MantisBT

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001512XdebugRemote Debuggingpublic2018-01-05 12:452018-01-22 18:21
ReporterLanaZem 
Assigned Toderick 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.6.0beta1 
Target Version2.6.0Fixed in Version2.6.0rc1 
Summary0001512: Xdebug does not properly encode and escape properties with quotes and \0 characters.
DescriptionIf class fqn is included in property name Xdebug will escape "name" and "fullname" in 'property_get' response.

If no fqn is included then only "fullname" will be escaped.
Steps To Reproduce1) Create a php file
<?php

namespace TestA\TestB\TestC;

class A
{
    private $items;

    public function __construct()
    {
        $this->items = array(array(1, 2));
    }
}

class B extends A {
    public function foo() {
        $v = array(array("\\\\" => 1));
        echo 1; // Set breakpoint here and inspect $v and $items
    }
}

(new B())->foo();

2) Put breakpoint inside 'foo' method and start debugging.

3) Call 'property_get' command for '*TestA\TestB\TestC\A*items'.
<- property_get -i 18 -n $this->*TestA\\TestB\\TestC\\A*items -d 0 -c 0 -p 0

Expected:
<property name="$this->*TestA\TestB\TestC\A*items" fullname="$this->*TestA\TestB\TestC\A*items" type="array" children="1" numchildren="1" page="0" pagesize="100">
<property name="0" fullname="$this->*TestA\TestB\TestC\A*items[0]" type="int"><![CDATA[1]]></property>
</property>

Actual:
<property name="$this->*TestA\\TestB\\TestC\\A*items" fullname="$this->*TestA\\TestB\\TestC\\A*items" type="array" children="1" numchildren="1" page="0" pagesize="100">
<property name="0" fullname="$this->*TestA\\TestB\\TestC\\A*items[0]" type="int"><![CDATA[1]]></property>
</property>

4) Call 'property_get' command for '$v[0]'
<- property_get -i 24 -n $v[0] -d 0 -c 0 -p 0

Expected:
<property name="$v[0]" fullname="$v[0]" type="array" children="1" numchildren="1" page="0" pagesize="100"><property name="\\" fullname="$v[0]["\\"]" type="int"><![CDATA[1]]></property>
</property>

Actual:
<property name="$v[0]" fullname="$v[0]" type="array" children="1" numchildren="1" page="0" pagesize="100"><property name="\\" fullname="$v[0]["\\\\"]" type="int"><![CDATA[1]]></property>
</property>
TagsNo tags attached.
Operating System
PHP Version7.1.0-7.1.4
Attached Fileslog file icon xdebug_2.6beta_escaped_name.log [^] (41,235 bytes) 2018-01-05 12:45

- Relationships
has duplicate 0001513resolvedderick Xdebug returns escaped property fullname with enabled extended_properties 

-  Notes
(0004550)
derick (administrator)
2018-01-06 10:26
edited on: 2018-01-06 10:29

Xdebug's, and your's, assumption that you should escape the \ already when doing property_get in step 3 is actually wrong:

<- property_get -i 18 -n $this->*TestA\\TestB\\TestC\\A*items -d 0 -c 0 -p 0

It should be either:

<- property_get -i 18 -n "$this->*TestA\\TestB\\TestC\\A*items" -d 0 -c 0 -p 0

or

<- property_get -i 18 -n $this->*TestA\TestB\TestC\A*items -d 0 -c 0 -p 0

Xdebug does currently not do this correctly either. The DBGp specs say (in https://xdebug.org/docs-dbgp.php#message-packets [^]):

    If a value for an option includes a space, the value needs to be encoded.
    You can encode values by encasing them in double quotes:

    property_get -i 5 -n "$x['a b']" -d 0 -c 0 -p 0

    It is also possible to use escape characters in quoted strings:

    property_get -i 6 -n "$x[\"a b\"]" -d 0 -c 0 -p 0

As Xdebug has returned, through XML, just:

fullname="$this->*TestA\TestB\TestC\A*items"

which, after XML decoding shows:

$this->*TestA\TestB\TestC\A*items

There is no space in this, so there is no NEED to enclose them in "'s, or does the spec say anything about escaping the \'s.

The spec hints that *if* you enclose them in "'s, you must also escape the \'s.

I propose we do the following:

- Xdebug stops stripping \'s when it parsing the property names, unless they are enclosed in "'s.
- PhpStorm does not escape the \'s, *unless* it has wrapped the value in double quotes. It must simply use the XML decoded value that XML returned (through "context_get" or "property_get -n $this") as argument to property_get *unless* there is a space or \0 character, in which case PhpStorm *must* enclose the value in "'s and escape ", \ and NULL.
- I update the DBGp spec to:
  - include the \0 character with the line about the space
  - make it clearer when you *must* escape
  - make it clearer when you *can* escape

This is likely going to break existing behaviour, so you might want to change behaviour depending on Xdebug version, send to PhpStorm in the init package with:

    <engine version="2.6.0beta2-dev">

(0004551)
derick (administrator)
2018-01-06 12:24

I've added a PR for DBGp, please review: https://github.com/derickr/dbgp/pull/17 [^]
(0004554)
LanaZem (reporter)
2018-01-09 14:41

