- Timestamp:
- May 4, 2020 2:25:31 AM (4 years ago)
- Location:
- trunk/lib
- Files:
-
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/App.inc.php
r720 r724 225 225 // WP forcefully adds slashes to all input despite the setting of magic_quotes_gpc. 226 226 'always_dispel_magicquotes' => false, 227 228 // The /u pattern modifier should only be used on UTF-8 strings. This value will be changed to `u` if character_set = `utf-8`. 229 // Use the unicode modifier like this: preg_replace('/[^0-9]/' . $app->getParam('preg_u'), '', $str); 230 'preg_u' => '', 227 231 ); 228 232 … … 376 380 switch (mb_strtolower($this->getParam('character_set'))) { 377 381 case 'utf-8' : 382 $this->setParam(['preg_u' => 'u']); 378 383 mb_language('uni'); 379 384 break; … … 537 542 538 543 // To get a safe hostname, remove port and invalid hostname characters. 539 $safe_http_host = preg_replace('/[^a-z\d.:-]/ u', '', strtok(getenv('HTTP_HOST'), ':')); // FIXME: strtok shouldn't be used if there is a chance HTTP_HOST may be empty except for the port, e.g., `:80` will return `80`544 $safe_http_host = preg_replace('/[^a-z\d.:-]/' . $this->getParam('preg_u'), '', strtok(getenv('HTTP_HOST'), ':')); // FIXME: strtok shouldn't be used if there is a chance HTTP_HOST may be empty except for the port, e.g., `:80` will return `80` 540 545 // If strtok() matched a ':' in the previous line, the rest of the string contains the port number (or FALSE) 541 $safe_http_port = preg_replace('/[^0-9]/ u', '', strtok(''));546 $safe_http_port = preg_replace('/[^0-9]/' . $this->getParam('preg_u'), '', strtok('')); 542 547 if ('' != $safe_http_host && '' == $this->getParam('site_hostname')) { 543 548 $this->setParam(array('site_hostname' => $safe_http_host)); … … 1190 1195 $query_args = urlEncodeArray(array_merge($this->_carry_queries, $one_time_carry_queries)); 1191 1196 foreach ($query_args as $key=>$val) { 1197 1192 1198 // Avoid indexed-array query params because in a URL array param keys should all match. 1193 1199 // I.e, we want to use `array[]=A&array[]=B` instead of `array[0]=A&array[1]=B`. 1194 $key = preg_replace('/\[\d+\]$/u', '[]', $key); 1200 // This is disabled because sometimes we need to retain a numeric array key, e.g., ?metadata_id[54]=on. Can't remember where having indexed-array queries was a problem, hopefully this was only added as an aesthetic feature? 1201 // $key = preg_replace('/\[\d+\]$/' . $this->getParam('preg_u'), '[]', $key); 1202 1195 1203 // Check value is set and value does not already exist in the url. 1196 1204 if (!preg_match('/[?&]' . preg_quote($key) . '=/', $url)) { … … 1261 1269 1262 1270 // Replace any & not followed by an html or unicode entity with its & equivalent. 1263 $url = preg_replace('/&(?![\w\d#]{1,10};)/ u', '&', $url);1271 $url = preg_replace('/&(?![\w\d#]{1,10};)/' . $this->getParam('preg_u'), '&', $url); 1264 1272 1265 1273 return $url; … … 1577 1585 if ('' != $url && is_string($url)) { 1578 1586 // Delete any boomerang request keys in the query string (along with any trailing delimiters after the deletion). 1579 $url = preg_replace(array('/([&?])boomerang=[^&?]+[&?]?/ u', '/[&?]$/'), array('$1', ''), $url);1587 $url = preg_replace(array('/([&?])boomerang=[^&?]+[&?]?/' . $this->getParam('preg_u'), '/[&?]$/'), array('$1', ''), $url); 1580 1588 1581 1589 if (isset($_SESSION['_app'][$this->_ns]['boomerang']) && is_array($_SESSION['_app'][$this->_ns]['boomerang']) && !empty($_SESSION['_app'][$this->_ns]['boomerang'])) { -
