Fix issue with $ interpolation in PHP curl snippets

httptoolkit · Jul 19, 2024 · bf61e2e · bf61e2e
1 parent 22e5a6e
commit bf61e2e
Show file tree

Hide file tree

Showing 20 changed files with 152 additions and 121 deletions.
diff --git a/src/targets/php/curl.js b/src/targets/php/curl.js
@@ -12,6 +12,7 @@
 
 const { format } = require('../../helpers/format')
 const CodeBuilder = require('../../helpers/code-builder')
+const { phpSqEscape } = require('./helpers')
 
 module.exports = function (source, options) {
   const opts = Object.assign({
@@ -78,7 +79,16 @@ module.exports = function (source, options) {
 
   curlOptions.forEach(function (option) {
     if (!~[null, undefined].indexOf(option.value)) {
-      curlopts.push(format('%s => %s,', option.name, option.escape ? JSON.stringify(option.value) : option.value))
+      curlopts.push(
+        format('%s => %s,',
+          option.name,
+          option.escape && typeof option.value === 'string'
+            ? `'${phpSqEscape(option.value)}'`
+            : option.escape
+              ? JSON.stringify(option.value)
+              : option.value
+        )
+      )
     }
   })
 
@@ -88,12 +98,12 @@ module.exports = function (source, options) {
   })
 
   if (cookies.length) {
-    curlopts.push(format('CURLOPT_COOKIE => "%s",', cookies.join('; ')))
+    curlopts.push(format("CURLOPT_COOKIE => '%s'", phpSqEscape(cookies.join('; '))))
   }
 
   // construct cookies
   const headers = Object.keys(source.headersObj).sort().map(function (key) {
-    return format('"%s: %qd"', key, source.headersObj[key])
+    return format("'%s: %s'", phpSqEscape(key), phpSqEscape(source.headersObj[key]))
   })
 
   if (headers.length) {
@@ -113,9 +123,9 @@ module.exports = function (source, options) {
     .push('if ($err) {')
 
   if (opts.namedErrors) {
-    code.push(1, 'echo array_flip(get_defined_constants(true)["curl"])[$err];')
+    code.push(1, "echo array_flip(get_defined_constants(true)['curl'])[$err];")
   } else {
-    code.push(1, 'echo "cURL Error #:" . $err;')
+    code.push(1, "echo 'cURL Error #:' . $err;")
   }
 
   code.push('} else {')

diff --git a/src/targets/php/helpers.js b/src/targets/php/helpers.js
@@ -1,6 +1,7 @@
 'use strict'
 
-const { escape } = require('../../helpers/format')
+// PHP single quotes are super simple - all escapes ignored except sq & slash
+const phpSqEscape = val => val.replace(/\\/g, '\\\\').replace(/'/g, "\\'")
 
 const convert = function (obj, indent, lastIndent) {
   let i, result
@@ -19,7 +20,7 @@ const convert = function (obj, indent, lastIndent) {
       break
 
     case '[object String]':
-      result = "'" + escape(obj, { delimiter: "'", escapeNewlines: false }) + "'"
+      result = "'" + phpSqEscape(obj) + "'"
       break
 
     case '[object Number]':
@@ -55,6 +56,7 @@ const convert = function (obj, indent, lastIndent) {
 }
 
 module.exports = {
+  phpSqEscape: phpSqEscape,
   convert: convert,
   methods: [
     'ACL',

diff --git a/test/fixtures/output/php/curl/application-form-encoded.php b/test/fixtures/output/php/curl/application-form-encoded.php
@@ -3,16 +3,16 @@
 $curl = curl_init();
 
 curl_setopt_array($curl, [
-  CURLOPT_URL => "http://mockbin.com/har",
+  CURLOPT_URL => 'http://mockbin.com/har',
   CURLOPT_RETURNTRANSFER => true,
-  CURLOPT_ENCODING => "",
+  CURLOPT_ENCODING => '',
   CURLOPT_MAXREDIRS => 10,
   CURLOPT_TIMEOUT => 30,
   CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
-  CURLOPT_CUSTOMREQUEST => "POST",
-  CURLOPT_POSTFIELDS => "foo=bar&hello=world",
+  CURLOPT_CUSTOMREQUEST => 'POST',
+  CURLOPT_POSTFIELDS => 'foo=bar&hello=world',
   CURLOPT_HTTPHEADER => [
-    "content-type: application/x-www-form-urlencoded"
+    'content-type: application/x-www-form-urlencoded'
   ],
 ]);
 
