Merge branch '4.4' into 5.0

nicolas-grekas · nicolas-grekas · commit 8331da80cc35 · 2020-01-08T18:33:29.000+01:00
* 4.4:
  [Debug] fix ClassNotFoundFatalErrorHandler
  [Routing] Fix using a custom matcher &amp; generator dumper class
  [Serializer] Fix cache in MetadataAwareNameConverter
  [Dotenv] Fixed infinite loop with missing quote followed by quoted value
  [HttpClient] Added missing sprintf
  [TwigBridge] button_widget now has its title attr translated even if its label = null or false
  [PhpUnitBridge] When using phpenv + phpenv-composer plugin, composer executable is wrapped into a bash script
  [Messenger] Added check if json_encode succeeded
  [Messenger] Added check if json_encode succeeded
  [FrameworkBundle][ContainerLintCommand] Only skip .errored. services
  [HttpClient] fix exception in case of PSR17 discovery failure
  [DependencyInjection] Handle ServiceClosureArgument for callable in container linting
  fix processing chain adapter based cache pool
  [HttpKernel] release lock explicitly
  [Security] Prevent canceled remember-me cookie from being accepted
  [FrameworkBundle][TranslationUpdateCommand] Do not output positive feedback on stderr
  [Security\Guard] Fix missing typehints
  do not render preferred choices as selected
diff --git a/Dotenv.php b/Dotenv.php
@@ -272,7 +272,10 @@ private function lexValue(): string
                 $this->cursor += 1 + $len;
             } elseif ('"' === $this->data[$this->cursor]) {
                 $value = '';
-                ++$this->cursor;
+
+                if (++$this->cursor === $this->end) {
+                    throw $this->createFormatException('Missing quote to end the value');
+                }
 
                 while ('"' !== $this->data[$this->cursor] || ('\\' === $this->data[$this->cursor - 1] && '\\' !== $this->data[$this->cursor - 2])) {
                     $value .= $this->data[$this->cursor];
diff --git a/Tests/DotenvTest.php b/Tests/DotenvTest.php
@@ -40,6 +40,7 @@ public function getEnvDataWithFormatErrors()
             ['FOO', "Missing = in the environment variable declaration in \".env\" at line 1.\n...FOO...\n     ^ line 1 offset 3"],
             ['FOO="foo', "Missing quote to end the value in \".env\" at line 1.\n...FOO=\"foo...\n          ^ line 1 offset 8"],
             ['FOO=\'foo', "Missing quote to end the value in \".env\" at line 1.\n...FOO='foo...\n          ^ line 1 offset 8"],
+            ["FOO=\"foo\nBAR=\"bar\"", "Missing quote to end the value in \".env\" at line 1.\n...FOO=\"foo\\nBAR=\"bar\"...\n                     ^ line 1 offset 18"],
             ['FOO=\'foo'."\n", "Missing quote to end the value in \".env\" at line 1.\n...FOO='foo\\n...\n            ^ line 1 offset 9"],
             ['export FOO', "Unable to unset an environment variable in \".env\" at line 1.\n...export FOO...\n            ^ line 1 offset 10"],
             ['FOO=${FOO', "Unclosed braces on variable expansion in \".env\" at line 1.\n...FOO=\${FOO...\n           ^ line 1 offset 9"],
