Skip to content

Commit bff2a4a

Browse files
keelerm84keelerm84
authored
fix: Improve escaping for curl event publisher (#230)
1 parent 9836192 commit bff2a4a

File tree

1 file changed

+9
-11
lines changed

1 file changed

+9
-11
lines changed

src/LaunchDarkly/Impl/Integrations/CurlEventPublisher.php

Lines changed: 9 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -47,12 +47,12 @@ public function __construct(string $sdkKey, array $options = [])
4747
$this->_path = $url['path'] ?? '';
4848

4949
if (array_key_exists('curl', $options)) {
50-
$this->_curl = $options['curl'];
50+
$this->_curl = escapeshellcmd($options['curl']);
5151
}
5252

5353
$this->_eventHeaders = Util::eventHeaders($sdkKey, $options);
54-
$this->_connectTimeout = $options['connect_timeout'];
55-
$this->_timeout = $options['timeout'];
54+
$this->_connectTimeout = intval($options['connect_timeout']);
55+
$this->_timeout = intval($options['timeout']);
5656
$this->_isWindows = PHP_OS_FAMILY == 'Windows';
5757
}
5858

@@ -86,11 +86,7 @@ private function createCurlArgs(string $payload): string
8686
$args.= " --max-time " . $this->_timeout;
8787

8888
foreach ($this->_eventHeaders as $key => $value) {
89-
if ($key == 'Authorization') {
90-
$args.= " -H " . escapeshellarg("Authorization: " . $value);
91-
} else {
92-
$args.= " -H '$key: $value'";
93-
}
89+
$args.= " -H " . escapeshellarg("$key: $value");
9490
}
9591

9692
$args.= " -d " . escapeshellarg($payload);
@@ -112,17 +108,19 @@ private function createPowershellArgs(string $payloadFile): string
112108
{
113109
$headerString = "";
114110
foreach ($this->_eventHeaders as $key => $value) {
115-
$headerString .= sprintf("'%s'='%s';", $key, $value);
111+
$escapedKey = str_replace("'", "''", $key);
112+
$escapedValue = str_replace("'", "''", strval($value));
113+
$headerString .= sprintf("'%s'='%s';", $escapedKey, $escapedValue);
116114
}
117115

118116
$scheme = $this->_ssl ? "https://" : "http://";
119117
$args = " Invoke-WebRequest";
120118
$args.= " -Method POST";
121119
$args.= " -UseBasicParsing";
122-
$args.= " -InFile $payloadFile";
120+
$args.= " -InFile '$payloadFile'";
123121
$args.= " -H @{" . $headerString . "}";
124122
$args.= " -Uri " . escapeshellarg($scheme . $this->_host . ":" . $this->_port . $this->_path . "/bulk");
125-
$args.= " ; Remove-Item $payloadFile";
123+
$args.= " ; Remove-Item '$payloadFile'";
126124

127125
return $args;
128126
}

0 commit comments

Comments
 (0)