Reject env files with missmatched quotes

GrahamCampbell · GrahamCampbell · commit 7417448b378a · 2021-01-20T14:11:08.000Z
diff --git a/src/Parser.php b/src/Parser.php
@@ -55,7 +55,7 @@ public static function parseValue($value)
      */
     public static function parseQuotedValue($value)
     {
-        $data = array_reduce(str_split($value), function ($data, $char) use ($value) {
+        $result = array_reduce(str_split($value), function ($data, $char) use ($value) {
             switch ($data[1]) {
                 case Parser::INITIAL_STATE:
                     if ($char === '"' || $char === '\'') {
@@ -94,7 +94,13 @@ public static function parseQuotedValue($value)
             }
         }, array('', Parser::INITIAL_STATE));
 
-        return trim($data[0]);
+        if ($result[1] === Parser::QUOTED_STATE || $result[1] === Parser::ESCAPE_STATE) {
+            throw new InvalidFileException(
+                'Dotenv values starting with a quote must finish with a closing quote.'
+            );
+        }
+
+        return trim($result[0]);
     }
 
     /**
diff --git a/tests/Dotenv/DotenvTest.php b/tests/Dotenv/DotenvTest.php
@@ -87,7 +87,47 @@ public function testLargeDotenvLoadsEnvironmentVars()
      */
     public function testSpacedValuesWithoutQuotesThrowsException()
     {
-        $dotenv = new Dotenv(dirname(__DIR__).'/fixtures/env-wrong', 'spaced-wrong.env');
+        $dotenv = new Dotenv(dirname(__DIR__).'/fixtures/env', 'spaced-wrong.env');
+        $dotenv->load();
+    }
+
+    /**
+     * @expectedException \Dotenv\Exception\InvalidFileException
+     * @expectedExceptionMessage Dotenv values starting with a quote must finish with a closing quote.
+     */
+    public function testMissingClosingSingleQuoteThrowsException()
+    {
+        $dotenv = new Dotenv(dirname(__DIR__).'/fixtures/env', 'squote-wrong.env');
+        $dotenv->load();
+    }
+
+    /**
+     * @expectedException \Dotenv\Exception\InvalidFileException
+     * @expectedExceptionMessage Dotenv values starting with a quote must finish with a closing quote.
+     */
+    public function testMissingClosingDoubleQuoteThrowsException()
+    {
+        $dotenv = new Dotenv(dirname(__DIR__).'/fixtures/env', 'dquote-wrong.env');
+        $dotenv->load();
+    }
+
+    /**
+     * @expectedException \Dotenv\Exception\InvalidFileException
+     * @expectedExceptionMessage Dotenv values starting with a quote must finish with a closing quote.
+     */
+    public function testMissingClosingQuotesThrowsException()
+    {
+        $dotenv = new Dotenv(dirname(__DIR__).'/fixtures/env', 'quotes-wrong.env');
+        $dotenv->load();
+    }
+
+    /**
+     * @expectedException \Dotenv\Exception\InvalidFileException
+     * @expectedExceptionMessage Dotenv values starting with a quote must finish with a closing quote.
+     */
+    public function testMissingClosingQuoteWithEscapeThrowsException()
+    {
+        $dotenv = new Dotenv(dirname(__DIR__).'/fixtures/env', 'escape-wrong.env');
         $dotenv->load();
     }
 
diff --git a/tests/fixtures/env/dquote-wrong.env b/tests/fixtures/env/dquote-wrong.env
@@ -0,0 +1 @@
+TEST="erert
diff --git a/tests/fixtures/env/escape-wrong.env b/tests/fixtures/env/escape-wrong.env
@@ -0,0 +1 @@
+TEST="\
diff --git a/tests/fixtures/env/quotes-wrong.env b/tests/fixtures/env/quotes-wrong.env
@@ -0,0 +1,2 @@
+TEST="erert
+TEST='erert
diff --git a/tests/fixtures/env/spaced-wrong.env b/tests/fixtures/env/spaced-wrong.env
diff --git a/tests/fixtures/env/squote-wrong.env b/tests/fixtures/env/squote-wrong.env
@@ -0,0 +1 @@
+TEST='erert
