[Dotenv] Fixed infinite loop with missing quote followed by quoted value

naitsirch · naitsirch · commit 1ab91dcb7a7a · 2020-01-07T21:00:44.000+01:00
If there's a quote missing to end a value and in the next line there's again a quoted value Dotenv will run into an infinite loop. An .env file with the following content will result in this error: ``` FOO="foo BAR="bar" ``` See #34642 for more details.
diff --git a/src/Symfony/Component/Dotenv/Dotenv.php b/src/Symfony/Component/Dotenv/Dotenv.php
@@ -203,9 +203,14 @@ private function lexValue()
                 $this->cursor += 1 + $len;
             } elseif ('"' === $this->data[$this->cursor]) {
                 $value = '';
+                $prevLf = null;
                 ++$this->cursor;
 
                 while ('"' !== $this->data[$this->cursor] || ('\\' === $this->data[$this->cursor - 1] && '\\' !== $this->data[$this->cursor - 2])) {
+                    if ("\n" === $this->data[$this->cursor]) {
+                        $prevLf = $this->cursor;
+                    }
+
                     $value .= $this->data[$this->cursor];
                     ++$this->cursor;
 
@@ -216,6 +221,13 @@ private function lexValue()
                 if ("\n" === $this->data[$this->cursor]) {
                     throw $this->createFormatException('Missing quote to end the value');
                 }
+                // After a multi line value a line break is expected. Otherwise we can be sure
+                // that the ending quote of the previous line is missing.
+                if (isset($this->data[$this->cursor + 1]) && "\n" !== $this->data[$this->cursor + 1] && $prevLf) {
+                    // Reset the cursor position to the previous line break to get the correct error message.
+                    $this->cursor = $prevLf;
+                    throw $this->createFormatException('Missing quote to end the value');
+                }
                 ++$this->cursor;
                 $value = str_replace(['\\"', '\r', '\n'], ['"', "\r", "\n"], $value);
                 $resolvedValue = $value;
diff --git a/src/Symfony/Component/Dotenv/Tests/DotenvTest.php b/src/Symfony/Component/Dotenv/Tests/DotenvTest.php
@@ -40,6 +40,7 @@ public function getEnvDataWithFormatErrors()
             ['FOO', "Missing = in the environment variable declaration in \".env\" at line 1.\n...FOO...\n     ^ line 1 offset 3"],
             ['FOO="foo', "Missing quote to end the value in \".env\" at line 1.\n...FOO=\"foo...\n          ^ line 1 offset 8"],
             ['FOO=\'foo', "Missing quote to end the value in \".env\" at line 1.\n...FOO='foo...\n          ^ line 1 offset 8"],
+            ["FOO=\"foo\nBAR=\"bar\"", "Missing quote to end the value in \".env\" at line 1.\n...FOO=\"foo\\nBAR=\"bar\"...\n          ^ line 1 offset 8"],
             ['FOO=\'foo'."\n", "Missing quote to end the value in \".env\" at line 1.\n...FOO='foo\\n...\n            ^ line 1 offset 9"],
             ['export FOO', "Unable to unset an environment variable in \".env\" at line 1.\n...export FOO...\n            ^ line 1 offset 10"],
             ['FOO=${FOO', "Unclosed braces on variable expansion in \".env\" at line 1.\n...FOO=\${FOO...\n           ^ line 1 offset 9"],
