Skip to content

Commit

Permalink
[BUGFIX] Prevent infinite loop in BooleanParser (#821)
Browse files Browse the repository at this point in the history
This change prevents an infinite loop if single or double
quotes in boolean expressions are not properly closed.

Resolves: #667
  • Loading branch information
s2b authored Oct 30, 2023
1 parent aa17b62 commit 7d0b084
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/Core/Parser/BooleanParser.php
Original file line number Diff line number Diff line change
Expand Up @@ -288,6 +288,10 @@ protected function parseStringToken()
while (trim($t = $this->peek(true)) !== $stringIdentifier) {
$this->consume($t);
$string .= $t;

if ($t === '') {
throw new Exception(sprintf('Closing string token expected in boolean expression "%s".', $this->expression), 1697479462);
}
}
$this->consume($stringIdentifier);
$string .= $stringIdentifier;
Expand Down
28 changes: 28 additions & 0 deletions tests/Unit/Core/Parser/BooleanParserTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
namespace TYPO3Fluid\Fluid\Tests\Unit\Core\Parser;

use TYPO3Fluid\Fluid\Core\Parser\BooleanParser;
use TYPO3Fluid\Fluid\Core\Parser\Exception;
use TYPO3Fluid\Fluid\Core\Parser\SyntaxTree\BooleanNode;
use TYPO3Fluid\Fluid\Core\Rendering\RenderingContext;
use TYPO3Fluid\Fluid\Tests\UnitTestCase;
Expand Down Expand Up @@ -120,4 +121,31 @@ public function testSomeEvaluations(string $comparison, bool $expected, array $v
eval('function ' . $functionName . '($context) {return ' . $compiledEvaluation . ';}');
self::assertEquals($expected, BooleanNode::convertToBoolean($functionName($variables), $renderingContext), 'compiled Expression: ' . $compiledEvaluation);
}

public static function invalidEvaluationsDataProvider(): array
{
return [
['{pageClass} == "myClass', ['pageClass' => 'myClass']],
['{pageClass} == \'myClass', ['pageClass' => 'myClass']],
['\'string1\' == \'string2', []],
];
}

/**
* @test
* @dataProvider invalidEvaluationsDataProvider
*/
public function invalidEvaluations(string $comparison, array $variables = []): void
{
$this->expectException(Exception::class);
$this->expectExceptionCode(1697479462);

$renderingContext = new RenderingContext();
$parser = new BooleanParser();
BooleanNode::convertToBoolean($parser->evaluate($comparison, $variables), $renderingContext);
$compiledEvaluation = $parser->compile($comparison);
$functionName = 'expression_' . md5($comparison . rand(0, 100000));
eval('function ' . $functionName . '($context) {return ' . $compiledEvaluation . ';}');
BooleanNode::convertToBoolean($functionName($variables), $renderingContext);
}
}

0 comments on commit 7d0b084

Please sign in to comment.