Permalink
Browse files

[Security] preg_quote() does not quote # control character

Summary: Applies the patch from PHP bug #75355.

Reviewed By: alexeyt

Differential Revision: D6681530

fbshipit-source-id: 312bccd8929271edc848a3fa386b3688ea838352
  • Loading branch information...
jano authored and fredemmott committed Jan 9, 2018
1 parent b0c2d01 commit 0b9e2f89da2b2d3270b6958731a3140a9845f22d
@@ -2013,6 +2013,7 @@ String preg_quote(const String& str,
case '[': case '^': case ']': case '$': case '(':
case ')': case '{': case '}': case '=': case '!':
case '>': case '<': case '|': case ':': case '-':
case '#':
*q++ = '\\';
*q++ = c;
break;
@@ -0,0 +1,8 @@
<?php
var_dump(preg_quote('#'));
var_dump(preg_match('~^(' . preg_quote('hello#world', '~') . ')\z~x', 'hello#world', $m));
var_dump($m[1]);
?>
@@ -0,0 +1,3 @@
string(2) "\#"
int(1)
string(11) "hello#world"

0 comments on commit 0b9e2f8

Please sign in to comment.