ID: 38920 Updated by: [EMAIL PROTECTED] Reported By: jason at vancetech dot com -Status: Open +Status: Bogus Bug Type: PCRE related Operating System: FreeBSD 6.1 PHP Version: 4.4.4 New Comment:
Sorry, but your problem does not imply a bug in PHP itself. For a list of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php as this bug system is not the appropriate forum for asking support questions. Due to the volume of reports we can not explain in detail here why your report is not a bug. The support channels will be able to provide an explanation for you. Thank you for your interest in PHP. Previous Comments: ------------------------------------------------------------------------ [2006-09-22 08:13:34] jason at vancetech dot com Description: ------------ preg_replace allows backreferences from the replacement string which seems insecure. Parsing every replacement string is necessary when data comes from a tainted source. Perl handles this nicely by only allowing backreference's that are used directly in the replacement text and not contained in a {tainted} string. Reproduce code: --------------- $text = 'This item costs $0.99'; $html = '<b>%COST%No items%COST%</b>'; print preg_replace('/%COST%.*?%COST%/i', $text, $html); Expected result: ---------------- <b>This item costs $0.99</b> Actual result: -------------- This item costs %COST%No items%COST%.99 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=38920&edit=1