[pmwiki-devel] strange conversions: a FmtPageName bug

Patrick R. Michaud pmichaud at pobox.com
Sat Mar 8 20:33:29 CST 2008

On Sat, Mar 08, 2008 at 08:31:43PM -0600, Patrick R. Michaud wrote:
> On Sun, Mar 09, 2008 at 12:36:09AM +0000, Hans wrote:
> > Saturday, March 8, 2008, 11:58:35 PM, Hans wrote:
> > 
> > > A less aggressive and more precise replacement can be done instead
> > > with:
> > 
> > >   foreach($g as $k=>$v)
> > >         $fmt = preg_replace("/$k/",$v $fmt);
> > 
> > that does not do it. Perhaps this, which asks for a word boundary:
> > 
> >   foreach($g as $k => $v)
> >           $fmt = preg_replace( "/\\$k\\b/", $v, $fmt);
> PmWiki doesn't do this for performance reasons -- FmtPageName()
> is one of the most frequently called functions in the codebase,
> and it has to be as quick as possible.  In this case, str_replace()
> is a _lot_ quicker than doing multiple preg_replace() calls.
> Yes, the fact that globals "leak" into FmtPageName is a bit of
> a pain, but I'd rather find ways to avoid the leaks than to
> significantly slow down one of the most fundamental (and often called)
> parts of the code.

Also, as a general rule it's unwise to be calling FmtPageName()
on strings that are coming from page markup, as this exposes
the ability for people to view the values of variables that
perhaps they shouldn't see.  This is also why page variables
(which come from markup) use PageVar() and PageTextVar() and
don't go through FmtPageName().


More information about the pmwiki-devel mailing list