php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10626 escaping doesn't work in the replacement clause
Submitted: 2001-05-03 03:04 UTC Modified: 2001-05-04 07:15 UTC
From: hover at mi dot ru Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 4.0.5 OS: FreeBSD 4.3
Private report: No CVE-ID: None
 [2001-05-03 03:04 UTC] hover at mi dot ru
The problem is that preg_replace() ignores escaping of $nn sequence in the replacement string.
<?
$str = preg_replace("/a/", "\$1000", "test ... a ... test");
echo $str;
?>

test ... 00 ... test 

-----------
#!/usr/local/bin/perl -w

$_ = "test ... a ... test";
s/a/\$1000/;
print;
-----------
test ... $1000 ... test

This feature leads to impossibility of passing strings like '$1000' via phplib template variables.

PHP 4.0.4pl1, 4.0.5

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-05-03 08:04 UTC] cynic@php.net
You escaped the $1000 on the PHP level, so literal $1000 was sent to PCRE, where $10 was interpreted as a backreference, and since there aren't 10 capturing subpatterns in the pattern, you get an empty string for $10, and the rest is taken as a literal string.

Send further questions to php-general@ (after you RTFM, of course).
 [2001-05-04 07:15 UTC] hover at mi dot ru
Thanks for educating me and sorry for waisting your time.
Though, phplib template.inc needs to be changed to work with such variables.

Something like this:

$tempvars = preg_replace("/\\$/", "\\\\\$", $this->varvals);

But it's a phplib's, not PHP thing. Thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Oct 30 22:01:28 2024 UTC