Looks good for me. From IDE side the behaviour is the same as for Xdebug 2.5 and earlier.
(0004555)
derick (administrator)
2018-01-09 15:15

That's not 100% true - please see this again:

Your assumption that you should escape the \ already when doing
property_get in step 3 is actually wrong:

<- property_get -i 18 -n $this->*TestA\\TestB\\TestC\\A*items -d 0 -c 0 -p 0

It should be either:

<- property_get -i 18 -n "$this->*TestA\\TestB\\TestC\\A*items" -d 0 -c 0 -p 0

or

<- property_get -i 18 -n $this->*TestA\TestB\TestC\A*items -d 0 -c 0 -p 0
(0004556)
LanaZem (reporter)
2018-01-09 17:17

Do you mean Xdebug 2.5 doesn't require escaping inside quotes?

For me, the command with escaped value works perfectly fine with Xdebug 2.5.5 + PHP 7.1.1 or PHP 5.6.30

<- property_get -i 23 -n "$this->*PhpStormBug917319\\ParentClass*_attributes['Three\\s Stuff']" -d 0 -c 0 -p 0
-> <response xmlns="urn:debugger_protocol_v1" xmlns:xdebug="http://xdebug.org/dbgp/xdebug" [^] command="property_get" transaction_id="23"><property name="$this->*PhpStormBug917319\ParentClass*_attributes['Three\s Stuff']" fullname="$this->*PhpStormBug917319\ParentClass*_attributes['Three\s Stuff']" type="array" children="1" numchildren="1" page="0" pagesize="100"><property name="id" fullname="$this->*PhpStormBug917319\ParentClass*_attributes['Three\s Stuff']['id']" type="string" size="13" encoding="base64"><![CDATA[VGhyZWVccyBTdHVmZg==]]></property></property></response>
(0004557)
derick (administrator)
2018-01-09 17:37
edited on: 2018-01-09 17:37

Inside double quotes, you *MUST* escape, like you do:

   property_get -i 23 -n "$this->*PhpStormBug917319\\ParentClass*_attributes['Three\\s Stuff']"

And I showed with:

   property_get -i 18 -n "$this->*TestA\\TestB\\TestC\\A*items" -d 0 -c 0 -p 0

----

Not using double quotes, you *MUST NOT* escape, like I showed with:

   <- property_get -i 18 -n $this->*TestA\TestB\TestC\A*items -d 0 -c 0 -p 0


----

In the original description of the bug, you wrote:

   3) Call 'property_get' command for '*TestA\TestB\TestC\A*items'.
   <- property_get -i 18 -n $this->*TestA\\TestB\\TestC\\A*items -d 0 -c 0 -p 0

But this uses escaped \ characters outside double quotes, which is incorrect.

Xdebug 2.5 would allow this, but should not have. Xdebug 2.6 will not allow this, after my merge of https://github.com/xdebug/xdebug/commit/307009a46ff63f15ea6e1e1e3c66637314089ab8 [^]

(0004558)
LanaZem (reporter)
2018-01-09 18:27

I understand that your suggestion in comments is different from the issue description.

I'm saying that Xdebug 2.5 does follow the same rules, e.g. The command with escaped blackslashes will fail in Xdebug 2.5 too:
<- property_get -i 22 -n $this->*PhpStormBug917319\\ParentClass*_attributes -d 0 -c 0 -p 0
-> <response xmlns="urn:debugger_protocol_v1" xmlns:xdebug="http://xdebug.org/dbgp/xdebug" [^] command="property_get" transaction_id="22" status="break" reason="ok"><error code="300"><message><![CDATA[can not get property]]></message></error></response>

- Issue History
Date Modified Username Field Change
2018-01-05 12:45 LanaZem New Issue
2018-01-05 12:45 LanaZem File Added: xdebug_2.6beta_escaped_name.log
2018-01-06 10:26 derick Note Added: 0004550
2018-01-06 10:27 derick Assigned To => derick
2018-01-06 10:27 derick Status new => confirmed
2018-01-06 10:28 derick Note Edited: 0004550 View Revisions
2018-01-06 10:29 derick Note Edited: 0004550 View Revisions
2018-01-06 12:24 derick Note Added: 0004551
2018-01-07 18:05 derick Relationship added has duplicate 0001513
2018-01-07 18:05 derick Summary Xdebug returns escaped property name and fullname => Xdebug does not properly encode and escape properties with quotes and \0 characters.
2018-01-07 18:05 derick Steps to Reproduce Updated View Revisions
2018-01-08 10:53 derick Status confirmed => closed
2018-01-08 10:53 derick Resolution open => fixed
2018-01-08 10:53 derick Fixed in Version => 2.6.0
2018-01-08 10:54 derick Target Version => 2.6.0
2018-01-09 14:41 LanaZem Note Added: 0004554
2018-01-09 15:15 derick Note Added: 0004555
2018-01-09 17:17 LanaZem Note Added: 0004556
2018-01-09 17:37 derick Note Added: 0004557
2018-01-09 17:37 derick Note Edited: 0004557 View Revisions
2018-01-09 18:27 LanaZem Note Added: 0004558
2018-01-22 18:21 derick Fixed in Version 2.6.0 => 2.6.0rc1


Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker