Bug-fix (CIDRAM/CIDRAM#547).

Changelog excerpt: - Not escaping keys when reconstructing YAML data could prevent successful reprocessing of those keys if said keys contained any hashes or backslashes. The solution is to enforce escaping of keys when such bytes are detected, regardless of how the property for quoting keys is defined. Accordingly, that's been done, and a new method added for that purpose.
Maikuolan · Dec 8, 2023 · 6846744 · 6846744
1 parent 8edbd72
commit 6846744
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 9 deletions.
diff --git a/Changelog.txt b/Changelog.txt
@@ -12,7 +12,14 @@ found at:
 === Changes made since last versioned release ===
 
 - [2023.12.01; Maikuolan]: Improved escaping. Added support for specifying a
-  Redis database number to the cache handler.
+  Redis database number to the cache handler (CIDRAM/CIDRAM#540).
+
+- [2023.12.08; Bug-fix; Maikuolan]: Not escaping keys when reconstructing YAML
+  data could prevent successful reprocessing of those keys if said keys
+  contained any hashes or backslashes. The solution is to enforce escaping of
+  keys when such bytes are detected, regardless of how the property for quoting
+  keys is defined. Accordingly, that's been done, and a new method added for
+  that purpose (CIDRAM/CIDRAM#547).
 
 === Version/Release 2.11.0 ===
 MINOR RELEASE.

diff --git a/src/YAML.php b/src/YAML.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * YAML handler (last modified: 2023.12.01).
+ * YAML handler (last modified: 2023.12.08).
  *
  * This file is a part of the "common classes package", utilised by a number of
  * packages and projects, including CIDRAM and phpMussel.
@@ -710,7 +710,7 @@ private function processInner(array $Arr, string &$Out, int $Depth = 0): void
                     $Out .= ',';
                 }
                 if (!$Sequential) {
-                    $Out .= ($this->QuoteKeys ? $this->scalarToString($Key) : $Key) . ':';
+                    $Out .= ($this->QuoteKeys ? $this->scalarToString($Key) : $this->escapeKey($Key)) . ':';
                 }
                 if (is_array($Value)) {
                     $this->processInner($Value, $Out, $Depth + 1);
@@ -750,9 +750,9 @@ private function processInner(array $Arr, string &$Out, int $Depth = 0): void
             $ThisDepth = str_repeat($this->Indent, $Depth);
             if ($NullSet && !$Sequential) {
                 $Out .= $ThisDepth . '?';
-                $Value = $Key;
+                $Value = $this->escapeKey($Key);
             } else {
-                $Out .= $ThisDepth . ($Sequential ? '-' : ($this->QuoteKeys ? $this->scalarToString($Key) : $Key) . ':');
+                $Out .= $ThisDepth . ($Sequential ? '-' : ($this->QuoteKeys ? $this->scalarToString($Key) : $this->escapeKey($Key)) . ':');
             }
             if (is_array($Value)) {
                 if ($Depth < $this->FlowRebuildDepth - 1) {
@@ -810,10 +810,10 @@ private function processInner(array $Arr, string &$Out, int $Depth = 0): void
     private function escape(string $Value = '', bool $Newlines = true): string
     {
         if ($this->Quotes === "'") {
-            return str_replace("'", "''", $Value);
+            return str_replace(['\\', '#', "'"], ['\\\\', '\#', "''"], $Value);
         }
         if ($this->Quotes !== '"') {
-            return $Value;
+            return str_replace(['\\', '#'], ['\\\\', '\#'], $Value);
         }
         $Value = str_replace('\\', '\\\\', $Value);
         if ($Newlines) {
@@ -846,6 +846,20 @@ private function escape(string $Value = '', bool $Newlines = true): string
         return $Value;
     }
 
+    /**
+     * Escape keys if necessary (or else there could be problems with hashes).
+     *
+     * @param string $Key The key to escape.
+     * @return string The escaped key.
+     */
+    private function escapeKey(string $Key = ''): string
+    {
+        if (strpos($Key, '#') === false && strpos($Key, '\\') === false) {
+            return $Key;
+        }
+        return '"' . str_replace(['\\', '#'], ['\\\\', '\#'], $Key) . '"';
+    }
+
     /**
      * Unescape according to the YAML specification.
      *
@@ -899,9 +913,9 @@ private function unescape(string $Value = '', string $Style = '"'): string
             return $Value;
         }
         if ($Style === "'" || $Style === "\xe2\x80\x98" || $Style === "\x93") {
-            return str_replace("''", "'", $Value);
+            return str_replace(["''", '\#', '\\\\'], ["'", '#', '\\'], $Value);
         }
-        return $Value;
+        return str_replace(['\#', '\\\\'], ['#', '\\'], $Value);
     }
 
     /**