fix(view): prevent infinite loop with unclosed PHP or comment tags (#1282)

brendt · web-flow · commit 347513a36ad8 · 2025-05-26T12:57:44.000+02:00
diff --git a/packages/view/src/Parser/TempestViewLexer.php b/packages/view/src/Parser/TempestViewLexer.php
@@ -10,6 +10,8 @@ final class TempestViewLexer
 
     private ?string $current;
 
+    private bool $eof = false;
+
     public function __construct(
         private readonly string $html,
     ) {
@@ -155,7 +157,7 @@ private function lexPhp(): Token
     {
         $buffer = '';
 
-        while ($this->seek(2) !== '?>') {
+        while ($this->seek(2) !== '?>' && $this->current) {
             $buffer .= $this->consume();
         }
 
@@ -175,7 +177,7 @@ private function lexComment(): Token
     {
         $buffer = '';
 
-        while ($this->seek(3) !== '-->') {
+        while ($this->seek(3) !== '-->' && $this->current) {
             $buffer .= $this->consume();
         }
 
diff --git a/packages/view/tests/TempestViewLexerTest.php b/packages/view/tests/TempestViewLexerTest.php
@@ -220,6 +220,24 @@ public function test_attribute_with_new_line(): void
         ], $tokens);
     }
 
+    public function test_unclosed_php_tag(): void
+    {
+        $tokens = new TempestViewLexer('<?php echo "hi";')->lex();
+
+        $this->assertTokens([
+            new Token('<?php echo "hi";', TokenType::PHP),
+        ], $tokens);
+    }
+
+    public function test_unclosed_comment_tag(): void
+    {
+        $tokens = new TempestViewLexer('<!-- comment')->lex();
+
+        $this->assertTokens([
+            new Token('<!-- comment', TokenType::COMMENT),
+        ], $tokens);
+    }
+
     private function assertTokens(array $expected, TokenCollection $actual): void
     {
         $this->assertCount(count($expected), $actual);
diff --git a/tests/Integration/View/TempestViewRendererTest.php b/tests/Integration/View/TempestViewRendererTest.php
@@ -709,4 +709,13 @@ public function test_escape_expression_attribute(): void
 
         $this->assertSnippetsMatch('<div :escaped="foo"></div>', $html);
     }
+
+    public function test_unclosed_php_tag(): void
+    {
+        $html = $this->render(<<<'HTML'
+        <?php echo 'hi';
+        HTML);
+
+        $this->assertSame('hi', $html);
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,8 @@ final class TempestViewLexer`
`10`	`10`
`11`	`11`	`private ?string $current;`
`12`	`12`
	`13`	`+ private bool $eof = false;`
	`14`	`+`
`13`	`15`	`public function __construct(`
`14`	`16`	`private readonly string $html,`
`15`	`17`	`) {`
`@@ -155,7 +157,7 @@ private function lexPhp(): Token`
`155`	`157`	`{`
`156`	`158`	`$buffer = '';`
`157`	`159`
`158`		`- while ($this->seek(2) !== '?>') {`
	`160`	`+ while ($this->seek(2) !== '?>' && $this->current) {`
`159`	`161`	`$buffer .= $this->consume();`
`160`	`162`	`}`
`161`	`163`
`@@ -175,7 +177,7 @@ private function lexComment(): Token`
`175`	`177`	`{`
`176`	`178`	`$buffer = '';`
`177`	`179`
`178`		`- while ($this->seek(3) !== '-->') {`
	`180`	`+ while ($this->seek(3) !== '-->' && $this->current) {`
`179`	`181`	`$buffer .= $this->consume();`
`180`	`182`	`}`
`181`	`183`
Original file line number	Diff line number	Diff line change
`@@ -709,4 +709,13 @@ public function test_escape_expression_attribute(): void`
`709`	`709`
`710`	`710`	`$this->assertSnippetsMatch('<div :escaped="foo"></div>', $html);`
`711`	`711`	`}`
	`712`	`+`
	`713`	`+ public function test_unclosed_php_tag(): void`
	`714`	`+ {`
	`715`	`+ $html = $this->render(<<<'HTML'`
	`716`	`+ <?php echo 'hi';`
	`717`	`+ HTML);`
	`718`	`+`
	`719`	`+ $this->assertSame('hi', $html);`
	`720`	`+ }`
`712`	`721`	`}`