Skip to content

Commit f66ea6e

Browse files
SjonHortensiusSjonHortensius
committed
Ref #77388 - disallow passing BAD_ESCAPE_IS_LITERAL, esp by default
this option is considered dangerous and unwanted
1 parent a997a23 commit f66ea6e

File tree

4 files changed

+12
-24
lines changed

4 files changed

+12
-24
lines changed

NEWS

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,9 @@ PHP NEWS
2727
- mysqlnd:
2828
. Fixed #60594 (mysqlnd exposes 160 lines of stats in phpinfo). (PeeHaa)
2929

30+
- PCRE:
31+
. Remove X modifier and enable it by default. (sjon)
32+
3033
- PDO:
3134
. Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
3235
(camporter)

UPGRADING

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,11 @@ PHP 8.0 UPGRADE NOTES
145145
as a string instead of an ASCII codepoint. The previous behavior may be
146146
restored with an explicit call to chr().
147147

148+
- PCRE:
149+
. When passing invalid escape sequences they are no longer intepreted as
150+
literals. This behaviour previously required the X modifier - which has
151+
been removed as well.
152+
148153
- PDO:
149154
. The method PDOStatement::setFetchMode() now accepts the following signature:
150155

ext/pcre/php_pcre.c

Lines changed: 0 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,6 @@ struct _pcre_cache_entry {
5050
uint32_t capture_count;
5151
uint32_t name_count;
5252
uint32_t compile_options;
53-
uint32_t extra_compile_options;
5453
uint32_t refcount;
5554
};
5655

@@ -167,7 +166,6 @@ static void php_pcre_free(void *block, void *data)
167166
pefree(block, 1);
168167
}/*}}}*/
169168

170-
#define PHP_PCRE_DEFAULT_EXTRA_COPTIONS PCRE2_EXTRA_BAD_ESCAPE_IS_LITERAL
171169
#define PHP_PCRE_PREALLOC_MDATA_SIZE 32
172170

173171
static void php_pcre_init_pcre2(uint8_t jit)
@@ -188,12 +186,6 @@ static void php_pcre_init_pcre2(uint8_t jit)
188186
}
189187
}
190188

191-
/* XXX The 'X' modifier is the default behavior in PCRE2. This option is
192-
called dangerous in the manual, as typos in patterns can cause
193-
unexpected results. We might want to to switch to the default PCRE2
194-
behavior, too, thus causing a certain BC break. */
195-
pcre2_set_compile_extra_options(cctx, PHP_PCRE_DEFAULT_EXTRA_COPTIONS);
196-
197189
if (!mctx) {
198190
mctx = pcre2_match_context_create(gctx);
199191
if (!mctx) {
@@ -569,7 +561,6 @@ PHPAPI pcre_cache_entry* pcre_get_compiled_regex_cache(zend_string *regex)
569561
{
570562
pcre2_code *re = NULL;
571563
uint32_t coptions = 0;
572-
uint32_t extra_coptions = PHP_PCRE_DEFAULT_EXTRA_COPTIONS;
573564
PCRE2_UCHAR error[128];
574565
PCRE2_SIZE erroffset;
575566
int errnumber;
@@ -704,7 +695,6 @@ PHPAPI pcre_cache_entry* pcre_get_compiled_regex_cache(zend_string *regex)
704695
case 'D': coptions |= PCRE2_DOLLAR_ENDONLY;break;
705696
case 'S': /* Pass. */ break;
706697
case 'U': coptions |= PCRE2_UNGREEDY; break;
707-
case 'X': extra_coptions &= ~PCRE2_EXTRA_BAD_ESCAPE_IS_LITERAL; break;
708698
case 'u': coptions |= PCRE2_UTF;
709699
/* In PCRE, by default, \d, \D, \s, \S, \w, and \W recognize only ASCII
710700
characters, even in UTF-8 mode. However, this can be changed by setting
@@ -767,19 +757,9 @@ PHPAPI pcre_cache_entry* pcre_get_compiled_regex_cache(zend_string *regex)
767757
pcre2_set_character_tables(cctx, tables);
768758
}
769759

770-
/* Set extra options for the compile context. */
771-
if (PHP_PCRE_DEFAULT_EXTRA_COPTIONS != extra_coptions) {
772-
pcre2_set_compile_extra_options(cctx, extra_coptions);
773-
}
774-
775760
/* Compile pattern and display a warning if compilation failed. */
776761
re = pcre2_compile((PCRE2_SPTR)pattern, pattern_len, coptions, &errnumber, &erroffset, cctx);
777762

778-
/* Reset the compile context extra options to default. */
779-
if (PHP_PCRE_DEFAULT_EXTRA_COPTIONS != extra_coptions) {
780-
pcre2_set_compile_extra_options(cctx, PHP_PCRE_DEFAULT_EXTRA_COPTIONS);
781-
}
782-
783763
if (re == NULL) {
784764
if (key != regex) {
785765
zend_string_release_ex(key, 0);
@@ -823,7 +803,6 @@ PHPAPI pcre_cache_entry* pcre_get_compiled_regex_cache(zend_string *regex)
823803
new_entry.re = re;
824804
new_entry.preg_options = poptions;
825805
new_entry.compile_options = coptions;
826-
new_entry.extra_compile_options = extra_coptions;
827806
new_entry.refcount = 0;
828807

829808
rc = pcre2_pattern_info(re, PCRE2_INFO_CAPTURECOUNT, &new_entry.capture_count);

ext/pcre/tests/pcre_extra.phpt

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
--TEST--
2-
X (PCRE_EXTRA) modififer
2+
X (PCRE_EXTRA) modififier is no longer functional
33
--FILE--
44
<?php
55

@@ -8,7 +8,8 @@ var_dump(preg_match('/\y/X', '\y'));
88

99
?>
1010
--EXPECTF--
11-
int(1)
11+
Warning: preg_match(): Compilation failed: unrecognized character follows \ at offset 1 in %spcre_extra.php on line 3
12+
bool(false)
1213

13-
Warning: preg_match(): Compilation failed: unrecognized character follows \ at offset 1 in %spcre_extra.php on line 4
14+
Warning: preg_match(): Unknown modifier 'X' in %spcre_extra.php on line 4
1415
bool(false)

0 commit comments

Comments
 (0)