I checked the database. Here is the raw entry causing this:
===
Yet another simple URL link maker. This one ignores any period at the end of the URL which is usually a good thing:
<?php
function MakeUrl($strUrl)
{
$strUrl = preg_replace("/(http(s)?:\\/\\/[^\\s\\n]*)\\b(\\/)?/i","<a
href=\\"\\\\0\\">\\\\0</a>",$strUrl);
return $strUrl;
}MakeUrl("Blah, blah, http://php.net/.";);// result: "Blah, blah, <a href="http://php.net/";>http://php.net/</a>." ?> ===
The problem here is that the syntax in the example is wrong yet we blindly call highlight_string() on it in layout.inc. We really should be doing a php_check_syntax() on it before attempting a highlight_string(). Since we can't really force every mirror to PHP5 at this point, we may have to hack it. Perhaps check the returned text for "local/Web/sites/phpweb/include/layout.inc" and if we see that string anywhere in the output just show the non-highlighted code.
-Rasmus
On Thu, 26 Aug 2004, Rasmus Lerdorf wrote:
Not really a security issue. Forwarding to the docs guys.
On Wed, 25 Aug 2004, NADAS Peter wrote:
hello,
i just found a bug on the main php.net website, i think it's in the code-highlighting
algorithm, check out this:
http://www.php.net/manual/en/function.preg-replace.php
down in the comments it says:
Warning: Unexpected character in input: '\' (ASCII=92) state=1 in /local/Web/sites/phpweb/include/layout.inc on line 21
i checked the hungarian mirror too, there is surely
a bug in that layout.inc file somewhere.
best regards,
Peter