trunk/lib/CSS.inc.php
r696 r724 182 182 // Strip whitespace and print file. 183 183 echo preg_replace( 184 array('!/\*.*?\*/!s u', '/[\n\r]+/u', '/([;:])\s+/mu', '/\s*}[ \t]*/u', '/\s*{\s*/u', '/[ \t\n\r]*,[ \t\n\r]*/u', '/^\s+/u'),184 array('!/\*.*?\*/!s' . $app->getParam('preg_u'), '/[\n\r]+/' . $app->getParam('preg_u'), '/([;:])\s+/m' . $app->getParam('preg_u'), '/\s*}[ \t]*/' . $app->getParam('preg_u'), '/\s*{\s*/' . $app->getParam('preg_u'), '/[ \t\n\r]*,[ \t\n\r]*/' . $app->getParam('preg_u'), '/^\s+/' . $app->getParam('preg_u')), 185 185 array('', "\n", '$1', '}', '{', ',', ''), file_get_contents($file, true) 186 186 ); -
trunk/lib/DB.inc.php
r721 r724 180 180 if (!$this->dbh || mysql_error($this->dbh)) { 181 181 $mysql_error_msg = $this->dbh ? 'Codebase MySQL connect error: (' . mysql_errno($this->dbh) . ') ' . mysql_error($this->dbh) : sprintf('Codebase MySQL connect error: Could not connect to server (db_server=%s, db_name=%s, db_user=%s, db_pass=%s)', $this->getParam('db_server'), $this->getParam('db_name'), $this->getParam('db_user'), ('' == $this->getParam('db_pass') ? 'NO' : 'YES')); 182 $app->logMsg($mysql_error_msg, LOG_E MERG, __FILE__, __LINE__);182 $app->logMsg($mysql_error_msg, LOG_ERR, __FILE__, __LINE__); 183 183 184 184 // Print helpful or pretty error? … … 346 346 $this->_query_count++; 347 347 348 $debugqry = preg_replace( "/\n[\t ]+/u", "\n", $query);348 $debugqry = preg_replace('/\n[\t ]+/' . $app->getParam('preg_u'), "\n", $query); 349 349 if ($this->getParam('db_always_debug') || $debug) { 350 350 if ($debug > 1) { -
trunk/lib/Email.inc.php
r696 r724 102 102 public function __construct($params=null) 103 103 { 104 $app =& App::getInstance(); 105 104 106 // The regex used in validEmail(). Set here instead of in the default _params above so we can use the concatenation . dot. 105 107 // This matches a (valid) email address as complex as: … … 118 120 . '(?:\s*>\s*|>\s+\([^,@]+\)\s*)' // TRUE, ensure ending > 119 121 . '|' 120 . '(?:|\s*|\s+\([^,@]+\)\s*))$/i u'));// FALSE ensure there is no ending >122 . '(?:|\s*|\s+\([^,@]+\)\s*))$/i' . $app->getParam('preg_u'))); // FALSE ensure there is no ending > 121 123 122 124 if (isset($params)) { … … 396 398 $envelope_sender_address = sprintf('<%s>', trim($this->_params['envelope_sender_address'], '<>')); 397 399 } else { 398 $envelope_sender_address = preg_replace('/^.*<?([^\s@\[\]<>()]+\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5})>?$/iU u', '$1', $this->_params['from']);400 $envelope_sender_address = preg_replace('/^.*<?([^\s@\[\]<>()]+\@[A-Za-z0-9.-]{1,}\.[A-Za-z]{2,5})>?$/iU' . $app->getParam('preg_u'), '$1', $this->_params['from']); 399 401 } 400 402 if ('' != $envelope_sender_address && $this->validEmail($envelope_sender_address)) { -
