Skip to content

Ref #77388 - disallow passing BAD_ESCAPE_IS_LITERAL, esp by default #4430

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

Ref #77388 - disallow passing BAD_ESCAPE_IS_LITERAL, esp by default #4430

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f66ea6e
Ref #77388 - disallow passing BAD_ESCAPE_IS_LITERAL, esp by default
SjonHortensius Jul 17, 2019
5e9ba51
allow for more graceful migration - don't err on now ignored X modifier
SjonHortensius Jul 17, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions NEWS
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,9 @@ PHP NEWS
- mysqlnd:
. Fixed #60594 (mysqlnd exposes 160 lines of stats in phpinfo). (PeeHaa)

- PCRE:
. Remove X modifier and enable it by default. (sjon)

- PDO:
. Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
(camporter)
Expand Down
5 changes: 5 additions & 0 deletions UPGRADING
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,11 @@ PHP 8.0 UPGRADE NOTES
as a string instead of an ASCII codepoint. The previous behavior may be
restored with an explicit call to chr().

- PCRE:
. When passing invalid escape sequences they are no longer intepreted as
literals. This behaviour previously required the X modifier - which is
now ignored.

- PDO:
. The method PDOStatement::setFetchMode() now accepts the following signature:

Expand Down
22 changes: 1 addition & 21 deletions ext/pcre/php_pcre.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,6 @@ struct _pcre_cache_entry {
uint32_t capture_count;
uint32_t name_count;
uint32_t compile_options;
uint32_t extra_compile_options;
uint32_t refcount;
};

Expand Down Expand Up @@ -167,7 +166,6 @@ static void php_pcre_free(void *block, void *data)
pefree(block, 1);
}/*}}}*/

#define PHP_PCRE_DEFAULT_EXTRA_COPTIONS PCRE2_EXTRA_BAD_ESCAPE_IS_LITERAL
#define PHP_PCRE_PREALLOC_MDATA_SIZE 32

static void php_pcre_init_pcre2(uint8_t jit)
Expand All @@ -188,12 +186,6 @@ static void php_pcre_init_pcre2(uint8_t jit)
}
}

/* XXX The 'X' modifier is the default behavior in PCRE2. This option is
called dangerous in the manual, as typos in patterns can cause
unexpected results. We might want to to switch to the default PCRE2
behavior, too, thus causing a certain BC break. */
pcre2_set_compile_extra_options(cctx, PHP_PCRE_DEFAULT_EXTRA_COPTIONS);

if (!mctx) {
mctx = pcre2_match_context_create(gctx);
if (!mctx) {
Expand Down Expand Up @@ -569,7 +561,6 @@ PHPAPI pcre_cache_entry* pcre_get_compiled_regex_cache(zend_string *regex)
{
pcre2_code *re = NULL;
uint32_t coptions = 0;
uint32_t extra_coptions = PHP_PCRE_DEFAULT_EXTRA_COPTIONS;
PCRE2_UCHAR error[128];
PCRE2_SIZE erroffset;
int errnumber;
Expand Down Expand Up @@ -703,8 +694,8 @@ PHPAPI pcre_cache_entry* pcre_get_compiled_regex_cache(zend_string *regex)
case 'A': coptions |= PCRE2_ANCHORED; break;
case 'D': coptions |= PCRE2_DOLLAR_ENDONLY;break;
case 'S': /* Pass. */ break;
case 'X': /* Pass. */ break;
case 'U': coptions |= PCRE2_UNGREEDY; break;
case 'X': extra_coptions &= ~PCRE2_EXTRA_BAD_ESCAPE_IS_LITERAL; break;
case 'u': coptions |= PCRE2_UTF;
/* In PCRE, by default, \d, \D, \s, \S, \w, and \W recognize only ASCII
characters, even in UTF-8 mode. However, this can be changed by setting
Expand Down Expand Up @@ -767,19 +758,9 @@ PHPAPI pcre_cache_entry* pcre_get_compiled_regex_cache(zend_string *regex)
pcre2_set_character_tables(cctx, tables);
}

/* Set extra options for the compile context. */
if (PHP_PCRE_DEFAULT_EXTRA_COPTIONS != extra_coptions) {
pcre2_set_compile_extra_options(cctx, extra_coptions);
}

/* Compile pattern and display a warning if compilation failed. */
re = pcre2_compile((PCRE2_SPTR)pattern, pattern_len, coptions, &errnumber, &erroffset, cctx);

/* Reset the compile context extra options to default. */
if (PHP_PCRE_DEFAULT_EXTRA_COPTIONS != extra_coptions) {
pcre2_set_compile_extra_options(cctx, PHP_PCRE_DEFAULT_EXTRA_COPTIONS);
}

if (re == NULL) {
if (key != regex) {
zend_string_release_ex(key, 0);
Expand Down Expand Up @@ -823,7 +804,6 @@ PHPAPI pcre_cache_entry* pcre_get_compiled_regex_cache(zend_string *regex)
new_entry.re = re;
new_entry.preg_options = poptions;
new_entry.compile_options = coptions;
new_entry.extra_compile_options = extra_coptions;
new_entry.refcount = 0;

rc = pcre2_pattern_info(re, PCRE2_INFO_CAPTURECOUNT, &new_entry.capture_count);
Expand Down
5 changes: 3 additions & 2 deletions ext/pcre/tests/pcre_extra.phpt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
--TEST--
X (PCRE_EXTRA) modififer
X (PCRE_EXTRA) modififier is ignored (no error, no change)
--FILE--
<?php

Expand All @@ -8,7 +8,8 @@ var_dump(preg_match('/\y/X', '\y'));

?>
--EXPECTF--
int(1)
Warning: preg_match(): Compilation failed: unrecognized character follows \ at offset 1 in %spcre_extra.php on line 3
bool(false)

Warning: preg_match(): Compilation failed: unrecognized character follows \ at offset 1 in %spcre_extra.php on line 4
bool(false)