From 9b5cb0e8059b1e8bec096067491ed8d75f878938 Mon Sep 17 00:00:00 2001 From: Adam Harvey Date: Tue, 15 Jan 2013 15:17:45 +0800 Subject: [PATCH] Update fputcsv() to escape all characters equally. At present, backslashes have special case handling within fputcsv(): when one is encountered within a field that's being escaped, escaping stops until the next instance of the enclosure character is hit. This can result in malformed CSV. Fixes bug #43225 (fputcsv incorrectly handles cells ending in \ followed by "). --- NEWS | 2 ++ ext/standard/file.c | 10 ++-------- ext/standard/tests/file/fputcsv.phpt | 10 +++++----- ext/standard/tests/file/fputcsv_bug43225.phpt | 20 +++++++++++++++++++ 4 files changed, 29 insertions(+), 13 deletions(-) create mode 100644 ext/standard/tests/file/fputcsv_bug43225.phpt diff --git a/NEWS b/NEWS index e78af2339d8..a7c2fa47e9c 100644 --- a/NEWS +++ b/NEWS @@ -12,6 +12,8 @@ PHP NEWS - Core . Fixed bug #63943 (Bad warning text from strpos() on empty needle). (Laruence) + . Fixed bug #43225 (fputcsv incorrectly handles cells ending in \ followed + by "). (Adam) - cURL extension: . Fixed bug (segfault due to libcurl connection caching). (Pierrick) diff --git a/ext/standard/file.c b/ext/standard/file.c index 8b18155cf89..fa85bf1b3a9 100644 --- a/ext/standard/file.c +++ b/ext/standard/file.c @@ -1953,7 +1953,6 @@ PHP_FUNCTION(fputcsv) { char delimiter = ','; /* allow this to be set as parameter */ char enclosure = '"'; /* allow this to be set as parameter */ - const char escape_char = '\\'; php_stream *stream; int ret; zval *fp = NULL, *fields = NULL, **field_tmp = NULL, field; @@ -2008,24 +2007,19 @@ PHP_FUNCTION(fputcsv) /* enclose a field that contains a delimiter, an enclosure character, or a newline */ if (FPUTCSV_FLD_CHK(delimiter) || FPUTCSV_FLD_CHK(enclosure) || - FPUTCSV_FLD_CHK(escape_char) || FPUTCSV_FLD_CHK('\n') || FPUTCSV_FLD_CHK('\r') || FPUTCSV_FLD_CHK('\t') || + FPUTCSV_FLD_CHK('\\') || FPUTCSV_FLD_CHK(' ') ) { char *ch = Z_STRVAL(field); char *end = ch + Z_STRLEN(field); - int escaped = 0; smart_str_appendc(&csvline, enclosure); while (ch < end) { - if (*ch == escape_char) { - escaped = 1; - } else if (!escaped && *ch == enclosure) { + if (*ch == enclosure) { smart_str_appendc(&csvline, enclosure); - } else { - escaped = 0; } smart_str_appendc(&csvline, *ch); ch++; diff --git a/ext/standard/tests/file/fputcsv.phpt b/ext/standard/tests/file/fputcsv.phpt index 63c41509bdd..d71f777143c 100644 --- a/ext/standard/tests/file/fputcsv.phpt +++ b/ext/standard/tests/file/fputcsv.phpt @@ -44,7 +44,7 @@ echo '$list = ';var_export($res);echo ";\n"; $fp = fopen($file, "r"); $res = array(); -while($l=fgetcsv($fp)) +while($l=fgetcsv($fp, 0, ',', '"', '"')) { $res[] = join(',',$l); } @@ -75,10 +75,10 @@ $list = array ( 13 => 'aaa,"""bbb """', 14 => '"aaa""aaa""","""bbb""bbb"', 15 => '"aaa""aaa""""""",bbb', - 16 => 'aaa,"""\\"bbb",ccc', - 17 => '"aaa""\\"a""","""bbb"""', - 18 => '"""\\"""","""aaa"""', - 19 => '"""\\"""""",aaa', + 16 => 'aaa,"""\\""bbb",ccc', + 17 => '"aaa""\\""a""","""bbb"""', + 18 => '"""\\""""","""aaa"""', + 19 => '"""\\""""""",aaa', ); $list = array ( 0 => 'aaa,bbb', diff --git a/ext/standard/tests/file/fputcsv_bug43225.phpt b/ext/standard/tests/file/fputcsv_bug43225.phpt new file mode 100644 index 00000000000..1de3b5fa023 --- /dev/null +++ b/ext/standard/tests/file/fputcsv_bug43225.phpt @@ -0,0 +1,20 @@ +--TEST-- +fputcsv(): bug #43225 (fputcsv incorrectly handles cells ending in \ followed by ") +--FILE-- + +--EXPECT-- +"a\""",bbb