Skip to content

[WebProfilerBundle] Fix regexp #12124

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[WebProfilerBundle] Fix regexp #12124

wants to merge 1 commit into from

Conversation

mykiwi
Copy link
Contributor

@mykiwi mykiwi commented Oct 4, 2014

Q A
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #12122
License MIT
Doc PR

I fixed the regexp for don't see /app_dev.php/_wdt.

@mykiwi mykiwi changed the title Fix issue 12122 [WebProfilerBundle] Fixing regexp Oct 4, 2014
@mykiwi mykiwi changed the title [WebProfilerBundle] Fixing regexp [WebProfilerBundle] Fix regexp Oct 4, 2014
stof
stof reviewed Oct 4, 2014
View reviewed changes
src/Symfony/Bundle/WebProfilerBundle/DependencyInjection/Configuration.php
@@ -45,7 +45,7 @@ public function getConfigTreeBuilder()
->end()
->end()
->booleanNode('intercept_redirects')->defaultFalse()->end()
->scalarNode('excluded_ajax_paths')->defaultValue('^/bundles|^/_wdt')->end()
->scalarNode('excluded_ajax_paths')->defaultValue('^/(app(_[\\\w]+)?\\\.php/)?(bundles|_wdt)')->end()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why 3 backslashes ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because PHP will escape one , and javascript the second \ for have \w.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it seems wrong to have JS escaping here. The JS escaping should be done by the template when rendering the JS. The PHP string should not need to be aware of the fact that it will be used as JS. Escaping is always a responsibility of the rendering layer.

@mykiwi
Copy link
Contributor Author

mykiwi commented Oct 4, 2014

Is it better like this ?

@stof
Copy link
Member

stof commented Oct 4, 2014

rather than addslaches before passing the regex to the template (which technically still suffers from the escaping too early, even if it is already a bit better by being in our code rather than the user-facing config), I would change the template in the following way:

- !url.match(new RegExp("{{ excluded_ajax_paths }}"))
+ !url.match(new RegExp({{ excluded_ajax_paths|json_encode }}))

This will take care of encoding the string properly for JS

@mykiwi
Copy link
Contributor Author

mykiwi commented Oct 4, 2014

It didn't worked for me.

console.log(new RegExp("{{ excluded_ajax_paths|json_encode }}"));
// RegExp /"^\/(app(_[\w]+)?\.php\/)?(bundles|_wdt)"/

If I write new RegExp({{ excluded_ajax_paths|json_encode }}) I got a syntax error.

@stof
Copy link
Member

stof commented Oct 4, 2014

hmm, the syntax error is probably related to an extra HTML escaping being applied on quotes, while we are not in an HTML context here

@mykiwi mykiwi mentioned this pull request Oct 19, 2014
Closed
@mykiwi
fixed excluded_ajax_paths regexp
44343b8 
fixed tests

fixed regexp for php and js
@mykiwi
Copy link
Contributor Author

mykiwi commented Nov 3, 2014

Do you think that the escaping you should be done in JavaScript instead ?

@mykiwi mykiwi closed this Apr 2, 2015
@sstok
Copy link
Contributor

sstok commented Apr 3, 2015

Would this work?

- !url.match(new RegExp("{{ excluded_ajax_paths }}"))
+ !url.match(new RegExp({{ (excluded_ajax_paths|json_encode)|raw }}))

The value is encoded with json_encode so its save, then marking its output as raw.

@mykiwi mykiwi reopened this Apr 5, 2015
@mykiwi
Copy link
Contributor Author

mykiwi commented Apr 5, 2015

It works 👍
I will update my PR

@mykiwi
Copy link
Contributor Author

mykiwi commented Apr 5, 2015

I will recreate this PR based on 2.6

@mykiwi mykiwi closed this Apr 5, 2015
@mykiwi mykiwi mentioned this pull request Apr 5, 2015
Closed
fabpot added a commit that referenced this pull request May 16, 2015
@fabpot
bug #14217 [WebProfilerBundle] Fix regexp (romqin)
624dafb 
This PR was squashed before being merged into the 2.6 branch (closes #14217).

Discussion
----------

[WebProfilerBundle] Fix regexp

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #12122
| License       | MIT
| Doc PR        |

Old PR #12124

Commits
-------

091b37e [WebProfilerBundle] Fix regexp
ostrolucky pushed a commit to ostrolucky/symfony that referenced this pull request Mar 25, 2018
@fabpot
bug symfony#14217 [WebProfilerBundle] Fix regexp (romqin)
949f27f 
This PR was squashed before being merged into the 2.6 branch (closes symfony#14217).

Discussion
----------

[WebProfilerBundle] Fix regexp

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | symfony#12122
| License       | MIT
| Doc PR        |

Old PR symfony#12124

Commits
-------

091b37e [WebProfilerBundle] Fix regexp
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
WebProfilerBundle
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mykiwi @stof @sstok