[jira] [Commented] (SHIRO-530) INI parser does not properly handled backslashes at end of values

Tue, 31 Mar 2020 22:36:38 -0700 


    [ 
https://issues.apache.org/jira/browse/SHIRO-530?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17072397#comment-17072397
 ] 

Benjamin Marwell commented on SHIRO-530:
----------------------------------------

[~atomicknight] My proposal:

[https://github.com/apache/shiro/pull/210/commits/b50b829a285b106666b688a4b69a3ebee94f51b4#diff-5e6493c009c2e4bee12d3f4c23c070daR590]

If you have some time, I'd be happy to have it reviewed.

> INI parser does not properly handled backslashes at end of values
> -----------------------------------------------------------------
>
>                 Key: SHIRO-530
>                 URL: https://issues.apache.org/jira/browse/SHIRO-530
>             Project: Shiro
>          Issue Type: Bug
>          Components: Configuration
>    Affects Versions: 1.2.3
>            Reporter: atomicknight
>            Priority: Major
>          Time Spent: 2h 20m
>  Remaining Estimate: 0h
>
> The backslash character is overloaded for use as a continuation delimiter as 
> well as an escape character. However, the parsing logic does not presently 
> handle this character consistently, which prevents the use of odd numbers of 
> backslashes at the end of values. Here is a matrix of examples:
> ||Original value||Parsed value||Notes||
> |{noformat}
> key=value\
> {noformat}|{noformat}
> key=value
> {noformat}|Backslash treated as continuation delimiter|
> |{noformat}
> key=value\\
> {noformat}|{noformat}
> key=value\\
> {noformat}|Backslashes treated as literal characters|
> |{noformat}
> key=value\\\
> {noformat}|{noformat}
> key=value\\
> {noformat}|Final backslash treated as continuation delimiter, other 
> backslashes treated as literal characters|
> |{noformat}
> key=value\\\\
> {noformat}|{noformat}
> key=value\\\\
> {noformat}|Backslashes treated as literal characters|
> There is a comment in Ini.Section#isContinued(String) that states:
> {quote}
> //find the number of backslashes at the end of the line.  If an even number, 
> the
> //backslashes are considered escaped.  If an odd number, the line is 
> considered continued on the next line
> {quote}
> However, there is no unescaping logic in either 
> Ini.Section#toMapProps(String) (which calls #isContinued) or 
> IniSection#splitKeyValue(String).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to