trunk/lib/JS.inc.php
r696 r724 182 182 // Strip whitespace and print file. 183 183 echo preg_replace( 184 array('/(?<=^|;|{)\s*\/\/.*$/m u', '/(?<=^|;|{)\s*\/\*.*?\*\//msu', '/[\n\r]+/u', '/[ \t]+}[ \t]+/u', '/[ \t]+{[ \t]+/u', '/\s+=\s+/u', '/^[ \t]+/mu', '/[ \t]+$/mu'),184 array('/(?<=^|;|{)\s*\/\/.*$/m' . $app->getParam('preg_u'), '/(?<=^|;|{)\s*\/\*.*?\*\//ms' . $app->getParam('preg_u'), '/[\n\r]+/' . $app->getParam('preg_u'), '/[ \t]+}[ \t]+/' . $app->getParam('preg_u'), '/[ \t]+{[ \t]+/' . $app->getParam('preg_u'), '/\s+=\s+/' . $app->getParam('preg_u'), '/^[ \t]+/m' . $app->getParam('preg_u'), '/[ \t]+$/m' . $app->getParam('preg_u')), 185 185 array('', '', "\n", '}', '{', '=', '', ''), file_get_contents($file, true) 186 186 ); -
trunk/lib/PDO.inc.php
r719 r724 379 379 $this->_query_count++; 380 380 381 $debugqry = preg_replace( "/\n[\t ]+/u", "\n", $query);381 $debugqry = preg_replace('/\n[\t ]+/' . $app->getParam('preg_u'), "\n", $query); 382 382 if ($this->getParam('db_always_debug') || $debug) { 383 383 if ($debug > 1) { … … 435 435 $this->_query_count++; 436 436 437 $debugqry = preg_replace( "/\n[\t ]+/u", "\n", $query);437 $debugqry = preg_replace('/\n[\t ]+/' . $app->getParam('preg_u'), "\n", $query); 438 438 if ($this->getParam('db_always_debug')) { 439 439 echo "<!-- ----------------- PDO prepare $this->_query_count ---------------------\n$debugqry\n-->\n"; … … 507 507 static function sanitizeIdentifier($idname) 508 508 { 509 return preg_replace('/\W/u', '', $idname); 509 $app =& App::getInstance(); 510 511 return preg_replace('/\W/' . $app->getParam('preg_u'), '', $idname); 510 512 } 511 513 -
trunk/lib/Upload.inc.php
r595 r724 516 516 517 517 $file_name = preg_replace(array( 518 '/&([a-z]{1,2})(?:acute|cedil|circ|grave|lig|orn|ring|slash|th|tilde|uml|caron);/ ui',519 '/&(?:amp);/ ui',520 '/[&;]+/ u',521 '/[^a-zA-Z0-9()@._=+-]+/ u',522 '/^_+|_+$/ u'518 '/&([a-z]{1,2})(?:acute|cedil|circ|grave|lig|orn|ring|slash|th|tilde|uml|caron);/i' . $app->getParam('preg_u'), 519 '/&(?:amp);/i' . $app->getParam('preg_u'), 520 '/[&;]+/' . $app->getParam('preg_u'), 521 '/[^a-zA-Z0-9()@._=+-]+/' . $app->getParam('preg_u'), 522 '/^_+|_+$/' . $app->getParam('preg_u') 523 523 ), array( 524 524 '$1', -
trunk/lib/Utilities.inc.php
r723 r724 118 118 function getDump($var, $serialize=false) 119 119 { 120 $app =& App::getInstance(); 121 120 122 ob_start(); 121 123 print_r($var); 122 124 $d = ob_get_contents(); 123 125 ob_end_clean(); 124 return $serialize ? preg_replace('/\s+/m u', ' ', $d) : $d;126 return $serialize ? preg_replace('/\s+/m' . $app->getParam('preg_u'), ' ', $d) : $d; 125 127 } 126 128 … … 140 142 function fancyDump($var, $indent='- ', $depth=1) 141 143 { 144 $app =& App::getInstance(); 145 142 146 $indent_str = str_repeat($indent, $depth); 143 147 $output = ''; … … 154 158 $output .= sprintf("%s%s\n", $indent_str, $var); 155 159 } 156 return preg_replace(['/^[ \t]+$/ u', '/\n\n+/u', '/^(?:\S( ))?(?:\S( ))?(?:\S( ))?(?:\S( ))?(?:\S( ))?(?:\S( ))?(?:\S( ))?