Doctrine 1
  1. Doctrine 1
  2. DC-444

Reimporting exported data-fixtures fails if they contain <? or <?php

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Critical Critical
    • Resolution: Won't Fix
    • Affects Version/s: 1.0.14, 1.1.4, 1.2.1
    • Fix Version/s: None
    • Component/s: Data Fixtures, File Parser
    • Labels:
      None

      Description

      In Doctrine_Parser::doLoad() the fixtures are included which will try to execute the file with the php-interpreter resulting in all unescapted code which starts with <? (if shorttags are on) or <?php being executed (as long as it is in one line and ends with ?>).
      As long as the php-code is multi-lined the break after <? or <?php gets converted to \r\n which will create a parse-error and make it impossible to import the fixture:

      build-all-reload - Are you sure you wish to drop your databases? (y/n)
      y
      build-all-reload - Successfully dropped database for connection named 'development'
      build-all-reload - Generated models successfully from YAML schema
      build-all-reload - Successfully created database for connection named 'development'
      build-all-reload - Created tables successfully
      
      
      Warning: Unexpected character in input:  '\' (ASCII=92) state=1 in /..../doctrine/data/fixtures/data.yml on line 9724
      
      Call Stack:
          0.0003      72344   1. {main}() /.../scripts/doctrine-cli:0
          0.7356   14656192   2. Doctrine_Cli->run() /.../scripts/doctrine-cli:25
          0.7356   14656256   3. Doctrine_Cli->_run() /.../library/doctrine/1.2.1/lib/Doctrine/Cli.php:452
          0.7367   14666244   4. Doctrine_Cli->executeTask() /.../library/doctrine/1.2.1/lib/Doctrine/Cli.php:498
          0.7367   14666388   5. Doctrine_Task_BuildAllReload->execute() /.../library/doctrine/1.2.1/lib/Doctrine/Cli.php:516
          4.2097   22318416   6. Doctrine_Task_LoadData->execute() /.../library/doctrine/1.2.1/lib/Doctrine/Task/BuildAllReload.php:56
          4.2176   22318488   7. Doctrine_Core::loadData() /.../library/doctrine/1.2.1/lib/Doctrine/Task/LoadData.php:43
          4.2185   22357660   8. Doctrine_Data->importData() /.../library/doctrine/1.2.1/lib/Doctrine/Core.php:996
          4.2202   22472372   9. Doctrine_Data_Import->doImport() /.../library/doctrine/1.2.1/lib/Doctrine/Data.php:222
          4.2202   22472440  10. Doctrine_Data_Import->doParsing() /.../library/doctrine/1.2.1/lib/Doctrine/Data/Import.php:112
          4.2204   22488760  11. Doctrine_Parser::load() /.../library/doctrine/1.2.1/lib/Doctrine/Data/Import.php:95
          4.2204   22489152  12. Doctrine_Parser_Yml->loadData() /.../library/doctrine/1.2.1/lib/Doctrine/Parser.php:89
          4.2204   22489216  13. Doctrine_Parser->doLoad() /.../library/doctrine/1.2.1/lib/Doctrine/Parser/Yml.php:78
      
      Parse error: syntax error, unexpected T_STRING in /.../data/fixtures/data.yml on line 9724
      
      Call Stack:
          0.0003      72344   1. {main}() /.../scripts/doctrine-cli:0
          0.7356   14656192   2. Doctrine_Cli->run() /.../scripts/doctrine-cli:25
          0.7356   14656256   3. Doctrine_Cli->_run() /.../library/doctrine/1.2.1/lib/Doctrine/Cli.php:452
          0.7367   14666244   4. Doctrine_Cli->executeTask() /.../library/doctrine/1.2.1/lib/Doctrine/Cli.php:498
          0.7367   14666388   5. Doctrine_Task_BuildAllReload->execute() /.../library/doctrine/1.2.1/lib/Doctrine/Cli.php:516
          4.2097   22318416   6. Doctrine_Task_LoadData->execute() /.../library/doctrine/1.2.1/lib/Doctrine/Task/BuildAllReload.php:56
          4.2176   22318488   7. Doctrine_Core::loadData() /.../library/doctrine/1.2.1/lib/Doctrine/Task/LoadData.php:43
          4.2185   22357660   8. Doctrine_Data->importData() /.../library/doctrine/1.2.1/lib/Doctrine/Core.php:996
          4.2202   22472372   9. Doctrine_Data_Import->doImport() /.../library/doctrine/1.2.1/lib/Doctrine/Data.php:222
          4.2202   22472440  10. Doctrine_Data_Import->doParsing() /.../library/doctrine/1.2.1/lib/Doctrine/Data/Import.php:112
          4.2204   22488760  11. Doctrine_Parser::load() /.../library/doctrine/1.2.1/lib/Doctrine/Data/Import.php:95
          4.2204   22489152  12. Doctrine_Parser_Yml->loadData() /.../library/doctrine/1.2.1/lib/Doctrine/Parser.php:89
          4.2204   22489216  13. Doctrine_Parser->doLoad() /.../library/doctrine/1.2.1/lib/Doctrine/Parser/Yml.php:78
      

