER_BOOL,
'SECRET_KEY' => Filters::FILTER_STRING,
'SECRET_SALT' => Filters::FILTER_STRING,
'SECRET_KEY' => Filters::FILTER_RAW_STRING,
'SECRET_SALT' => Filters::FILTER_RAW_STRING,
'SECURE_AUTH_COOKIE' => Filters::FILTER_STRING,
'SECURE_AUTH_KEY' => Filters::FILTER_STRING,
'SECURE_AUTH_SALT' => Filters::FILTER_STRING,
'SECURE_AUTH_KEY' => Filters::FILTER_RAW_STRING,
'SECURE_AUTH_SALT' => Filters::FILTER_RAW_STRING,
'SHORTINIT' => Filters::FILTER_BOOL,
'SITECOOKIEPATH' => Filters::FILTER_STRING,
'SITE_ID_CURRENT_SITE' => Filters::FILTER_INT,
Expand Down Expand Up @@ -177,7 +177,7 @@ class WordPressEnvBridge
'WP_POST_REVISIONS' => Filters::FILTER_INT_OR_BOOL,
'WP_PROXY_BYPASS_HOSTS' => Filters::FILTER_STRING,
'WP_PROXY_HOST' => Filters::FILTER_STRING,
'WP_PROXY_PASSWORD' => Filters::FILTER_STRING,
'WP_PROXY_PASSWORD' => Filters::FILTER_RAW_STRING,
'WP_PROXY_PORT' => Filters::FILTER_INT,
'WP_PROXY_USERNAME' => Filters::FILTER_STRING,
'WP_SITEURL' => Filters::FILTER_STRING,
Expand Down
2 changes: 1 addition & 1 deletion tests/fixtures/example.env
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
DB_HOST=localhost
DB_NAME=wp
DB_PASSWORD="my secret!"
DB_PASSWORD="foo&bar!baz<qux"
DB_TABLE_PREFIX=xxx_
DB_USER="${DB_NAME}_user"

Expand Down
2 changes: 1 addition & 1 deletion tests/integration/Env/WordPressEnvBridgeTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ public function testLoadFile(): void

static::assertSame('localhost', $bridge->read('DB_HOST'));
static::assertSame('wp', $bridge->read('DB_NAME'));
static::assertSame('my secret!', $bridge->read('DB_PASSWORD'));
static::assertSame('foo&bar!baz<qux', $bridge->read('DB_PASSWORD'));
static::assertSame('xxx_', $bridge->read('DB_TABLE_PREFIX'));
static::assertSame('wp_user', $bridge->read('DB_USER'));
static::assertSame('', $bridge->read('COOKIE_DOMAIN'));
Expand Down
13 changes: 13 additions & 0 deletions tests/unit/Env/FiltersTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,19 @@ public static function filterDataProvider(): array
[Filters::FILTER_STRING, [], null],
[Filters::FILTER_STRING, '', ''],
[Filters::FILTER_STRING, "", ''],
[Filters::FILTER_RAW_STRING, 1, '1'],
[Filters::FILTER_RAW_STRING, 123.456, '123.456'],
[Filters::FILTER_RAW_STRING, 0, '0'],
[Filters::FILTER_RAW_STRING, new \ArrayObject(), null],
[Filters::FILTER_RAW_STRING, false, ''],
[Filters::FILTER_RAW_STRING, true, '1'],
[Filters::FILTER_RAW_STRING, [], null],
[Filters::FILTER_RAW_STRING, '', ''],
[Filters::FILTER_RAW_STRING, "", ''],
[Filters::FILTER_RAW_STRING, 'hello!', 'hello!'],
[Filters::FILTER_RAW_STRING, 'foo&bar', 'foo&bar'],
[Filters::FILTER_RAW_STRING, 'foo<bar', 'foo<bar'],
[Filters::FILTER_RAW_STRING, "foo'", "foo\'"],
[Filters::FILTER_INT_OR_BOOL, 1, 1],
[Filters::FILTER_INT_OR_BOOL, '1', 1],
[Filters::FILTER_INT_OR_BOOL, 123.123, 123],
Expand Down

0 comments on commit f8cfbf5

Please sign in to comment.