|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2009-01-28 12:23 UTC] daniel at code-emitter dot com
Description:
------------
preg_quote does not escape the "-" (minus) character but it should.
Reproduce code:
---------------
preg_quote("0-9", '/')
Expected result:
----------------
preg_quote("0-9", '/') == "0\-9"
Actual result:
--------------
preg_quote("0-9", '/') == "0-9"
Depending on the used string this can become a dead loss of the used regular expression because all characters become valid.
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Feb 22 17:01:28 2025 UTC |
The '-' just have special meaning in the regex when used whithin '[ ]', which are escaped as expected. So, there is no possibility to '-' break something. var_dump(preg_quote("[0-2]")); // string(7) "\[0-2\]"preg_match('/^([a-zA-Z0-9\-'.preg_quote("!#$%&'*+/=?^_`{|}~.", '/').']{1,64})@(.*)$/', $address, $matches) But this will become a problem, when mixing like shown above. An escaped "-" outside of [...] does no harm, but an unescaped "-" inside does.preg_match('/^([a-zA-Z0-9'.preg_quote("!#$%&'*+-/=?^_`{|}~.", '/').']{1,64})@(.*)$/', $address, $matches) This will not work. I got this regexp from an example somewhere in the docs, so it seems that I'm not the only one who has built this into his application.