php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #11236 addslashes() before preg_replace() gives parse error in regexp
Submitted: 2001-06-01 07:11 UTC Modified: 2001-08-06 13:09 UTC
From: john at vbulletin dot com Assigned:
Status: Closed Package: PCRE related
PHP Version: 4.0.5 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: john at vbulletin dot com
New email:
PHP Version: OS:

 

 [2001-06-01 07:11 UTC] john at vbulletin dot com
This issue seems to only affect PHP 4.0.5, not earlier versions, as far as I can tell.

The following code gives an error:

<?

$string="

[code]

EXEC sp_addlinkedserver 'TillDB', 'Access 2000', 'Microsoft.Jet.OLEDB.4.0', '\\till01\C\endx\data\ct.mdb'
EXEC sp_addlinkedsrvlogin 'TillDB', false, NULL, 'Admin', NULL
EXEC sp_dropserver 'TIllDB', 'droplogins'

[/code]

";

function stripbrsfromcode($str) {
  return ($str);
}

//$string=str_replace("'","\'",$string);
$string=addslashes($string);

echo $string;


$string=preg_replace("/(\[)(code)(])(\r\n)*(.*)(\[\/code\])/esiU","stripbrsfromcode('\\5')",$string);

echo $string;
?>

The error is as follows:
[code] EXEC sp_addlinkedserver \'TillDB\', \'Access 2000\', \'Microsoft.Jet.OLEDB.4.0\', \'\till01\C\endx\data\ct.mdb\' EXEC sp_addlinkedsrvlogin \'TillDB\', false, NULL, \'Admin\', NULL EXEC sp_dropserver \'TIllDB\', \'droplogins\' [/code] 
Parse error: parse error in /usr/local/apache/htdocs/test.php(24) : regexp code on line 5

Fatal error: Failed evaluating code: stripbrsfromcode(' EXEC sp_addlinkedserver \\\'TillDB\\\', \\\'Access 2000\\\', \\\'Microsoft.Jet.OLEDB.4.0\\\', \\\'\\till01\\C\\endx\\data\\ct.mdb\\\' EXEC sp_addlinkedsrvlogin \\\'TillDB\\\', false, NULL, \\\'Admin\\\', NULL EXEC sp_dropserver \\'TIllDB\\', \\'droplogins\\' ') in /usr/local/apache/htdocs/test.php on line 24


Let me know if you need other info. I have seen this problem on two independant configurations, so I am fairly sure it is not the server.

phpinfo here:
http://161.58.186.97/phpinfo.php

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-06-11 10:04 UTC] john at vbulletin dot com
Just an update -- this issue seems to be to do with having lots of single quotes (') in the string. It has also been an issue in strings other than the one shown in my first post.

6 quotes seems to be the limit of what it can handle.

John
 [2001-08-06 13:09 UTC] andrei@php.net
This works in latest CVS - try upgrading to 4.0.6 or later.
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Wed Dec 12 16:01:26 2018 UTC