[Tickets #11943] Horde-Text-Filter use preg_replace with eval
noreply at bugs.horde.org
noreply at bugs.horde.org
Thu Jan 10 14:34:53 UTC 2013
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/11943
------------------------------------------------------------------------------
Ticket | 11943
Created By | remi at famillecollet.com
Summary | Horde-Text-Filter use preg_replace with eval
Queue | Horde Framework Packages
Version | Git master
Type | Enhancement
State | New
Priority | 1. Low
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
remi at famillecollet.com (2013-01-10 14:34) wrote:
Horde/Text/Filter/Emails.php and Horde/Text/Filter/Linkurls.php uses
preg_replace with /e modifier (PREG_REPLACE_EVAL)
From PHP documentation :
"Use of this modifier is discouraged, as it can easily introduce
security vulnerabilite"
"This feature has been DEPRECATED as of PHP 5.5.0. Relying on this
feature is highly discouraged"
So with PHP 5.5, Horde_Text_Filter test suite fails with
preg_replace(): The /e modifier is deprecated, use
preg_replace_callback instead
The attached patch use preg_replace_callback instead, with an
anonymous function (supported since php 5.3.0).
I understand than php 5.5 is not yet supported, but as this fix
doesn't change the requirement and is still compatible with previous
php version, I hope you will consider it.
remi at famillecollet.com (2013-01-10 14:34) uploaded:
Horde_Text_Filter-php55.patch
http://bugs.horde.org/h/services/download/?module=whups&actionID=download_file&file=Horde_Text_Filter-php55.patch&ticket=11943&fn=%2FHorde_Text_Filter-php55.patch
More information about the bugs
mailing list