PHP :: Bug #26927 :: preg_quote and/or preg_match disrespect embedded null chars in strings

Bug #26927	preg_quote and/or preg_match disrespect embedded null chars in strings
Submitted:	2004-01-15 19:45 UTC	Modified:	2004-01-15 21:29 UTC
From:	ikindred at cox dot net	Assigned:
Status:	Closed	Package:	PCRE related
PHP Version:	4.3.4	OS:	FreeBSD 4.9
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	ikindred at cox dot net
New email:
PHP Version:		OS:

New/Additional Comment:

[2004-01-15 19:45 UTC] ikindred at cox dot net

Description:
------------
At first glance, either or both of the following are bugs:

1. preg_quote does not properly escape the null character (\000).

2. preg_match chokes on patterns containing unescaped null characters.

I personally want to think that preg_match should be able to handle patterns containing null characters.  However, according to Bug #16590, preg_match's behavior is a feature and not a bug - oh well.  (I also recognize that there may be legitimate performance reasons for disallowing null chars in patterns.)

I therefore claim that preg_quote is buggy should be fixed.  Please note that:

(a) preg_quote ("a\000b") returns "a\000b", so it is not like preg_quote is treating the \000 as an end-of-string character (which would result in "a" being returned).  preg_quote is just passing the \000 through without escaping it.

(b) As far as I can tell, there is no "preg_quote" function in the PCRE library (specifically, there is no function with "quote" as part of its name).  So, as far as I can tell, PHP cannot blame the PCRE for preg_quote's buggy behavior.

Many thanks!

Reproduce code:
---------------
<?php

$pattern = "/". preg_quote ("a\000b"). "/";
print "preg_match: ". preg_match ($pattern, "a\000b"). "\n";

?>


Expected result:
----------------
preg_match: 1


Actual result:
--------------
Warning: No ending delimiter '/' found in /<path>/test.php on line 4
preg_match:

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-01-15 21:29 UTC] iliaa@php.net

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 08:01:28 2024 UTC