(?:\S( ))?(\S )/mu'], ['', "\n", '$1$1$2$2$3$3$4$4$5$5$6$6$7$7$8$8$9'], $output);160 return preg_replace(['/^[ \t]+$/' . $app->getParam('preg_u'), '/\n\n+/' . $app->getParam('preg_u'), '/^(?:\S( ))?(?:\S( ))?(?:\S( ))?(?:\S( ))?(?:\S( ))?(?:\S( ))?(?:\S( ))?(?:\S( ))?(\S )/m' . $app->getParam('preg_u')], ['', "\n", '$1$1$2$2$3$3$4$4$5$5$6$6$7$7$8$8$9'], $output); 157 161 } 158 162 … … 330 334 function highlightWords($text, $search, $class='sc-highlightwords') 331 335 { 336 $app =& App::getInstance(); 337 332 338 $words = preg_split('/[^\w]/', $search, -1, PREG_SPLIT_NO_EMPTY); 333 339 … … 337 343 foreach ($words as $w) { 338 344 if ('' != trim($w)) { 339 $search[] = '/\b(' . preg_quote($w) . ')\b/i u';345 $search[] = '/\b(' . preg_quote($w) . ')\b/i' . $app->getParam('preg_u'); 340 346 $replace[] = '<span class="' . $class . '">$1</span>'; 341 347 } … … 414 420 function encodeEmail($email, $at=' at ', $dot=' dot ') 415 421 { 416 $search = array('/@/u', '/\./u'); 422 $app =& App::getInstance(); 423 424 $search = array('/@/' . $app->getParam('preg_u'), '/\./' . $app->getParam('preg_u')); 417 425 $replace = array($at, $dot); 418 426 return preg_replace($search, $replace, $email); … … 438 446 function truncate($str, $len=50, $where='end', $delim='âŠ') 439 447 { 448 $app =& App::getInstance(); 449 440 450 $dlen = mb_strlen($delim); 441 451 if ($len <= $dlen || mb_strlen($str) <= $dlen) { … … 453 463 switch ($where) { 454 464 case 'start' : 455 return preg_replace(array(sprintf('/^.{%s,}(.{%s})$/s u', $dlen + 1, $part1 + $part2), sprintf('/\s*%s{%s,}\s*/su', preg_quote($delim), $dlen)), array($delim . '$1', $delim), $str);465 return preg_replace(array(sprintf('/^.{%s,}(.{%s})$/s' . $app->getParam('preg_u'), $dlen + 1, $part1 + $part2), sprintf('/\s*%s{%s,}\s*/s' . $app->getParam('preg_u'), preg_quote($delim), $dlen)), array($delim . '$1', $delim), $str); 456 466 457 467 case 'middle' : 458 return preg_replace(array(sprintf('/^(.{%s}).{%s,}(.{%s})$/s u', $part1, $dlen + 1, $part2), sprintf('/\s*%s{%s,}\s*/su', preg_quote($delim), $dlen)), array('$1' . $delim . '$2', $delim), $str);468 return preg_replace(array(sprintf('/^(.{%s}).{%s,}(.{%s})$/s' . $app->getParam('preg_u'), $part1, $dlen + 1, $part2), sprintf('/\s*%s{%s,}\s*/s' . $app->getParam('preg_u'), preg_quote($delim), $dlen)), array('$1' . $delim . '$2', $delim), $str); 459 469 460 470 case 'end' : 461 471 default : 462 return preg_replace(array(sprintf('/^(.{%s}).{%s,}$/s u', $part1 + $part2, $dlen + 1), sprintf('/\s*%s{%s,}\s*/su', preg_quote($delim), $dlen)), array('$1' . $delim, $delim), $str);472 return preg_replace(array(sprintf('/^(.{%s}).{%s,}$/s' . $app->getParam('preg_u'), $part1 + $part2, $dlen + 1), sprintf('/\s*%s{%s,}\s*/s' . $app->getParam('preg_u'), preg_quote($delim), $dlen)), array('$1' . $delim, $delim), $str); 463 473 } 464 474 } … … 620 630 621 631 return preg_replace([ 622 '/&(?=[\w\d#]{1,10};)/ ui',623 '/&([a-z]{1,2})(?:acute|cedil|circ|grave|lig|orn|ring|slash|th|tilde|uml|caron);/ ui',624 '/&(?:ndash|mdash|horbar);/ ui',625 '/&(?:nbsp);/ ui',626 '/&(?:bdquo|ldquo|ldquor|lsquo|lsquor|rdquo|rdquor|rsquo|rsquor|sbquo|lsaquo|rsaquo);/ ui',627 '/&(?:amp);/ ui', // This replacement must come after matching all other entities.628 '/[&;]+/ u',632 '/&(?