Opened 3 years ago

Closed 3 years ago

#1827 closed Task (fixed)

Review use of preg_* functions on long strings

Reported by: vipsoft Owned by:
Priority: normal Milestone: Piwik 1.2
Component: Core Keywords:
Cc: Sensitive: no

Description

see: #1822

there may also be a security issue since there are reports that php code is exposed when a preg_* function fails internally; e.g., backtrack limit

also, differences in PCRE versions may lead to compatibility issues

Files to review:

  • core/AssetManager.php: preg_replace_callback()
  • ViewDataTable/GenerateGraphHTML.php: preg_match()
  • core/SmartyPlugins/outputfilter.cachebuster.php: preg_replace()
  • core/SmartyPlugins/outputfilter.ajaxcdn.php: preg_replace()
  • core/SmartyPlugins/modifier.stripeol.php: preg_replace()
  • libs/Smarty/plugins/outputfilter.trimwhitespace.php: preg_replace()

In some cases, preg_* functions can be replaced by faster str_* functions, e.g.,

  • plugins/SEO/RankChecker.php:

Change History (2)

comment:1 Changed 3 years ago by matt (mattab)

vote for closing this one?

comment:2 Changed 3 years ago by matt (mattab)

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.