troubleshooting Question

preg_match code injection?

Avatar of merwetta1
merwetta1 asked on
PHP
9 Comments1 Solution1279 ViewsLast Modified:
I have a little regex tool webpage I use to test regex as I'm creating it. It's been hidden on my site up until now, but I was thinking of adding a link to it. I'm wondering what the security risks are. Please take a look at the code below and let me know if/how it might potentially be abused.

I'm running PHP 4.3.10 on FreeBSD 4.8.

---------------------

<?php

echo '<html><body>';

if ($_POST['submit'])  display_result();
else display_form();

?>
</body>
</html>
<?

exit;

##functions

function display_form($msg = '')
{
      echo '<form action="'.$_SERVER['PHP_SELF'].'" method="post">';
?>
      <input type="text" name="regex" value="<? echo $_POST['regex']; ?>" size="40" maxlength="100"> regex string<br />
      <input type="text" name="test" value="<? echo $_POST['test']; ?>" size="20"> string to match<br />
      <input type="submit" name="submit" value="Submit" />
      </form>
<?

}


function display_result()
{
      extract($_POST);
      
      echo 'regex: '.$regex.'<br />';
      echo 'string: '.$test.'<br />';
      if (preg_match('/'.$regex.'/', $test, $matches))
      {
            echo 'the string was matched as follows<br /><pre>';
            print_r($matches);
            echo '</pre>';
      } else echo 'no match<br />';;
      echo '<br />';
      display_form('again?');
}

?>
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 9 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 9 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros