php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #11236 addslashes() before preg_replace() gives parse error in regexp
Submitted: 2001-06-01 07:11 UTC Modified: 2001-08-06 13:09 UTC
From: john at vbulletin dot com Assigned:
Status: Closed Package: PCRE related
PHP Version: 4.0.5 OS: Linux
Private report: No CVE-ID: None
 [2001-06-01 07:11 UTC] john at vbulletin dot com
This issue seems to only affect PHP 4.0.5, not earlier versions, as far as I can tell.

The following code gives an error:

<?

$string="

[code]

EXEC sp_addlinkedserver 'TillDB', 'Access 2000', 'Microsoft.Jet.OLEDB.4.0', '\\till01\C\endx\data\ct.mdb'
EXEC sp_addlinkedsrvlogin 'TillDB', false, NULL, 'Admin', NULL
EXEC sp_dropserver 'TIllDB', 'droplogins'

[/code]

";

function stripbrsfromcode($str) {
  return ($str);
}

//$string=str_replace("'","\'",$string);
$string=addslashes($string);

echo $string;


$string=preg_replace("/(\[)(code)(])(\r\n)*(.*)(\[\/code\])/esiU","stripbrsfromcode('\\5')",$string);

echo $string;
?>

The error is as follows:
[code] EXEC sp_addlinkedserver \'TillDB\', \'Access 2000\', \'Microsoft.Jet.OLEDB.4.0\', \'\till01\C\endx\data\ct.mdb\' EXEC sp_addlinkedsrvlogin \'TillDB\', false, NULL, \'Admin\', NULL EXEC sp_dropserver \'TIllDB\', \'droplogins\' [/code] 
Parse error: parse error in /usr/local/apache/htdocs/test.php(24) : regexp code on line 5

Fatal error: Failed evaluating code: stripbrsfromcode(' EXEC sp_addlinkedserver \\\'TillDB\\\', \\\'Access 2000\\\', \\\'Microsoft.Jet.OLEDB.4.0\\\', \\\'\\till01\\C\\endx\\data\\ct.mdb\\\' EXEC sp_addlinkedsrvlogin \\\'TillDB\\\', false, NULL, \\\'Admin\\\', NULL EXEC sp_dropserver \\'TIllDB\\', \\'droplogins\\' ') in /usr/local/apache/htdocs/test.php on line 24


Let me know if you need other info. I have seen this problem on two independant configurations, so I am fairly sure it is not the server.

phpinfo here:
http://161.58.186.97/phpinfo.php

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-06-11 10:04 UTC] john at vbulletin dot com
Just an update -- this issue seems to be to do with having lots of single quotes (') in the string. It has also been an issue in strings other than the one shown in my first post.

6 quotes seems to be the limit of what it can handle.

John
 [2001-08-06 13:09 UTC] andrei@php.net
This works in latest CVS - try upgrading to 4.0.6 or later.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Mon Jun 24 11:01:26 2019 UTC