@@ -22,7 +22,7 @@
 curl_close($curl);
 
 if ($err) {
-  echo "cURL Error #:" . $err;
+  echo 'cURL Error #:' . $err;
 } else {
   echo $response;
 }
diff --git a/test/fixtures/output/php/curl/application-json.php b/test/fixtures/output/php/curl/application-json.php
@@ -3,16 +3,16 @@
 $curl = curl_init();
 
 curl_setopt_array($curl, [
-  CURLOPT_URL => "http://mockbin.com/har",
+  CURLOPT_URL => 'http://mockbin.com/har',
   CURLOPT_RETURNTRANSFER => true,
-  CURLOPT_ENCODING => "",
+  CURLOPT_ENCODING => '',
   CURLOPT_MAXREDIRS => 10,
   CURLOPT_TIMEOUT => 30,
   CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
-  CURLOPT_CUSTOMREQUEST => "POST",
-  CURLOPT_POSTFIELDS => "{\"number\":1,\"string\":\"f\\\"oo\",\"arr\":[1,2,3],\"nested\":{\"a\":\"b\"},\"arr_mix\":[1,\"a\",{\"arr_mix_nested\":{}}],\"boolean\":false}",
+  CURLOPT_CUSTOMREQUEST => 'POST',
+  CURLOPT_POSTFIELDS => '{"number":1,"string":"f\\"oo","arr":[1,2,3],"nested":{"a":"b"},"arr_mix":[1,"a",{"arr_mix_nested":{}}],"boolean":false}',
   CURLOPT_HTTPHEADER => [
-    "content-type: application/json"
+    'content-type: application/json'
   ],
 ]);
 
@@ -22,7 +22,7 @@
 curl_close($curl);
 
 if ($err) {
-  echo "cURL Error #:" . $err;
+  echo 'cURL Error #:' . $err;
 } else {
   echo $response;
 }
diff --git a/test/fixtures/output/php/curl/compression.php b/test/fixtures/output/php/curl/compression.php
@@ -3,15 +3,15 @@
 $curl = curl_init();
 
 curl_setopt_array($curl, [
-  CURLOPT_URL => "http://mockbin.com/har",
+  CURLOPT_URL => 'http://mockbin.com/har',
   CURLOPT_RETURNTRANSFER => true,
-  CURLOPT_ENCODING => "",
+  CURLOPT_ENCODING => '',
   CURLOPT_MAXREDIRS => 10,
   CURLOPT_TIMEOUT => 30,
   CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
-  CURLOPT_CUSTOMREQUEST => "GET",
+  CURLOPT_CUSTOMREQUEST => 'GET',
   CURLOPT_HTTPHEADER => [
-    "accept-encoding: deflate, gzip, br"
+    'accept-encoding: deflate, gzip, br'
   ],
 ]);
 
@@ -21,7 +21,7 @@
 curl_close($curl);
 
 if ($err) {
-  echo "cURL Error #:" . $err;
+  echo 'cURL Error #:' . $err;
 } else {
   echo $response;
 }
diff --git a/test/fixtures/output/php/curl/cookies.php b/test/fixtures/output/php/curl/cookies.php
@@ -3,14 +3,14 @@
 $curl = curl_init();
 
 curl_setopt_array($curl, [
-  CURLOPT_URL => "http://mockbin.com/har",
+  CURLOPT_URL => 'http://mockbin.com/har',
   CURLOPT_RETURNTRANSFER => true,
-  CURLOPT_ENCODING => "",
+  CURLOPT_ENCODING => '',
   CURLOPT_MAXREDIRS => 10,
   CURLOPT_TIMEOUT => 30,
   CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
-  CURLOPT_CUSTOMREQUEST => "POST",
-  CURLOPT_COOKIE => "foo=bar; bar=baz",
+  CURLOPT_CUSTOMREQUEST => 'POST',
+  CURLOPT_COOKIE => 'foo=bar; bar=baz'
 ]);
 
