Laravel截断带有特殊字符的字符串 [英] Laravel truncating strings with special characters
问题描述
我已经在CMS上工作了几个月了,laravel截断某些特殊字符时,我面临着各种挑战.我不得不将CMS中的编辑器从bootstrap wysiwyg更改为ckeditor,因为它附带了一些高级转义选项,因此情况变得更好.
例如,我能够防止'"'变成'",这导致整个字符串(段落)在找到这种编码的任何地方截断.
但是,这是一个CMS,用户有充分的理由输入各种各样的字符,在不可避免的特殊字符的情况下,这些字符可以安全地编码并保存在数据库中.例如,从一个网站中挑选一个嵌入(允许太多),其中可能包含这些字符中的任何一个;
/ = %2F
: = %3A
# = %23
% = %25
? = %3F
当有人粘贴包含某些字符的链接或尝试超链接包含上述字符(%2F除外)的某些单词时,字符串将被截断.在进行了各种级别的检查之后,我注意到该字符串成功到达了后端函数,然后在保存之前将其截断.我不知道它的 Laravel (解析器)还是它的 MySql (我使用的数据库)会截断这些字符串.这是一个特殊情况;
此Facebook嵌入时:
<iframe src="https://www.facebook.com/plugins/comment_embed.php?href=https%3A%2F%2Fwww.facebook.com%2Ftonyelumelu%2Fposts%2F10154627801036949%3Fcomment_id%3D10154629134011949&include_parent=false" width="560" height="201" style="border:none;overflow:hidden"
scrolling="no" frameborder="0" allowTransparency="true">
</iframe>
这是在数据库中找到的粘贴在编辑器中的
<iframe src="https://www.facebook.com/plugins/comment_embed.php?href=https://www.facebook.com/tonyelumelu/posts/10154627801036949?comment_id=10154629134011949
仔细观察,您会发现字符串中的所有'%2F'均已替换为'/',但字符串已在%3F"处被截断,而该字符本应替换为'?'或至少保持不变.
我知道这些是安全措施,但是我已经对前端编辑器进行了很多调整,我认为应该让后端环境卫生(如果需要)让我按照自己的方式进行.我真的需要首先了解如何停止这种烦人的行为,然后才能获得有关最佳实践的建议.我只是希望这些字符串能够以不带任何更改的方式进入数据库.提前致谢.
尝试重复该错误
我创建了一条测试路线Route::any('/test', 'IndexController@test')->name('test');
然后-测试操作:
public function test(Request $request) {
if($request->isMethod('post')) {
$er = \App\Entity::create([
'log' => $request->code,
]);
exit('done');
}
echo "<form method=post>" . csrf_field() .
"<textarea name=code></textarea><input type=submit></form>";
}
结果
提交代码后,我可以在浏览器的网络"标签中看到未更改的代码
然后,我进入数据库,并看到未更改的代码.
这是什么意思
不幸的是,我无法重提您在此处提出的错误.这意味着不是Laravel意外地转换了您的代码.尝试检查网络"选项卡,然后dd()请求var进行检查.我想这个错误是在通过网络发送数据之前的某个地方.
I have been working on a CMS for months now, I have faced various challenges with laravel truncating certain special characters. I had to change the editor in the CMS from bootstrap wysiwyg to ckeditor things got quite better as there are some advance escaping options that come with it.
For example I was able to prevent '"' from becoming '" which was causing the entire string (paragraph) to truncate where ever it finds such encoding.
However this is a CMS where the user has a good reason to input a wide range of characters which can be safely encoded and kept in the database in cases where special chars are unavoidable. For example picking an embed from a website (very much allowed) which may contain any of these characters;
/ = %2F
: = %3A
# = %23
% = %25
? = %3F
When someone pastes a link that contains certain characters or tries to hyperlink some words that contain characters like the ones above(excluding %2F) the string is truncated. After doing inspection at various levels I noticed the string successfully gets to the back-end function it's then truncated before being saved. I don't know if its Laravel (the parser) or its MySql (the database I use) that truncates these strings. Here is a particular case;
When this Facebook embed :
<iframe src="https://www.facebook.com/plugins/comment_embed.php?href=https%3A%2F%2Fwww.facebook.com%2Ftonyelumelu%2Fposts%2F10154627801036949%3Fcomment_id%3D10154629134011949&include_parent=false" width="560" height="201" style="border:none;overflow:hidden"
scrolling="no" frameborder="0" allowTransparency="true">
</iframe>
Is pasted in the editor this is what is found in the database
<iframe src="https://www.facebook.com/plugins/comment_embed.php?href=https://www.facebook.com/tonyelumelu/posts/10154627801036949?comment_id=10154629134011949
Careful observation will show you that all '%2F' was replace in the string with '/' but the string was exactly truncated at '%3F' which was supposed to replaced with '?' or at least left unchanged.
I know those are security measures but I have tweaked the front editor alot already and I think the back end sanitation should be left for me to do it (if I want) the way I want. I really need to first know how to stop such an annoying behavior before getting advice on the best practice. I would just like the strings to get into the database the way it comes without any changes. Thanks in advance.
Trying to repeat the bug
I create a test route Route::any('/test', 'IndexController@test')->name('test');
Then - test action:
public function test(Request $request) {
if($request->isMethod('post')) {
$er = \App\Entity::create([
'log' => $request->code,
]);
exit('done');
}
echo "<form method=post>" . csrf_field() .
"<textarea name=code></textarea><input type=submit></form>";
}
Results
When I submit your code, I can see it unaltered in Network tab of browser
Then I go to the database and see the code unaltered as well.
What does it mean
Unfortunally, I was unable to repeat the bug you presented here. It means it is not Laravel who transforms your code unexpectedly. Try to check Network tab and dd() request vars to check them. I suppose that the bug is somewhere before sending data via network.
这篇关于Laravel截断带有特殊字符的字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
