WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#8986 closed defect (bug) (fixed)

Regular expression syntax errors - missing preg pattern delimiters

Reported by: ridgerunner Owned by:
Milestone: 2.7.1 Priority: normal
Severity: normal Version: 2.7
Component: General Keywords: regex preg has-patch
Focuses: Cc:

Description

I am a regex guy looking into maybe using wp. While scanning your wp code (specifically the preg_*() calls), I found three typo's (i.e. regex pattern strings having unintended/missing delimiters) that you may wish to clean up. All three regexs are simple character classes that are not behaving as intended, because the opening and closing square brackets are unintentionally being stripped out as the pattern delimiters (i.e. the as-written preg_replace() pattern: '[class]' should instead be written as: '/[class]/', or '#[class]#', or '{[class]}', etc.).

file: wordpress-2.7\wp-includes\class-phpmailer.php
  line: 1412
  current:  $encoded = preg_replace("[\r\n]", '', $str);
  fixed:    $encoded = preg_replace("/[\r\n]/", '', $str);

file: wordpress-2.7\wp-includes\formatting.php
  line: 1773
  current:  $safe_tag = strtolower( preg_replace('[^a-zA-Z_:]', '', $tag_name) );
  fixed:    $safe_tag = strtolower( preg_replace('/[^a-zA-Z_:]/', '', $tag_name) );

file: wordpress-2.7\wp-includes\post-template.php
  line: 610
  current:  $r['exclude'] = preg_replace('[^0-9,]', '', $r['exclude']);
  fixed:    $r['exclude'] = preg_replace('/[^0-9,]/', '', $r['exclude']);

(Note: I hope I'm using the right bug posting protocol - please forgive me if I'm not - its my first time posting anything over here in wp-land. Also, I have not analyzed the code to evaluate the effects of any of these typos.)

Attachments (1)

fix_preg_replaces.diff (1.5 KB) - added by filosofo 5 years ago.

Download all attachments as: .zip

Change History (5)

comment:1 filosofo5 years ago

Good catch. It's amazing how things like this can slip by. I also grepped through the code for preg_replace_callback and preg_match_all instances, but didn't find any.

Note: I hope I'm using the right bug posting protocol - please forgive me if I'm not - its my first time posting anything over here in wp-land.

Usually you post an attached patch against the trunk version of WP, as I just did.

filosofo5 years ago

comment:2 filosofo5 years ago

  • Keywords has-patch added
  • Milestone changed from 2.8 to 2.7.1

comment:3 ryan5 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [10459]) Add missing preg delimiters. Props ridgerunner. fixes #8986 for trunk

comment:4 ryan5 years ago

(In [10460]) Add missing preg delimiters. Props ridgerunner. fixes #8986 for 2.7

Note: See TracTickets for help on using tickets.