Uploaded image for project: 'Doctrine 1'
  1. Doctrine 1
  2. DC-444

Reimporting exported data-fixtures fails if they contain <? or <?php

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Won't Fix
    • Affects Version/s: 1.0.14, 1.1.4, 1.2.1
    • Fix Version/s: None
    • Component/s: Data Fixtures, File Parser
    • Labels:
      None

      Description

      In Doctrine_Parser::doLoad() the fixtures are included which will try to execute the file with the php-interpreter resulting in all unescapted code which starts with <? (if shorttags are on) or <?php being executed (as long as it is in one line and ends with ?>).
      As long as the php-code is multi-lined the break after <? or <?php gets converted to \r\n which will create a parse-error and make it impossible to import the fixture:

      build-all-reload - Are you sure you wish to drop your databases? (y/n)
      y
      build-all-reload - Successfully dropped database for connection named 'development'
      build-all-reload - Generated models successfully from YAML schema
      build-all-reload - Successfully created database for connection named 'development'
      build-all-reload - Created tables successfully
      
      
      Warning: Unexpected character in input:  '\' (ASCII=92) state=1 in /..../doctrine/data/fixtures/data.yml on line 9724
      
      Call Stack:
          0.0003      72344   1. {main}() /.../scripts/doctrine-cli:0
          0.7356   14656192   2. Doctrine_Cli->run() /.../scripts/doctrine-cli:25
          0.7356   14656256   3. Doctrine_Cli->_run() /.../library/doctrine/1.2.1/lib/Doctrine/Cli.php:452
          0.7367   14666244   4. Doctrine_Cli->executeTask() /.../library/doctrine/1.2.1/lib/Doctrine/Cli.php:498
          0.7367   14666388   5. Doctrine_Task_BuildAllReload->execute() /.../library/doctrine/1.2.1/lib/Doctrine/Cli.php:516
          4.2097   22318416   6. Doctrine_Task_LoadData->execute() /.../library/doctrine/1.2.1/lib/Doctrine/Task/BuildAllReload.php:56
          4.2176   22318488   7. Doctrine_Core::loadData() /.../library/doctrine/1.2.1/lib/Doctrine/Task/LoadData.php:43
          4.2185   22357660   8. Doctrine_Data->importData() /.../library/doctrine/1.2.1/lib/Doctrine/Core.php:996
          4.2202   22472372   9. Doctrine_Data_Import->doImport() /.../library/doctrine/1.2.1/lib/Doctrine/Data.php:222
          4.2202   22472440  10. Doctrine_Data_Import->doParsing() /.../library/doctrine/1.2.1/lib/Doctrine/Data/Import.php:112
          4.2204   22488760  11. Doctrine_Parser::load() /.../library/doctrine/1.2.1/lib/Doctrine/Data/Import.php:95
          4.2204   22489152  12. Doctrine_Parser_Yml->loadData() /.../library/doctrine/1.2.1/lib/Doctrine/Parser.php:89
          4.2204   22489216  13. Doctrine_Parser->doLoad() /.../library/doctrine/1.2.1/lib/Doctrine/Parser/Yml.php:78
      
      Parse error: syntax error, unexpected T_STRING in /.../data/fixtures/data.yml on line 9724
      
      Call Stack:
          0.0003      72344   1. {main}() /.../scripts/doctrine-cli:0
          0.7356   14656192   2. Doctrine_Cli->run() /.../scripts/doctrine-cli:25
          0.7356   14656256   3. Doctrine_Cli->_run() /.../library/doctrine/1.2.1/lib/Doctrine/Cli.php:452
          0.7367   14666244   4. Doctrine_Cli->executeTask() /.../library/doctrine/1.2.1/lib/Doctrine/Cli.php:498
          0.7367   14666388   5. Doctrine_Task_BuildAllReload->execute() /.../library/doctrine/1.2.1/lib/Doctrine/Cli.php:516
          4.2097   22318416   6. Doctrine_Task_LoadData->execute() /.../library/doctrine/1.2.1/lib/Doctrine/Task/BuildAllReload.php:56
          4.2176   22318488   7. Doctrine_Core::loadData() /.../library/doctrine/1.2.1/lib/Doctrine/Task/LoadData.php:43
          4.2185   22357660   8. Doctrine_Data->importData() /.../library/doctrine/1.2.1/lib/Doctrine/Core.php:996
          4.2202   22472372   9. Doctrine_Data_Import->doImport() /.../library/doctrine/1.2.1/lib/Doctrine/Data.php:222
          4.2202   22472440  10. Doctrine_Data_Import->doParsing() /.../library/doctrine/1.2.1/lib/Doctrine/Data/Import.php:112
          4.2204   22488760  11. Doctrine_Parser::load() /.../library/doctrine/1.2.1/lib/Doctrine/Data/Import.php:95
          4.2204   22489152  12. Doctrine_Parser_Yml->loadData() /.../library/doctrine/1.2.1/lib/Doctrine/Parser.php:89
          4.2204   22489216  13. Doctrine_Parser->doLoad() /.../library/doctrine/1.2.1/lib/Doctrine/Parser/Yml.php:78
      

