The /e modifier for preg_replace() is now strongly discouraged by the security team, and it is not supported by Facebook Hiphop interpreter.

Let's get rid of it.

CommentFileSizeAuthor
#7 codefilter.fix_preg_replace_callback_usage_890622_06.patch1.42 KBrfay
#5 rfay_dell_Selection_101.png15.35 KBrfay
#1 890622-codefilter-preg-replace-e-d6.patch2.02 KBdamien tournoud
#1 890622-codefilter-preg-replace-e-head.patch2.77 KBdamien tournoud

Comments

damien tournoud’s picture

damien tournoud commented
Status: Active » Needs review
StatusFileSize
new 890622-codefilter-preg-replace-e-head.patch2.77 KB
new 890622-codefilter-preg-replace-e-d6.patch2.02 KB

Here are patches for both D6 and HEAD. Untested, because the module itself has no test cases.

gerhard killesreiter’s picture

gerhard killesreiter commented

The patch can be tested on driphop.drupal.org.

johnalbin’s picture

johnalbin
they/他
Primary language English
Location Taipei, Taiwan
commented
Status: Needs review » Fixed

Thanks, Damien!

http://drupal.org/cvs?commit=476448
http://drupal.org/cvs?commit=476452

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

rfay’s picture

rfay
he,him
Primary language English
Location Palisade, CO, USA
commented
Title: Remove the use of /e » Remove the use of /e (Completely broke Codefilter module in D6!)
Version: 7.x-1.x-dev » 6.x-1.x-dev
Priority: Normal » Critical
Status: Closed (fixed) » Needs work
StatusFileSize
new rfay_dell_Selection_101.png15.35 KB

Well... except that this completely breaks all of the functionality of codefilter module :-(

After this patch (48f177 in D6), all code is completely removed when you try to use codefilter in 6.x.

Marking critical, as it's absolutely and completely broken. D7 doesn't seem to be broken as badly (and not by this patch)

Example content:

Here is something in the codefilter:
<code>
$x = 1;
&lt;/code>

Here is something in the PHP filter
<?php
callsomething($here);
$x = 1;
?>

Results in D6 after commit 48f177:
rfay_dell_Selection_101.png

rfay’s picture

rfay
he,him
Primary language English
Location Palisade, CO, USA
commented
Status: Needs work » Needs review

I think this should fix it. The callbacks take arrays, and that just wasn't done here.

rfay’s picture

rfay
he,him
Primary language English
Location Palisade, CO, USA
commented
StatusFileSize
new codefilter.fix_preg_replace_callback_usage_890622_06.patch1.42 KB

I guess I should attach the patch

webchick’s picture

webchick
she/they
Primary language English
Location Vancouver 🇨🇦
commented
Status: Needs review » Reviewed & tested by the community

Yes please. I was looking into debugging #1322960: No support for PHP namespaces and started with the latest 6.x-1.x-dev release.

It turned this:


// Drupal 7:
function mymodule_query_alter(QueryAlterableInterface $query) {
  // ...
}

// Drupal 8:
use Drupal\Core\Database\Query\AlterableInterface;
// ...
function mymodule_query_alter(AlterableInterface $query) {
  // ...
}

Into:

Array

Patch fixes it.

damien tournoud’s picture

damien tournoud commented

(Thanks for fixing. I did specified "untested" back in #1.)

johnalbin’s picture

johnalbin
they/他
Primary language English
Location Taipei, Taiwan
commented
Status: Reviewed & tested by the community » Fixed

Thanks, Randy!

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.