[pmwiki-devel] preg_replace /e depreciated in php 5.5

[Petko Yotov]

Rich writes:
> Using latest release (pmwiki-2.2.54) and even with the ignore statement I
> continue to get this error with PHP 5.5.1.  Any progress or suggestions?

On some hostings it is possible to select a different PHP version.

We have set the error_reporting() statement according to the available PHP  
documentation. If you still get the warnings, they may come from something  
else on the server like Suhosin or mod_security, before even the PHP  
interpreter gets to read the pmwiki.php file.

Any suggestions about what could be done will be welcome.

The proposed solution on php.net, using preg_replace_callback() instead of  
preg_replace(), cannot be applied easily, because
- anonymous inline replace functions are not available before PHP5
- with external replace functions the variable scope is not the same and it  
just cannot work with PHP 4
- the core code base will quadruple in size and:
  - will lose its current elegance, terseness and readability
  - will be much more prone to have bugs and will be harder to debug
- almost all recipes will need to be rewritten

I don't have the potential to do all this right now... Even if I had the  
free time to do it, I would hesitate before desecrating Pm's work. :-)

There is a reason for the deprecation of the preg_replace feature:  
carelessly written scripts may have security risks. But we have always tried  
as hard as we could to properly sanitize user input. We are not aware of any  
way for the feature to be exploited with the PmWiki core.

Also, the feature is deprecated in PHP 5.5, but not removed, and probably  
will not be removed any time soon. What should we do?

Petko