Solved

Sanitizing user input to preg_replace / preg_replace_callback

Posted on 2008-10-27
3
371 Views
Last Modified: 2012-05-05
preg_replace with /e modifier and preg_replace_callback with a callback from create_function input allow function calls well outside of what one would expect to be allowed for string replacement functions, such as unlink() system() etc.  Is there any good way of sanitizing this replacement pattern user input (disallowing non-string functions for example)?

I suspect the answer is no but I thought I would ask.
0
Comment
Question by:ddrudik
  • 2
3 Comments
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 22821351
Wow, honestly - I would NEVER go there with user input.  You would just be playing whack-a-mole, trying to smack down issue after issue.

Instead, you might want to consider using some pre-named and pre-canned callbacks.

My $0.02, ~Ray
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 22822842
@ddrudik: Good luck with your project, and thanks for the points! ~Ray
0
 
LVL 27

Author Comment

by:ddrudik
ID: 22822914
I decided it best not to accept preg_replace/e or preg_replace_callback user-supplied patterns.  Thanks.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question