mirror of
https://github.com/php/php-src.git
synced 2025-08-16 05:58:45 +02:00
5bb3e233db
In 8b3c1a3, this was disallowed to fix #55856, which was a security
issue caused by the /e modifier. The fix that was made was the
"Easier fix" as described in the original report.
With this fix, pattern strings are no longer treated as null terminated,
so null characters can be placed inside and matched against with regex
patterns without security problems, so there is no longer a reason to
give the error. Allowing this is consistent with the behaviour of many
other languages, including JavaScript, and thanks to PCRE2[0], it does
not require manually escaping null characters. Now that we can avoid the
error here without the cost of escaping characters, there is really no
need anymore to stray here from the conventional behaviour.
Currently, null characters are still disallowed before the first
delimiter and in the options section at the end of a regex string, but
these error messages have been updated.
[0] Since PCRE2, pattern strings no longer have to be null terminated,
and raw null characters match as normal.
Closes GH-8114.
55 lines
1.5 KiB
PHP
55 lines
1.5 KiB
PHP
--TEST--
|
|
Test preg_replace_callback() function : error
|
|
--FILE--
|
|
<?php
|
|
/*
|
|
* Function is implemented in ext/pcre/php_pcre.c
|
|
*/
|
|
/*
|
|
* Testing how preg_replace_callback reacts to being passed the wrong type of regex argument
|
|
*/
|
|
echo "*** Testing preg_replace_callback() : error conditions ***\n";
|
|
$regex_array = array('abcdef', //Regex without delimiters
|
|
'/[a-zA-Z]', //Regex without closing delimiter
|
|
'[a-zA-Z]/', //Regex without opening delimiter
|
|
'/[a-zA-Z]/F', array('[a-z]', //Array of Regexes
|
|
'[A-Z]', '[0-9]'), '/[0-9]/'); //Regex string
|
|
$replacement = array('zero', 'one', 'two', 'three', 'four', 'five', 'six', 'seven', 'eight', 'nine');
|
|
function integer_word($matches) {
|
|
global $replacement;
|
|
return $replacement[$matches[0]];
|
|
}
|
|
$subject = 'number 1.';
|
|
foreach($regex_array as $regex_value) {
|
|
@print "\nArg value is $regex_value\n";
|
|
var_dump(preg_replace_callback($regex_value, 'integer_word', $subject));
|
|
}
|
|
?>
|
|
--EXPECTF--
|
|
*** Testing preg_replace_callback() : error conditions ***
|
|
|
|
Arg value is abcdef
|
|
|
|
Warning: preg_replace_callback(): Delimiter must not be alphanumeric, backslash, or NUL in %s on line %d
|
|
NULL
|
|
|
|
Arg value is /[a-zA-Z]
|
|
|
|
Warning: preg_replace_callback(): No ending delimiter '/' found in %s on line %d
|
|
NULL
|
|
|
|
Arg value is [a-zA-Z]/
|
|
|
|
Warning: preg_replace_callback(): Unknown modifier '/' in %s on line %d
|
|
NULL
|
|
|
|
Arg value is /[a-zA-Z]/F
|
|
|
|
Warning: preg_replace_callback(): Unknown modifier 'F' in %s on line %d
|
|
NULL
|
|
|
|
Arg value is Array
|
|
string(9) "number 1."
|
|
|
|
Arg value is /[0-9]/
|
|
string(11) "number one."
|