PHP :: Bug #26927 :: preg_quote and/or preg_match disrespect embedded null chars in strings

Bug #26927	preg_quote and/or preg_match disrespect embedded null chars in strings
Submitted:	2004-01-15 19:45 UTC	Modified:	2004-01-15 21:29 UTC
From:	ikindred at cox dot net	Assigned:
Status:	Closed	Package:	PCRE related
PHP Version:	4.3.4	OS:	FreeBSD 4.9
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	ikindred at cox dot net
New email:
PHP Version:		OS:

New Comment:

[2004-01-15 19:45 UTC] ikindred at cox dot net

Description:
------------
At first glance, either or both of the following are bugs:

1. preg_quote does not properly escape the null character (\000).

2. preg_match chokes on patterns containing unescaped null characters.

I personally want to think that preg_match should be able to handle patterns containing null characters.  However, according to Bug #16590, preg_match's behavior is a feature and not a bug - oh well.  (I also recognize that there may be legitimate performance reasons for disallowing null chars in patterns.)

I therefore claim that preg_quote is buggy should be fixed.  Please note that:

(a) preg_quote ("a\000b") returns "a\000b", so it is not like preg_quote is treating the \000 as an end-of-string character (which would result in "a" being returned).  preg_quote is just passing the \000 through without escaping it.

(b) As far as I can tell, there is no "preg_quote" function in the PCRE library (specifically, there is no function with "quote" as part of its name).  So, as far as I can tell, PHP cannot blame the PCRE for preg_quote's buggy behavior.

Many thanks!

Reproduce code:
---------------
<?php

$pattern = "/". preg_quote ("a\000b"). "/";
print "preg_match: ". preg_match ($pattern, "a\000b"). "\n";

?>


Expected result:
----------------
preg_match: 1


Actual result:
--------------
Warning: No ending delimiter '/' found in /<path>/test.php on line 4
preg_match:

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-01-15 21:29 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 16:01:29 2024 UTC