      That can happen with unescapted <?xml too if short-tags are active and result in parse-error.

      A way to load fixtures without running it through the php-interpreter would be nice or the <? needs to be escaped on export and unescaped on import.

      Checked with version 1.2.1, 1.1.4 and 1.0.14, all versions share this code.

      This "bug" can probably get a bit ugly in the raw case that a persons is using that dump-feature with something like

      <?php system('rm -rf /'); ?>

      anywhere in the database.
      As long as the code is in one line there aren't any \r\n added and it will get executed without.

        Activity

        Hide
        jwage Jonathan H. Wage added a comment -

        I think this is somewhat expected. As I have stressed in the past. Dumping data fixtures from the database can never work 100%. The idea is that you dump to get started, then modify the dumped fixtures so that they will re-import properly. If you have a suggested fix/patch please feel free to share and re-open.

        Show
        jwage Jonathan H. Wage added a comment - I think this is somewhat expected. As I have stressed in the past. Dumping data fixtures from the database can never work 100%. The idea is that you dump to get started, then modify the dumped fixtures so that they will re-import properly. If you have a suggested fix/patch please feel free to share and re-open.
        Hide
        jmosshammer Jannis Mosshammer added a comment -

        I modified the doLoad() function to not use include but file_get_contents and the import of some critical fields (which contained xml data as well as raw php data) worked fine.

        But honestly, I've got the feeling that I haven't really understood why the yaml load is done via including the file and saving the output buffer - so maybe I'm missing the big picture.
        My altered version of the doLoad function looks like this:

        Unable to find source-code formatter for language: php. Available languages are: actionscript, html, java, javascript, none, sql, xhtml, xml
        abstract class Doctrine_Parser
        {
            ...
            /**
             * doLoad
             *
             * Get contents whether it is the path to a file file or a string of txt.
             * Either should allow php code in it.
             *
             * @param string $path 
             * @return void
             */
            public function doLoad($path)
            {
                //ob_start();
                if ( ! file_exists($path)) {
                    $contents = $path;
                    $path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . 'dparser_' . microtime();
        
                    file_put_contents($path, $contents);
                }
        
        	    $contents = file_get_contents($path);
                /*include($path);
                // Fix #1569. Need to check if it's still all valid
                $contents = ob_get_clean(); //iconv("UTF-8", "UTF-8", ob_get_clean());
        		*/
                return $contents;
            }
            ...
        }
        
        
        Show
        jmosshammer Jannis Mosshammer added a comment - I modified the doLoad() function to not use include but file_get_contents and the import of some critical fields (which contained xml data as well as raw php data) worked fine. But honestly, I've got the feeling that I haven't really understood why the yaml load is done via including the file and saving the output buffer - so maybe I'm missing the big picture. My altered version of the doLoad function looks like this: Unable to find source-code formatter for language: php. Available languages are: actionscript, html, java, javascript, none, sql, xhtml, xml abstract class Doctrine_Parser { ... /** * doLoad * * Get contents whether it is the path to a file file or a string of txt. * Either should allow php code in it. * * @param string $path * @ return void */ public function doLoad($path) { //ob_start(); if ( ! file_exists($path)) { $contents = $path; $path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . 'dparser_' . microtime(); file_put_contents($path, $contents); } $contents = file_get_contents($path); /*include($path); // Fix #1569. Need to check if it's still all valid $contents = ob_get_clean(); //iconv( "UTF-8" , "UTF-8" , ob_get_clean()); */ return $contents; } ... }

          People

          • Assignee:
            jwage Jonathan H. Wage
            Reporter:
            robo47@robo47.net Benjamin Steininger
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: