[ZF-6521] Disallowing double quotes in INI config file values

git-svn-id: http://framework.zend.com/svn/framework/standard/trunk@19736 44c647ce-9c0f-0410-b52a-842ac1e357ba

library/Zend/Config/Writer/Ini.php

@@ -152,8 +152,12 @@ class Zend_Config_Writer_Ini extends Zend_Config_Writer_FileAbstract
             return $value;
         } elseif (is_bool($value)) {
             return ($value ? 'true' : 'false');
+        } elseif (strpos($value, '"') === false) {
+            return '"' . $value .  '"';
         } else {
-            return '"' . addslashes($value) .  '"';
+            /** @see Zend_Config_Exception */
+            require_once 'Zend/Config/Exception.php';
+            throw new Zend_Config_Exception('Value can not contain double quotes "');
         }
     }
 }

tests/Zend/Config/Writer/IniTest.php

@@ -233,4 +233,17 @@ other_staging.db.pass = "anotherpwd"
 ECS;
         $this->assertEquals($expected, $iniString);
     }
+
+    public function testZF6521_NoDoubleQuoutesInValue()
+    {
+        $config = new Zend_Config(array('default' => array('test' => 'fo"o')));
+
+        try {
+            $writer = new Zend_Config_Writer_Ini(array('config' => $config, 'filename' => $this->_tempName));
+            $writer->write();
+            $this->fail('An expected Zend_Config_Exception has not been raised');
+        } catch (Zend_Config_Exception $expected) {
+            $this->assertContains('Value can not contain double quotes "', $expected->getMessage());
+        }
+    }
 }