Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implement #77726: Allow null character in regex patterns
In 8b3c1a3, this was disallowed to fix #55856, which was a security issue caused by the /e modifier. The fix that was made was the "Easier fix" as described in the original report. With this fix, pattern strings are no longer treated as null terminated, so null characters can be placed inside and matched against with regex patterns without security problems, so there is no longer a reason to give the error. Allowing this is consistent with the behaviour of many other languages, including JavaScript, and thanks to PCRE2[0], it does not require manually escaping null characters. Now that we can avoid the error here without the cost of escaping characters, there is really no need anymore to stray here from the conventional behaviour. Currently, null characters are still disallowed before the first delimiter and in the options section at the end of a regex string, but these error messages have been updated. [0] Since PCRE2, pattern strings no longer have to be null terminated, and raw null characters match as normal. Closes GH-8114.
- Loading branch information
Showing
14 changed files
with
170 additions
and
57 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
--TEST-- | ||
preg_replace_callback_array() errors | ||
--FILE-- | ||
<?php | ||
|
||
function b() { | ||
return "b"; | ||
} | ||
|
||
// empty strings | ||
|
||
var_dump(preg_replace_callback_array( | ||
array( | ||
"/a/" => 'b', | ||
"" => function () { return "ok"; }), 'a')); | ||
|
||
var_dump(preg_replace_callback_array( | ||
array( | ||
"/a/" => 'b', | ||
null => function () { return "ok"; }), 'a')); | ||
|
||
// backslashes | ||
|
||
var_dump(preg_replace_callback_array( | ||
array( | ||
"/a/" => 'b', | ||
"\\b\\" => function () { return "ok"; }), 'a')); | ||
|
||
// alphanumeric delimiters | ||
|
||
var_dump(preg_replace_callback_array( | ||
array( | ||
"/a/" => 'b', | ||
"aba" => function () { return "ok"; }), 'a')); | ||
|
||
var_dump(preg_replace_callback_array( | ||
array( | ||
"/a/" => 'b', | ||
"1b1" => function () { return "ok"; }), 'a')); | ||
|
||
// null character delimiter | ||
|
||
var_dump(preg_replace_callback_array( | ||
array( | ||
"/a/" => 'b', | ||
"\0b\0" => function () { return "ok"; }), 'a')); | ||
|
||
?> | ||
--EXPECTF-- | ||
Warning: preg_replace_callback_array(): Empty regular expression in %spreg_replace_callback_array_error.php on line 12 | ||
NULL | ||
|
||
Warning: preg_replace_callback_array(): Empty regular expression in %spreg_replace_callback_array_error.php on line 17 | ||
NULL | ||
|
||
Warning: preg_replace_callback_array(): Delimiter must not be alphanumeric, backslash, or NUL in %spreg_replace_callback_array_error.php on line 24 | ||
NULL | ||
|
||
Warning: preg_replace_callback_array(): Delimiter must not be alphanumeric, backslash, or NUL in %spreg_replace_callback_array_error.php on line 31 | ||
NULL | ||
|
||
Warning: preg_replace_callback_array(): Delimiter must not be alphanumeric, backslash, or NUL in %spreg_replace_callback_array_error.php on line 36 | ||
NULL | ||
|
||
Warning: preg_replace_callback_array(): Delimiter must not be alphanumeric, backslash, or NUL in %spreg_replace_callback_array_error.php on line 43 | ||
NULL |
21 changes: 21 additions & 0 deletions
21
ext/pcre/tests/preg_replace_callback_array_fatal_error.phpt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
--TEST-- | ||
preg_replace_callback_array() invalid callable | ||
--FILE-- | ||
<?php | ||
|
||
function b() { | ||
return "b"; | ||
} | ||
|
||
// invalid callable | ||
var_dump(preg_replace_callback_array( | ||
array( | ||
"/a/" => 'b', | ||
"/b/" => 'invalid callable'), 'a')); | ||
|
||
--EXPECTF-- | ||
Fatal error: Uncaught TypeError: preg_replace_callback_array(): Argument #1 ($pattern) must contain only valid callbacks in %spreg_replace_callback_array_fatal_error.php:11 | ||
Stack trace: | ||
#0 %spreg_replace_callback_array_fatal_error.php(11): preg_replace_callback_array(Array, 'a') | ||
#1 {main} | ||
thrown in %spreg_replace_callback_array_fatal_error.php on line 11 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.