Ok, ugly hack applied. Just checking for "include/layout.inc</b>" since
the docroot may of course vary. Once this propogates to the mirrors the
problem should be gone.
-Rasmus
On Thu, 26 Aug 2004, Rasmus Lerdorf wrote:
I checked the database. Here is the raw entry causing this:
===
Yet another simple URL link maker. This one ignores any period at the end of
the URL which is usually a good thing:
<?php
function MakeUrl($strUrl)
{
$strUrl = preg_replace("/(http(s)?:\\/\\/[^\\s\\n]*)\\b(\\/)?/i","<a
href=\\"\\\\0\\">\\\\0</a>",$strUrl);
return $strUrl;
}
MakeUrl("Blah, blah, http://php.net/.";);
// result: "Blah, blah, <a href="http://php.net/";>http://php.net/</a>."
?>
===
The problem here is that the syntax in the example is wrong yet we blindly
call highlight_string() on it in layout.inc. We really should be doing a
php_check_syntax() on it before attempting a highlight_string(). Since we
can't really force every mirror to PHP5 at this point, we may have to hack
it. Perhaps check the returned text for
"local/Web/sites/phpweb/include/layout.inc" and if we see that string
anywhere in the output just show the non-highlighted code.
-Rasmus
On Thu, 26 Aug 2004, Rasmus Lerdorf wrote:
Not really a security issue. Forwarding to the docs guys.
On Wed, 25 Aug 2004, NADAS Peter wrote:
hello,
i just found a bug on the main php.net website, i think it's in the
code-highlighting
algorithm, check out this:
http://www.php.net/manual/en/function.preg-replace.php
down in the comments it says:
Warning: Unexpected character in input: '\' (ASCII=92) state=1 in
/local/Web/sites/phpweb/include/layout.inc on line 21
i checked the hungarian mirror too, there is surely
a bug in that layout.inc file somewhere.
best regards,
Peter
