[pmwiki-users] Deprecated preg_replace() eval feature in PHP 5.5
Petko Yotov
5ko at 5ko.fr
Thu May 8 10:59:33 CDT 2014
Thanks for your message and code.
While I appreciate the benefits of automatic code rewriting, this one will
contain text from the page sources to be eval()'d by PHP and may potentially
open huge security holes.
I feel it is really less of a headache to just rewrite the Markup() calls of
your recipes.
If required, I'm willing to work on a way to let you use such a function as
a recipe instead of adding it into the core.
Petko
P.S. The SVN server should be up again soon. Meanwhile there is always the
latest code packed as a zip archive, see http://www.pmwiki.org/Subversion .
Martin Rüegg writes:
> i'm running v2.2.63 on phph 5.5 and had a lot of warnings in my php-log.
>
> so i extended the changes to respect the /e modifier in the pattern (as
> opposed the the is_callable() of the replacment).
>
> additionally the old "'$x'" are being replaced with "\$m[x]".
>
> here is the patch i used:
...
> unfortunately i was not able to check out or export the latest trunk form
> the subversion repository.
More information about the pmwiki-users
mailing list