#30698 [Opn->Fbk]: preg_replace with /e does not escape single quotes as per documentation

Wed, 10 Nov 2004 09:49:46 -0800 

 ID:               30698
 Updated by:       [EMAIL PROTECTED]
 Reported By:      php at richardneill dot org
-Status:           Open
+Status:           Feedback
 Bug Type:         PCRE related
 Operating System: Linux
 PHP Version:      4.3.9
 New Comment:

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try avoid embedding huge scripts into the report.

Btw, the example from docs works just fine for me.


Previous Comments:
------------------------------------------------------------------------

[2004-11-06 08:19:13] php at richardneill dot org

Sorry - that should have been filed as PCRE related 
Richard

------------------------------------------------------------------------

[2004-11-06 08:17:25] php at richardneill dot org

Description:
------------
The documentation for preg_replace states that /e  
will cause it to add extra slashes to single and double 
quotes. 
 
This means that, if one has magic_quotes on, one must 
filter out the spurious new backslashes, using something 
like:  
$block=str_replace(array('\\\\\'','\\\\"'),array('\\\'','\\"'),
$block);  
 
However, in fact, it appears that preg_replace is adding 
the backslashes to double quotes, but NOT to single 
quotes. 
 
There's also a useful comment here: 
http://uk2.php.net/manual/en/function.preg-replace.php 
steven -a-t- acko dot net  08-Feb-2004 05:45  

Reproduce code:
---------------
FAILS:

$message=preg_replace("/((?<=(\n))|(?<=^))( *>(.*))(\n\n|$)/seU", 
"'$quote_font_start BEGIN'.fixblock('\\3',$quote).' END
$quote_font_end\n\n'",  $message);

WORKS:
                        $message=preg_replace("/((?<=(\n))|(?<=^))( 
*>(.*))(\n\n|$)/seU", 
"'$quote_font_start BEGIN'.fixblock(\"\\3\",$quote).' END
$quote_font_end\n\n'",  $message);

Expected result:
----------------
I'm not sure whether this is simply a documentation bug, 
but it's very weird behaviour! It is also a nasty one, 
because it can leave the database vulnerable. Thanks for 
your help. 



------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=30698&edit=1

Reply via email to