#30698 [NEW]: preg_replace with /e does not escape single quotes as per documentation

Fri, 05 Nov 2004 23:17:34 -0800 

From:             php at richardneill dot org
Operating system: Linux
PHP version:      4.3.9
PHP Bug Type:     Feature/Change Request
Bug description:  preg_replace with /e does  not escape single quotes as per 
documentation

Description:
------------
The documentation for preg_replace states that /e  
will cause it to add extra slashes to single and double 
quotes. 
 
This means that, if one has magic_quotes on, one must 
filter out the spurious new backslashes, using something 
like:  
$block=str_replace(array('\\\\\'','\\\\"'),array('\\\'','\\"'),
$block);  
 
However, in fact, it appears that preg_replace is adding 
the backslashes to double quotes, but NOT to single 
quotes. 
 
There's also a useful comment here: 
http://uk2.php.net/manual/en/function.preg-replace.php 
steven -a-t- acko dot net  08-Feb-2004 05:45  

Reproduce code:
---------------
FAILS:

$message=preg_replace("/((?<=(\n))|(?<=^))( *>(.*))(\n\n|$)/seU", 
"'$quote_font_start BEGIN'.fixblock('\\3',$quote).' END
$quote_font_end\n\n'",  $message);

WORKS:
                        $message=preg_replace("/((?<=(\n))|(?<=^))( 
*>(.*))(\n\n|$)/seU", 
"'$quote_font_start BEGIN'.fixblock(\"\\3\",$quote).' END
$quote_font_end\n\n'",  $message);

Expected result:
----------------
I'm not sure whether this is simply a documentation bug, 
but it's very weird behaviour! It is also a nasty one, 
because it can leave the database vulnerable. Thanks for 
your help. 


-- 
Edit bug report at http://bugs.php.net/?id=30698&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=30698&r=trysnapshot4
Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=30698&r=trysnapshot50
Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=30698&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=30698&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=30698&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=30698&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=30698&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=30698&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=30698&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=30698&r=notwrong
Not enough info:             http://bugs.php.net/fix.php?id=30698&r=notenoughinfo
Submitted twice:             http://bugs.php.net/fix.php?id=30698&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=30698&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=30698&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=30698&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=30698&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=30698&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=30698&r=float
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=30698&r=mysqlcfg

Reply via email to