Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Review use of preg_* functions on long strings #1827

Closed
robocoder opened this Issue · 1 comment

2 participants

@robocoder
Collaborator

see: #1822

there may also be a security issue since there are reports that php code is exposed when a preg_* function fails internally; e.g., backtrack limit

also, differences in PCRE versions may lead to compatibility issues

Files to review:

  • core/AssetManager.php: preg_replace_callback()
  • ViewDataTable/GenerateGraphHTML.php: preg_match()
  • core/SmartyPlugins/outputfilter.cachebuster.php: preg_replace()
  • core/SmartyPlugins/outputfilter.ajaxcdn.php: preg_replace()
  • core/SmartyPlugins/modifier.stripeol.php: preg_replace()
  • libs/Smarty/plugins/outputfilter.trimwhitespace.php: preg_replace()

In some cases, preg_* functions can be replaced by faster str_* functions, e.g.,

  • plugins/SEO/RankChecker.php:
@mattab
Owner

vote for closing this one?

@robocoder robocoder added this to the Piwik 1.2 milestone
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.