From: php at richardneill dot org Operating system: Linux PHP version: 4.3.9 PHP Bug Type: Feature/Change Request Bug description: preg_replace with /e does not escape single quotes as per documentation
Description: ------------ The documentation for preg_replace states that /e will cause it to add extra slashes to single and double quotes. This means that, if one has magic_quotes on, one must filter out the spurious new backslashes, using something like: $block=str_replace(array('\\\\\'','\\\\"'),array('\\\'','\\"'), $block); However, in fact, it appears that preg_replace is adding the backslashes to double quotes, but NOT to single quotes. There's also a useful comment here: http://uk2.php.net/manual/en/function.preg-replace.php steven -a-t- acko dot net 08-Feb-2004 05:45 Reproduce code: --------------- FAILS: $message=preg_replace("/((?<=(\n))|(?<=^))( *>(.*))(\n\n|$)/seU", "'$quote_font_start BEGIN'.fixblock('\\3',$quote).' END $quote_font_end\n\n'", $message); WORKS: $message=preg_replace("/((?<=(\n))|(?<=^))( *>(.*))(\n\n|$)/seU", "'$quote_font_start BEGIN'.fixblock(\"\\3\",$quote).' END $quote_font_end\n\n'", $message); Expected result: ---------------- I'm not sure whether this is simply a documentation bug, but it's very weird behaviour! It is also a nasty one, because it can leave the database vulnerable. Thanks for your help. -- Edit bug report at http://bugs.php.net/?id=30698&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=30698&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=30698&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=30698&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=30698&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=30698&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=30698&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=30698&r=needscript Try newer version: http://bugs.php.net/fix.php?id=30698&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=30698&r=support Expected behavior: http://bugs.php.net/fix.php?id=30698&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=30698&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=30698&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=30698&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=30698&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=30698&r=dst IIS Stability: http://bugs.php.net/fix.php?id=30698&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=30698&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=30698&r=float MySQL Configuration Error: http://bugs.php.net/fix.php?id=30698&r=mysqlcfg