php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #52962 preg_replace should allow all special characters to be escaped
Submitted: 2010-10-01 02:49 UTC Modified: 2010-10-01 03:15 UTC
From: rewilliams at crystaltech dot com Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 5.3.3 OS: Mac OS X 10.6
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: rewilliams at crystaltech dot com
New email:
PHP Version: OS:

 

 [2010-10-01 02:49 UTC] rewilliams at crystaltech dot com
Description:
------------
One can use preg_quote() to prep a string for use as the search string with 
preg_replace() and family. However, 
attempting to pass a string escaped by preg_quote() into preg_replace() as the 
replacement string does not work 
because all PCRE-special characters (such as '+') are escaped, but only '$' and 
'\' are unescaped by preg_replace(). 
IOW, this:

	$result = preg_replace("/bar/", '\\\\BAR\$\+', 'foo bar baz');

yields:

	foo \BAR$\+ baz

preg_replace() should treat all escaped characters equally so that one can 
simply call preg_quote() and be done with 
it. As it is now, one must do something like this:

	$safeReplacementString = str_replace(array('\\', '$'), array('\\\\', 
'\\$'), $replacementString);

to avoid problems. Not is that an ugly solution, but I strongly suspect that 
most code out there doesn't do it.

Expected result:
----------------
The preg_replace() family of functions should accept any escaped PCRE special 
character sequence in the replacement text and treat it like the literal 
equivalent. Thus, '\+' should be treated as the literal '+'.

Actual result:
--------------
Presently, the preg_replace() family of functions only accept escaped sequences 
for '\' and '$'. If other PCRE-special characters, such as '+' or '*', are passed 
into the replacement string, the escape sequences (e.g., '/+') are left intact in 
the output result.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-10-01 03:15 UTC] cataphract@php.net
-Status: Open +Status: Bogus
 [2010-10-01 03:15 UTC] cataphract@php.net
This doesn't make sense. The replacement string is not a regular expression, the only characters with special meaning are \ and $ because they introduce the placeholders. In your solution, you would just be forced to escape characters that don't need escaping at all.

In any case, definitely not a bug.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 00:01:30 2024 UTC