diff options
| author | Adam Harvey <aharvey@php.net> | 2013-01-15 15:17:45 +0800 |
|---|---|---|
| committer | Adam Harvey <aharvey@php.net> | 2013-01-15 15:17:45 +0800 |
| commit | 9b5cb0e8059b1e8bec096067491ed8d75f878938 (patch) | |
| tree | 2254b9c51bea29316791f8fbb08fc5254941850d | |
| parent | e1410b5a70543856de3978603b41fbf2ca5d330c (diff) | |
| download | php-git-9b5cb0e8059b1e8bec096067491ed8d75f878938.tar.gz | |
Update fputcsv() to escape all characters equally.
At present, backslashes have special case handling within fputcsv(): when one
is encountered within a field that's being escaped, escaping stops until the
next instance of the enclosure character is hit. This can result in malformed
CSV.
Fixes bug #43225 (fputcsv incorrectly handles cells ending in \ followed by ").
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/standard/file.c | 10 | ||||
| -rw-r--r-- | ext/standard/tests/file/fputcsv.phpt | 10 | ||||
| -rw-r--r-- | ext/standard/tests/file/fputcsv_bug43225.phpt | 20 |
4 files changed, 29 insertions, 13 deletions
@@ -12,6 +12,8 @@ PHP NEWS - Core . Fixed bug #63943 (Bad warning text from strpos() on empty needle). (Laruence) + . Fixed bug #43225 (fputcsv incorrectly handles cells ending in \ followed + by "). (Adam) - cURL extension: . Fixed bug (segfault due to libcurl connection caching). (Pierrick) diff --git a/ext/standard/file.c b/ext/standard/file.c index 8b18155cf8..fa85bf1b3a 100644 --- a/ext/standard/file.c +++ b/ext/standard/file.c @@ -1953,7 +1953,6 @@ PHP_FUNCTION(fputcsv) { char delimiter = ','; /* allow this to be set as parameter */ char enclosure = '"'; /* allow this to be set as parameter */ - const char escape_char = '\\'; php_stream *stream; int ret; zval *fp = NULL, *fields = NULL, **field_tmp = NULL, field; @@ -2008,24 +2007,19 @@ PHP_FUNCTION(fputcsv) /* enclose a field that contains a delimiter, an enclosure character, or a newline */ if (FPUTCSV_FLD_CHK(delimiter) || FPUTCSV_FLD_CHK(enclosure) || - FPUTCSV_FLD_CHK(escape_char) || FPUTCSV_FLD_CHK('\n') || FPUTCSV_FLD_CHK('\r') || FPUTCSV_FLD_CHK('\t') || + FPUTCSV_FLD_CHK('\\') || FPUTCSV_FLD_CHK(' ') ) { char *ch = Z_STRVAL(field); char *end = ch + Z_STRLEN(field); - int escaped = 0; smart_str_appendc(&csvline, enclosure); while (ch < end) { - if (*ch == escape_char) { - escaped = 1; - } else if (!escaped && *ch == enclosure) { + if (*ch == enclosure) { smart_str_appendc(&csvline, enclosure); - } else { - escaped = 0; } smart_str_appendc(&csvline, *ch); ch++; diff --git a/ext/standard/tests/file/fputcsv.phpt b/ext/standard/tests/file/fputcsv.phpt index 63c41509bd..d71f777143 100644 --- a/ext/standard/tests/file/fputcsv.phpt +++ b/ext/standard/tests/file/fputcsv.phpt @@ -44,7 +44,7 @@ echo '$list = ';var_export($res);echo ";\n"; $fp = fopen($file, "r"); $res = array(); -while($l=fgetcsv($fp)) +while($l=fgetcsv($fp, 0, ',', '"', '"')) { $res[] = join(',',$l); } @@ -75,10 +75,10 @@ $list = array ( 13 => 'aaa,"""bbb """', 14 => '"aaa""aaa""","""bbb""bbb"', 15 => '"aaa""aaa""""""",bbb', - 16 => 'aaa,"""\\"bbb",ccc', - 17 => '"aaa""\\"a""","""bbb"""', - 18 => '"""\\"""","""aaa"""', - 19 => '"""\\"""""",aaa', + 16 => 'aaa,"""\\""bbb",ccc', + 17 => '"aaa""\\""a""","""bbb"""', + 18 => '"""\\""""","""aaa"""', + 19 => '"""\\""""""",aaa', ); $list = array ( 0 => 'aaa,bbb', diff --git a/ext/standard/tests/file/fputcsv_bug43225.phpt b/ext/standard/tests/file/fputcsv_bug43225.phpt new file mode 100644 index 0000000000..1de3b5fa02 --- /dev/null +++ b/ext/standard/tests/file/fputcsv_bug43225.phpt @@ -0,0 +1,20 @@ +--TEST-- +fputcsv(): bug #43225 (fputcsv incorrectly handles cells ending in \ followed by ") +--FILE-- +<?php + +$row = array( + 'a\\"', + 'bbb', +); + +$file = dirname(__FILE__) . 'fgetcsv_bug43225.csv'; +$fp = fopen($file, 'w'); +fputcsv($fp, $row); +fclose($fp); +readfile($file); +unlink($file); + +?> +--EXPECT-- +"a\""",bbb |