[Wikidata-bugs] [Maniphest] [Commented On] T214378: Check simple format constraints (no grouping) in PHP instead of SPARQL

sbassett added a comment. @RazShuty @Addshore @Lucas_Werkmeister_WMDE - Sorry for the (very) delayed response here. Due to a healthy amount of organizational shift, the #security-team is just now getting our Phab works boards in order

[Wikidata-bugs] [Maniphest] [Commented On] T214378: Check simple format constraints (no grouping) in PHP instead of SPARQL

Ladsgroup added a comment. I recommend reaching out to security people and ask their opinion on this.TASK DETAILhttps://phabricator.wikimedia.org/T214378EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: LadsgroupCc: Ladsgroup, Aklapper, Lucas_Werkmeister_WMDE,

[Wikidata-bugs] [Maniphest] [Commented On] T214378: Check simple format constraints (no grouping) in PHP instead of SPARQL

Lucas_Werkmeister_WMDE added a comment. Well, we can’t do that, we want the user input to be interpreted as a regex, not literally… (though we will have to escape the delimiter)TASK DETAILhttps://phabricator.wikimedia.org/T214378EMAIL

[Wikidata-bugs] [Maniphest] [Commented On] T214378: Check simple format constraints (no grouping) in PHP instead of SPARQL

Ladsgroup added a comment. The only thing I can think of is security issue with preg_match. Security_checklist_for_developers says: anything external that is used in part of regex should be escaped with preg_quote( $externalStr, $delimiter ). It puts a backslash in front of every character that