[Slim] Injection into host or basePath breaks server
Created by: ybelenko
Description
Injection into host and basePath breaks Slim server.
openapi-generator version
3.2.1-SNAPSHOT
OpenAPI declaration file content or url
host: petstore.swagger.io */ ' " =end -- \r\n \n \r
basePath: /v2 */ ' " =end -- \r\n \n \r
tags:
- name: fake
description: Everything about your Pets */ ' " =end -- \r\n \n \r
externalDocs:
description: Find out more */ ' " =end -- \r\n \n \r
url: 'https://openapis.org'
schemes:
- http */ ' " =end -- \r\n \n \rCommand line used for generation
$ bin/security/php-slim-server-petstore.shSteps to reproduce
$ bin/security/php-slim-server-petstore.shthen
$ php -l samples/server/petstore-security-test/php-slim/lib/SlimRouter.php
Parse error: syntax error, unexpected '\' (T_NS_SEPARATOR), expecting ',' or ')' in samples/
server/petstore-security-test/php-slim/lib/SlimRouter.php on line 71
Errors parsing samples/server/petstore-security-test/php-slim/lib/SlimRouter.phpRelated issues/PRs
Suggest a fix/enhancement
Any solution could work:
- Escape quotes in
{{{basePathWithoutHost}}}and{{{path}}} - Strip out quotes from
{{{basePathWithoutHost}}}and{{{path}}} - Throw warning when
{{{basePathWithoutHost}}}and{{{path}}}contains invalid chars