ID: 30698
User updated by: php at richardneill dot org
Reported By: php at richardneill dot org
Status: Open
-Bug Type: Feature/Change Request
+Bug Type: PCRE related
Operating System: Linux
PHP Version: 4.3.9
New Comment:
Sorry - that should have been filed as PCRE related
Richard
Previous Comments:
------------------------------------------------------------------------
[2004-11-06 08:17:25] php at richardneill dot org
Description:
------------
The documentation for preg_replace states that /e
will cause it to add extra slashes to single and double
quotes.
This means that, if one has magic_quotes on, one must
filter out the spurious new backslashes, using something
like:
$block=str_replace(array('\\\\\'','\\\\"'),array('\\\'','\\"'),
$block);
However, in fact, it appears that preg_replace is adding
the backslashes to double quotes, but NOT to single
quotes.
There's also a useful comment here:
http://uk2.php.net/manual/en/function.preg-replace.php
steven -a-t- acko dot net 08-Feb-2004 05:45
Reproduce code:
---------------
FAILS:
$message=preg_replace("/((?<=(\n))|(?<=^))( *>(.*))(\n\n|$)/seU",
"'$quote_font_start BEGIN'.fixblock('\\3',$quote).' END
$quote_font_end\n\n'", $message);
WORKS:
$message=preg_replace("/((?<=(\n))|(?<=^))(
*>(.*))(\n\n|$)/seU",
"'$quote_font_start BEGIN'.fixblock(\"\\3\",$quote).' END
$quote_font_end\n\n'", $message);
Expected result:
----------------
I'm not sure whether this is simply a documentation bug,
but it's very weird behaviour! It is also a nasty one,
because it can leave the database vulnerable. Thanks for
your help.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=30698&edit=1
