php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10626 escaping doesn't work in the replacement clause
Submitted: 2001-05-03 03:04 UTC Modified: 2001-05-04 07:15 UTC
From: hover at mi dot ru Assigned:
Status: Not a bug Package: PCRE related
PHP Version: 4.0.5 OS: FreeBSD 4.3
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: hover at mi dot ru
New email:
PHP Version: OS:

 

 [2001-05-03 03:04 UTC] hover at mi dot ru
The problem is that preg_replace() ignores escaping of $nn sequence in the replacement string.
<?
$str = preg_replace("/a/", "\$1000", "test ... a ... test");
echo $str;
?>

test ... 00 ... test 

-----------
#!/usr/local/bin/perl -w

$_ = "test ... a ... test";
s/a/\$1000/;
print;
-----------
test ... $1000 ... test

This feature leads to impossibility of passing strings like '$1000' via phplib template variables.

PHP 4.0.4pl1, 4.0.5

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-05-03 08:04 UTC] cynic@php.net
You escaped the $1000 on the PHP level, so literal $1000 was sent to PCRE, where $10 was interpreted as a backreference, and since there aren't 10 capturing subpatterns in the pattern, you get an empty string for $10, and the rest is taken as a literal string.

Send further questions to php-general@ (after you RTFM, of course).
 [2001-05-04 07:15 UTC] hover at mi dot ru
Thanks for educating me and sorry for waisting your time.
Though, phplib template.inc needs to be changed to work with such variables.

Something like this:

$tempvars = preg_replace("/\\$/", "\\\\\$", $this->varvals);

But it's a phplib's, not PHP thing. Thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Oct 12 01:01:27 2024 UTC