 $response = curl_exec($curl);
@@ -19,7 +19,7 @@
 curl_close($curl);
 
 if ($err) {
-  echo "cURL Error #:" . $err;
+  echo 'cURL Error #:' . $err;
 } else {
   echo $response;
 }
diff --git a/test/fixtures/output/php/curl/custom-method.php b/test/fixtures/output/php/curl/custom-method.php
@@ -3,13 +3,13 @@
 $curl = curl_init();
 
 curl_setopt_array($curl, [
-  CURLOPT_URL => "http://mockbin.com/har",
+  CURLOPT_URL => 'http://mockbin.com/har',
   CURLOPT_RETURNTRANSFER => true,
-  CURLOPT_ENCODING => "",
+  CURLOPT_ENCODING => '',
   CURLOPT_MAXREDIRS => 10,
   CURLOPT_TIMEOUT => 30,
   CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
-  CURLOPT_CUSTOMREQUEST => "PROPFIND",
+  CURLOPT_CUSTOMREQUEST => 'PROPFIND',
 ]);
 
 $response = curl_exec($curl);
@@ -18,7 +18,7 @@
 curl_close($curl);
 
 if ($err) {
-  echo "cURL Error #:" . $err;
+  echo 'cURL Error #:' . $err;
 } else {
   echo $response;
 }
diff --git a/test/fixtures/output/php/curl/full.php b/test/fixtures/output/php/curl/full.php
@@ -3,18 +3,18 @@
 $curl = curl_init();
 
 curl_setopt_array($curl, [
-  CURLOPT_URL => "http://mockbin.com/har?foo=bar&foo=baz&baz=abc&key=value",
+  CURLOPT_URL => 'http://mockbin.com/har?foo=bar&foo=baz&baz=abc&key=value',
   CURLOPT_RETURNTRANSFER => true,
-  CURLOPT_ENCODING => "",
+  CURLOPT_ENCODING => '',
   CURLOPT_MAXREDIRS => 10,
   CURLOPT_TIMEOUT => 30,
   CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
-  CURLOPT_CUSTOMREQUEST => "POST",
-  CURLOPT_POSTFIELDS => "foo=bar",
-  CURLOPT_COOKIE => "foo=bar; bar=baz",
+  CURLOPT_CUSTOMREQUEST => 'POST',
+  CURLOPT_POSTFIELDS => 'foo=bar',
+  CURLOPT_COOKIE => 'foo=bar; bar=baz'
   CURLOPT_HTTPHEADER => [
-    "accept: application/json",
-    "content-type: application/x-www-form-urlencoded"
+    'accept: application/json',
+    'content-type: application/x-www-form-urlencoded'
   ],
 ]);
 
@@ -24,7 +24,7 @@
 curl_close($curl);
 
 if ($err) {
-  echo "cURL Error #:" . $err;
+  echo 'cURL Error #:' . $err;
 } else {
   echo $response;
 }
diff --git a/test/fixtures/output/php/curl/headers.php b/test/fixtures/output/php/curl/headers.php
@@ -3,17 +3,17 @@
 $curl = curl_init();
 
 curl_setopt_array($curl, [
-  CURLOPT_URL => "http://mockbin.com/har",
+  CURLOPT_URL => 'http://mockbin.com/har',
   CURLOPT_RETURNTRANSFER => true,
-  CURLOPT_ENCODING => "",
+  CURLOPT_ENCODING => '',
   CURLOPT_MAXREDIRS => 10,
   CURLOPT_TIMEOUT => 30,
   CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
-  CURLOPT_CUSTOMREQUEST => "GET",
+  CURLOPT_CUSTOMREQUEST => 'GET',
   CURLOPT_HTTPHEADER => [
-    "accept: application/json",
-    "quoted-value: \"quoted\" 'string'",
-    "x-foo: Bar"
+    'accept: application/json',
+    'quoted-value: "quoted" \'string\'',
+    'x-foo: Bar'
   ],
 ]);
 
