?
Solved

Sanitizing user input to preg_replace / preg_replace_callback

Posted on 2008-10-27
3
Medium Priority
?
390 Views
Last Modified: 2012-05-05
preg_replace with /e modifier and preg_replace_callback with a callback from create_function input allow function calls well outside of what one would expect to be allowed for string replacement functions, such as unlink() system() etc.  Is there any good way of sanitizing this replacement pattern user input (disallowing non-string functions for example)?

I suspect the answer is no but I thought I would ask.
0
Comment
Question by:ddrudik
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 111

Accepted Solution

by:
Ray Paseur earned 2000 total points
ID: 22821351
Wow, honestly - I would NEVER go there with user input.  You would just be playing whack-a-mole, trying to smack down issue after issue.

Instead, you might want to consider using some pre-named and pre-canned callbacks.

My $0.02, ~Ray
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 22822842
@ddrudik: Good luck with your project, and thanks for the points! ~Ray
0
 
LVL 27

Author Comment

by:ddrudik
ID: 22822914
I decided it best not to accept preg_replace/e or preg_replace_callback user-supplied patterns.  Thanks.
0

Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question