      That can happen with unescapted <?xml too if short-tags are active and result in parse-error.

      A way to load fixtures without running it through the php-interpreter would be nice or the <? needs to be escaped on export and unescaped on import.

      Checked with version 1.2.1, 1.1.4 and 1.0.14, all versions share this code.

      This "bug" can probably get a bit ugly in the raw case that a persons is using that dump-feature with something like

      <?php system('rm -rf /'); ?>

      anywhere in the database.
      As long as the code is in one line there aren't any \r\n added and it will get executed without.

        Activity

        Hide
        Jonathan H. Wage added a comment -

        I think this is somewhat expected. As I have stressed in the past. Dumping data fixtures from the database can never work 100%. The idea is that you dump to get started, then modify the dumped fixtures so that they will re-import properly. If you have a suggested fix/patch please feel free to share and re-open.

        Show
        Jonathan H. Wage added a comment - I think this is somewhat expected. As I have stressed in the past. Dumping data fixtures from the database can never work 100%. The idea is that you dump to get started, then modify the dumped fixtures so that they will re-import properly. If you have a suggested fix/patch please feel free to share and re-open.
        Hide
        Jannis Mosshammer added a comment -

        I modified the doLoad() function to not use include but file_get_contents and the import of some critical fields (which contained xml data as well as raw php data) worked fine.

        But honestly, I've got the feeling that I haven't really understood why the yaml load is done via including the file and saving the output buffer - so maybe I'm missing the big picture.
        My altered version of the doLoad function looks like this:

        Unable to find source-code formatter for language: php. Available languages are: actionscript, html, java, javascript, none, sql, xhtml, xml
        abstract class Doctrine_Parser
        {
            ...
            /**
             * doLoad
             *
             * Get contents whether it is the path to a file file or a string of txt.
             * Either should allow php code in it.
             *
             * @param string $path 
             * @return void
             */
            public function doLoad($path)
            {
                //ob_start();
                if ( ! file_exists($path)) {
                    $contents = $path;
                    $path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . 'dparser_' . microtime();
        
                    file_put_contents($path, $contents);
                }
        
        	    $contents = file_get_contents($path);
                /*include($path);
                // Fix #1569. Need to check if it's still all valid
                $contents = ob_get_clean(); //iconv("UTF-8", "UTF-8", ob_get_clean());
        		*/
                return $contents;
            }
            ...
        }
        
        
        Show
        Jannis Mosshammer added a comment - I modified the doLoad() function to not use include but file_get_contents and the import of some critical fields (which contained xml data as well as raw php data) worked fine. But honestly, I've got the feeling that I haven't really understood why the yaml load is done via including the file and saving the output buffer - so maybe I'm missing the big picture. My altered version of the doLoad function looks like this: Unable to find source-code formatter for language: php. Available languages are: actionscript, html, java, javascript, none, sql, xhtml, xml abstract class Doctrine_Parser { ... /** * doLoad * * Get contents whether it is the path to a file file or a string of txt. * Either should allow php code in it. * * @param string $path * @ return void */ public function doLoad($path) { //ob_start(); if ( ! file_exists($path)) { $contents = $path; $path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . 'dparser_' . microtime(); file_put_contents($path, $contents); } $contents = file_get_contents($path); /*include($path); // Fix #1569. Need to check if it's still all valid $contents = ob_get_clean(); //iconv( "UTF-8" , "UTF-8" , ob_get_clean()); */ return $contents; } ... }

          People

          • Assignee:
            Jonathan H. Wage
            Reporter:
            Benjamin Steininger
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: