diff --git a/core/lib/Drupal/Component/Utility/Variable.php b/core/lib/Drupal/Component/Utility/Variable.php index 7653a18..347cae5 100644 --- a/core/lib/Drupal/Component/Utility/Variable.php +++ b/core/lib/Drupal/Component/Utility/Variable.php @@ -46,9 +46,9 @@ public static function export($var, $prefix = '') { elseif (is_string($var)) { if (strpos($var, "\n") !== FALSE || strpos($var, "'") !== FALSE) { // If the string contains a line break or a single quote, use the - // double quote export mode. Encode backslash and double quotes and - // transform some common control characters. - $var = str_replace(array('\\', '"', "\n", "\r", "\t"), array('\\\\', '\"', '\n', '\r', '\t'), $var); + // double quote export mode. Encode backslash, dollar symbols, and + // double quotes and transform some common control characters. + $var = str_replace(array('\\', '$', '"', "\n", "\r", "\t"), array('\\\\', '\$', '\"', '\n', '\r', '\t'), $var); $output = '"' . $var . '"'; } else { diff --git a/core/modules/system/src/Tests/Update/DbDumpTest.php b/core/modules/system/src/Tests/Update/DbDumpTest.php index 96bcfdb..9d96fac 100644 --- a/core/modules/system/src/Tests/Update/DbDumpTest.php +++ b/core/modules/system/src/Tests/Update/DbDumpTest.php @@ -13,6 +13,7 @@ use Drupal\Core\Database\Database; use Drupal\Core\DependencyInjection\ContainerBuilder; use Drupal\simpletest\KernelTestBase; +use Drupal\user\Entity\User; use Symfony\Component\Console\Tester\CommandTester; use Symfony\Component\DependencyInjection\Reference; @@ -98,15 +99,20 @@ public function setUp() { $this->installEntitySchema('user'); $this->installEntitySchema('file'); $this->installEntitySchema('menu_link_content'); + $this->installSchema('system', 'sequences'); // Place some sample config to test for in the export. $this->data = [ 'foo' => $this->randomMachineName(), - 'bar' => $this->randomMachineName() + 'bar' => $this->randomMachineName(), ]; $storage = new DatabaseStorage(Database::getConnection(), 'config'); $storage->write('test_config', $this->data); + // Create user account with some potential syntax issues. + $account = User::create(['mail' => 'q\'uote$dollar@example.com', 'name' => '$dollar']); + $account->save(); + // Create a cache table (this will create 'cache_discovery'). \Drupal::cache('discovery')->set('test', $this->data); @@ -118,13 +124,15 @@ public function setUp() { 'block_content_revision', 'cachetags', 'config', - 'cache_discovery', 'cache_bootstrap', + 'cache_discovery', + 'cache_entity', 'file_managed', 'key_value_expire', 'menu_link_content', 'menu_link_content_data', 'semaphore', + 'sequences', 'sessions', 'url_alias', 'user__roles', @@ -169,6 +177,12 @@ public function testDbDumpCommand() { // The test data are in the dump (serialized). $pattern = preg_quote(serialize($this->data)); $this->assertTrue(preg_match('/' . $pattern . '/', $command_tester->getDisplay()), 'Generated data is found in the exported script.'); + + // Check that the user account name and email address was properly escaped. + $pattern = preg_quote('"q\'uote\$dollar@example.com"'); + $this->assertTrue(preg_match('/' . $pattern . '/', $command_tester->getDisplay()), 'The user account email address was properly escaped in the exported script.'); + $pattern = preg_quote('\'$dollar\''); + $this->assertTrue(preg_match('/' . $pattern . '/', $command_tester->getDisplay()), 'The user account name was properly escaped in the exported script.'); } /** diff --git a/core/tests/Drupal/Tests/Component/Utility/VariableTest.php b/core/tests/Drupal/Tests/Component/Utility/VariableTest.php index 4543309..0aef6d0 100644 --- a/core/tests/Drupal/Tests/Component/Utility/VariableTest.php +++ b/core/tests/Drupal/Tests/Component/Utility/VariableTest.php @@ -78,6 +78,11 @@ public function providerTestExport() { '"\'"', "'", ), + array( + // Quotes with $ symbols. + '"\$settings[\'foo\']"', + '$settings[\'foo\']', + ), // Object. array( // A stdClass object.