From 44a6a184c84868daaaa5b3626940ae3442a835f5 Mon Sep 17 00:00:00 2001 From: artosepyan Date: Thu, 31 Jul 2025 12:52:18 +0300 Subject: [PATCH 1/7] Fix incorrect quote escaping in env writer. Closes #56480 Resolved an issue where the env writer incorrectly escaped single and double quotes, which caused the entire site to break with an HTTP 500 error. --- src/Illuminate/Support/Env.php | 44 +++++++++++++++++++++++++++++++--- 1 file changed, 41 insertions(+), 3 deletions(-) diff --git a/src/Illuminate/Support/Env.php b/src/Illuminate/Support/Env.php index 85dc13415a65..17c6ff938542 100644 --- a/src/Illuminate/Support/Env.php +++ b/src/Illuminate/Support/Env.php @@ -191,12 +191,11 @@ protected static function addVariableToEnvContents(string $key, mixed $value, ar $shouldQuote = preg_match('/^[a-zA-z0-9]+$/', $value) === 0; $lineToAddVariations = [ - $key.'='.(is_string($value) ? '"'.addslashes($value).'"' : $value), - $key.'='.(is_string($value) ? "'".addslashes($value)."'" : $value), + $key.'='.(is_string($value) ? self::prepareQuotedValue($value) : $value), $key.'='.$value, ]; - $lineToAdd = $shouldQuote ? $lineToAddVariations[0] : $lineToAddVariations[2]; + $lineToAdd = $shouldQuote ? $lineToAddVariations[0] : $lineToAddVariations[1]; if ($value === '') { $lineToAdd = $key.'='; @@ -245,6 +244,45 @@ protected static function addVariableToEnvContents(string $key, mixed $value, ar ); } + /** + * Wrap a string in quotes, choosing single or double quotes + * depending on the presence of double quotes inside the string. + * + * @param string $input The input string to be quoted. + * @return string The quoted string with appropriate escaping applied. + */ + protected static function prepareQuotedValue(string $input): string + { + $containsDoubleQuotes = strpos($input, '"') !== false; + + if ($containsDoubleQuotes) { + $quoted = "'" . self::addslashesExcept($input, ['"']) . "'"; + } else { + $quoted = '"' . self::addslashesExcept($input, ["'"]) . '"'; + } + + return $quoted; + } + + /** + * Escape a string using addslashes, excluding specified characters from being escaped. + * + * @param string $value The input string to be escaped. + * @param array $except Characters that should not be escaped. + * @return string The escaped string with exceptions applied. + */ + protected static function addslashesExcept(string $value, array $except = []): string + { + $escaped = addslashes($value); + + foreach ($except as $char) { + $escapedChar = '\\' . $char; + $escaped = str_replace($escapedChar, $char, $escaped); + } + + return $escaped; + } + /** * Get the possible option for this environment variable. * From 458a4a43122c678cebe54157e1afaf3015ddc574 Mon Sep 17 00:00:00 2001 From: artosepyan Date: Thu, 31 Jul 2025 12:59:18 +0300 Subject: [PATCH 2/7] style: fix coding style violations in Env.php --- src/Illuminate/Support/Env.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Illuminate/Support/Env.php b/src/Illuminate/Support/Env.php index 17c6ff938542..70b1a0d3aca9 100644 --- a/src/Illuminate/Support/Env.php +++ b/src/Illuminate/Support/Env.php @@ -249,16 +249,16 @@ protected static function addVariableToEnvContents(string $key, mixed $value, ar * depending on the presence of double quotes inside the string. * * @param string $input The input string to be quoted. - * @return string The quoted string with appropriate escaping applied. + * @return string The quoted string with appropriate escaping applied. */ protected static function prepareQuotedValue(string $input): string { $containsDoubleQuotes = strpos($input, '"') !== false; if ($containsDoubleQuotes) { - $quoted = "'" . self::addslashesExcept($input, ['"']) . "'"; + $quoted = "'".self::addslashesExcept($input, ['"'])."'"; } else { - $quoted = '"' . self::addslashesExcept($input, ["'"]) . '"'; + $quoted = '"'.self::addslashesExcept($input, ["'"]).'"'; } return $quoted; @@ -269,14 +269,14 @@ protected static function prepareQuotedValue(string $input): string * * @param string $value The input string to be escaped. * @param array $except Characters that should not be escaped. - * @return string The escaped string with exceptions applied. + * @return string The escaped string with exceptions applied. */ protected static function addslashesExcept(string $value, array $except = []): string { $escaped = addslashes($value); foreach ($except as $char) { - $escapedChar = '\\' . $char; + $escapedChar = '\\'.$char; $escaped = str_replace($escapedChar, $char, $escaped); } From eb8d6a1830c6098a2ebb03658a8de4c81119d734 Mon Sep 17 00:00:00 2001 From: artosepyan Date: Sun, 3 Aug 2025 11:28:31 +0300 Subject: [PATCH 3/7] Refactor: Minor stylistic cleanup in quote escaping logic --- src/Illuminate/Support/Env.php | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/Illuminate/Support/Env.php b/src/Illuminate/Support/Env.php index 70b1a0d3aca9..79b77952997a 100644 --- a/src/Illuminate/Support/Env.php +++ b/src/Illuminate/Support/Env.php @@ -256,12 +256,10 @@ protected static function prepareQuotedValue(string $input): string $containsDoubleQuotes = strpos($input, '"') !