PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Sessions With PHP4
Switching From VB to PHP
In Case You Missed It...The Week of October 31st, 2005
Mini Shopping Basket with only PHP4 Sessions
In Case You Missed It...The Week of August 15, 2005

[PHP-DEV] PHP 4.0 Bug #7749 Updated: addslashes wrong thing to do From: andrei <email protected>
Date: 11/15/00

Next message: joey <email protected>: "[PHP-DEV] PHP 4.0 Bug #7820 Updated: xmlFreeURI not found"
Previous message: the_noid <email protected>: "Re: [PHP-DEV] PHP 4.0 Bug #7830: How can I insert new records into a table?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ID: 7749
Updated by: andrei
Reported By: james+phpbug <email protected>
Status: Closed
Bug Type: PCRE related
Assigned To: andrei
Comments:

I believe these issues have been resolved in the latest CVS.

Previous Comments:
---------------------------------------------------------------------------

[2000-11-10 11:59:18] james+phpbug <email protected>
Minor fix to report: Rather than 2 become ^B as stated, it infact just remains 2, of course, in order to find out the value I mistakenly printed it in double-quotes so it became ^B.

---------------------------------------------------------------------------

[2000-11-10 11:53:43] james+phpbug <email protected>
Three bugs.

preg_replace:

$text = preg_replace('/(foo(bar)?) is a good word/',
'wibble', $text);

Simple enough. How about:

$text = preg_replace(/'(foo(bar)?) is a good word/e',
'(length('2')>0)?"wibble":"wobble"',
$text);

The first thing to note here is that the idea of substituting into the replacement string like this was a very bad idea, I would encourage you to phase this out in favour of $<num> replacement.

The two obvious things that PHP could get wrong with this form of substitution, PHP gets wrong :-)

Firstly - when 2 does not exist because there was no match, you should should get '', infact with PHP you get ^B, it seems you're simply looking for <nums> that created matches rather than all <nums.

Secondly - as a security-aware person, I immediate recognise the problems that '1' could cause. A quick look at the code reveals that (thankfully) some effort is being made to quote the inserted string (undocumentedly). However, the code in PHP uses addslashes() which was designed for database use and not internal PHP single-quote escaping. PHP's single-quotes only look for ' and \ and therefore the escaping of " to " and NULL to

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: joey <email protected>: "[PHP-DEV] PHP 4.0 Bug #7820 Updated: xmlFreeURI not found"
Previous message: the_noid <email protected>: "Re: [PHP-DEV] PHP 4.0 Bug #7830: How can I insert new records into a table?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]