@@ -23,7 +23,7 @@
 curl_close($curl);
 
 if ($err) {
-  echo "cURL Error #:" . $err;
+  echo 'cURL Error #:' . $err;
 } else {
   echo $response;
 }
diff --git a/test/fixtures/output/php/curl/https.php b/test/fixtures/output/php/curl/https.php
@@ -3,13 +3,13 @@
 $curl = curl_init();
 
 curl_setopt_array($curl, [
-  CURLOPT_URL => "https://mockbin.com/har",
+  CURLOPT_URL => 'https://mockbin.com/har',
   CURLOPT_RETURNTRANSFER => true,
-  CURLOPT_ENCODING => "",
+  CURLOPT_ENCODING => '',
   CURLOPT_MAXREDIRS => 10,
   CURLOPT_TIMEOUT => 30,
   CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
-  CURLOPT_CUSTOMREQUEST => "GET",
+  CURLOPT_CUSTOMREQUEST => 'GET',
 ]);
 
 $response = curl_exec($curl);
@@ -18,7 +18,7 @@
 curl_close($curl);
 
 if ($err) {
-  echo "cURL Error #:" . $err;
+  echo 'cURL Error #:' . $err;
 } else {
   echo $response;
 }
diff --git a/test/fixtures/output/php/curl/jsonObj-multiline.php b/test/fixtures/output/php/curl/jsonObj-multiline.php
@@ -3,16 +3,18 @@
 $curl = curl_init();
 
 curl_setopt_array($curl, [
-  CURLOPT_URL => "http://mockbin.com/har",
+  CURLOPT_URL => 'http://mockbin.com/har',
   CURLOPT_RETURNTRANSFER => true,
-  CURLOPT_ENCODING => "",
+  CURLOPT_ENCODING => '',
   CURLOPT_MAXREDIRS => 10,
   CURLOPT_TIMEOUT => 30,
   CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
-  CURLOPT_CUSTOMREQUEST => "POST",
-  CURLOPT_POSTFIELDS => "{\n  \"foo\": \"bar\"\n}",
+  CURLOPT_CUSTOMREQUEST => 'POST',
+  CURLOPT_POSTFIELDS => '{
+  "foo": "bar"
+}',
   CURLOPT_HTTPHEADER => [
-    "content-type: application/json"
+    'content-type: application/json'
   ],
 ]);
 
@@ -22,7 +24,7 @@
 curl_close($curl);
 
 if ($err) {
-  echo "cURL Error #:" . $err;
+  echo 'cURL Error #:' . $err;
 } else {
   echo $response;
 }
diff --git a/test/fixtures/output/php/curl/jsonObj-null-value.php b/test/fixtures/output/php/curl/jsonObj-null-value.php
@@ -3,16 +3,16 @@
 $curl = curl_init();
 
 curl_setopt_array($curl, [
-  CURLOPT_URL => "http://mockbin.com/har",
+  CURLOPT_URL => 'http://mockbin.com/har',
   CURLOPT_RETURNTRANSFER => true,
-  CURLOPT_ENCODING => "",
+  CURLOPT_ENCODING => '',
   CURLOPT_MAXREDIRS => 10,
   CURLOPT_TIMEOUT => 30,
   CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
-  CURLOPT_CUSTOMREQUEST => "POST",
-  CURLOPT_POSTFIELDS => "{\"foo\":null}",
+  CURLOPT_CUSTOMREQUEST => 'POST',
+  CURLOPT_POSTFIELDS => '{"foo":null}',
   CURLOPT_HTTPHEADER => [
-    "content-type: application/json"
+    'content-type: application/json'
   ],
 ]);
 
@@ -22,7 +22,7 @@
 curl_close($curl);
 
 if ($err) {
-  echo "cURL Error #:" . $err;
+  echo 'cURL Error #:' . $err;
 } else {
   echo $response;
 }