== false; if ($containsDoubleQuotes) { - $quoted = "'".self::addslashesExcept($input, ['"'])."'"; - } else { - $quoted = '"'.self::addslashesExcept($input, ["'"]).'"'; - } - - return $quoted; + return "'".self::addslashesExcept($input, ['"'])."'"; + } + + return '"'.self::addslashesExcept($input, ["'"]).'"'; } /** From 783294960624e91a3ee30e6d39b88468dc5547a0 Mon Sep 17 00:00:00 2001 From: artosepyan Date: Sun, 3 Aug 2025 11:31:24 +0300 Subject: [PATCH 4/7] Style: fix coding style violations in Env.php --- src/Illuminate/Support/Env.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Illuminate/Support/Env.php b/src/Illuminate/Support/Env.php index 79b77952997a..1e667c5f007d 100644 --- a/src/Illuminate/Support/Env.php +++ b/src/Illuminate/Support/Env.php @@ -256,9 +256,9 @@ protected static function prepareQuotedValue(string $input): string $containsDoubleQuotes = strpos($input, '"') !== false; if ($containsDoubleQuotes) { - return "'".self::addslashesExcept($input, ['"'])."'"; + return "'".self::addslashesExcept($input, ['"'])."'"; } - + return '"'.self::addslashesExcept($input, ["'"]).'"'; } From 70e3b2836e7c0eb782c1333ff384318b62041d07 Mon Sep 17 00:00:00 2001 From: artosepyan Date: Sun, 3 Aug 2025 11:31:58 +0300 Subject: [PATCH 5/7] Style: fix coding style violations in Env.php --- src/Illuminate/Support/Env.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Illuminate/Support/Env.php b/src/Illuminate/Support/Env.php index 1e667c5f007d..d4bc389b7db9 100644 --- a/src/Illuminate/Support/Env.php +++ b/src/Illuminate/Support/Env.php @@ -257,7 +257,7 @@ protected static function prepareQuotedValue(string $input): string if ($containsDoubleQuotes) { return "'".self::addslashesExcept($input, ['"'])."'"; - } + } return '"'.self::addslashesExcept($input, ["'"]).'"'; } From f65e1f97ec53fad2974c09548df81a85e516a4c0 Mon Sep 17 00:00:00 2001 From: artosepyan Date: Sun, 3 Aug 2025 11:51:36 +0300 Subject: [PATCH 6/7] Style: fix coding style violations in Env.php --- src/Illuminate/Support/Env.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Illuminate/Support/Env.php b/src/Illuminate/Support/Env.php index d4bc389b7db9..2ce96c62e3bc 100644 --- a/src/Illuminate/Support/Env.php +++ b/src/Illuminate/Support/Env.php @@ -245,7 +245,7 @@ protected static function addVariableToEnvContents(string $key, mixed $value, ar } /** - * Wrap a string in quotes, choosing single or double quotes + * Wrap a string in quotes, choosing double or single quotes * depending on the presence of double quotes inside the string. * * @param string $input The input string to be quoted. From c3e4766324550e50b60ebcaf90aa41b1d79bd838 Mon Sep 17 00:00:00 2001 From: Taylor Otwell Date: Sun, 3 Aug 2025 10:22:11 -0500 Subject: [PATCH 7/7] formatting --- src/Illuminate/Support/Env.php | 68 ++++++++++++++++------------------ 1 file changed, 31 insertions(+), 37 deletions(-) diff --git a/src/Illuminate/Support/Env.php b/src/Illuminate/Support/Env.php index 2ce96c62e3bc..01747846ffa5 100644 --- a/src/Illuminate/Support/Env.php +++ b/src/Illuminate/Support/Env.php @@ -244,43 +244,6 @@ protected static function addVariableToEnvContents(string $key, mixed $value, ar ); } - /** - * Wrap a string in quotes, choosing double or single quotes - * depending on the presence of double quotes inside the string. - * - * @param string $input The input string to be quoted. - * @return string The quoted string with appropriate escaping applied. - */ - protected static function prepareQuotedValue(string $input): string - { - $containsDoubleQuotes = strpos($input, '"') !== false; - - if ($containsDoubleQuotes) { - return "'".self::addslashesExcept($input, ['"'])."'"; - } - - return '"'.self::addslashesExcept($input, ["'"]).'"'; - } - - /** - * Escape a string using addslashes, excluding specified characters from being escaped. - * - * @param string $value The input string to be escaped. - * @param array $except Characters that should not be escaped. - * @return string The escaped string with exceptions applied. - */ - protected static function addslashesExcept(string $value, array $except = []): string - { - $escaped = addslashes($value); - - foreach ($except as $char) { - $escapedChar = '\\'.$char; - $escaped = str_replace($escapedChar, $char, $escaped); - } - - return $escaped; - } - /** * Get the possible option for this environment variable. * @@ -313,4 +276,35 @@ protected static function getOption($key) return $value; }); } + + /** + * Wrap a string in quotes, choosing double or single quotes. + * + * @param string $input + * @return string + */ + protected static function prepareQuotedValue(string $input) + { + return strpos($input, '"') !== false + ? "'".self::addSlashesExceptFor($input, ['"'])."'" + : '"'.self::addSlashesExceptFor($input, ["'"]).'"'; + } + + /** + * Escape a string using addslashes, excluding the specified characters from being escaped. + * + * @param string $value + * @param array $except + * @return string + */ + protected static function addSlashesExceptFor(string $value, array $except = []) + { + $escaped = addslashes($value); + + foreach ($except as $character) { + $escaped = str_replace('\\'.$character, $character, $escaped); + } + + return $escaped; + } }