=[\w\d#]{1,10};)/i' . $app->getParam('preg_u'), 633 '/&([a-z]{1,2})(?:acute|cedil|circ|grave|lig|orn|ring|slash|th|tilde|uml|caron);/i' . $app->getParam('preg_u'), 634 '/&(?:ndash|mdash|horbar);/i' . $app->getParam('preg_u'), 635 '/&(?:nbsp);/i' . $app->getParam('preg_u'), 636 '/&(?:bdquo|ldquo|ldquor|lsquo|lsquor|rdquo|rdquor|rsquo|rsquor|sbquo|lsaquo|rsaquo);/i' . $app->getParam('preg_u'), 637 '/&(?:amp);/i' . $app->getParam('preg_u'), // This replacement must come after matching all other entities. 638 '/[&;]+/' . $app->getParam('preg_u'), 629 639 ], [ 630 640 '&', … … 650 660 function URLSlug($str) 651 661 { 652 return strtolower(urlencode(preg_replace(['/[-\sââ.:;?!@#=+_\/\\\]+|(?: | |–|–|—|—|%c2%a0|%e2%80%93|%e2%80%9)+/u', '/-+/u', '/[^\w-]+/u', '/^-+|-+$/u'], ['-', '-', '', ''], simplifyAccents($str)))); 662 $app =& App::getInstance(); 663 664 return strtolower(urlencode(preg_replace(['/[-\sââ.:;?!@#=+_\/\\\]+|(?: | |–|–|—|—|%c2%a0|%e2%80%93|%e2%80%9)+/' . $app->getParam('preg_u'), '/-+/' . $app->getParam('preg_u'), '/[^\w-]+/' . $app->getParam('preg_u'), '/^-+|-+$/' . $app->getParam('preg_u')], ['-', '-', '', ''], simplifyAccents($str)))); 653 665 } 654 666 … … 664 676 $app =& App::getInstance(); 665 677 666 $file_name = preg_replace(['/[^a-zA-Z0-9()@._=+-]+/ u', '/^_+|_+$/u'], ['_', ''], simplifyAccents($file_name));678 $file_name = preg_replace(['/[^a-zA-Z0-9()@._=+-]+/' . $app->getParam('preg_u'), '/^_+|_+$/' . $app->getParam('preg_u')], ['_', ''], simplifyAccents($file_name)); 667 679 return mb_substr($file_name, 0, 250); 668 680 } … … 1182 1194 function hash64($string, $length=18) 1183 1195 { 1184 return mb_substr(preg_replace('/[^\w]/u', '', base64_encode(hash('sha512', $string, true))), 0, $length); 1196 $app =& App::getInstance(); 1197 1198 return mb_substr(preg_replace('/[^\w]/' . $app->getParam('preg_u'), '', base64_encode(hash('sha512', $string, true))), 0, $length); 1185 1199 } 1186 1200 … … 1212 1226 switch ($app->getParam('signing_method')) { 1213 1227 case 'sha512+base64': 1214 return $val . '-' . mb_substr(preg_replace('/[^\w]/ u', '', base64_encode(hash('sha512', $val . $salt, true))), 0, $length);1228 return $val . '-' . mb_substr(preg_replace('/[^\w]/' . $app->getParam('preg_u'), '', base64_encode(hash('sha512', $val . $salt, true))), 0, $length); 1215 1229 1216 1230 case 'md5': … … 1448 1462 function stripQuery($url) 1449 1463 { 1450 return preg_replace('/[?#].*$/u', '', $url); 1464 $app =& App::getInstance(); 1465 1466 return preg_replace('/[?#].*$/' . $app->getParam('preg_u'), '', $url); 1451 1467 } 1452 1468 … … 1458 1474 function absoluteMe() 1459 1475 { 1460 $safe_http_host = preg_replace('/[^a-z\d.:-]/u', '', getenv('HTTP_HOST')); 1476 $app =& App::getInstance(); 1477 1478 $safe_http_host = preg_replace('/[^a-z\d.:-]/' . $app->getParam('preg_u'), '', getenv('HTTP_HOST')); 1461 1479 return sprintf('%s://%s%s', (getenv('HTTPS') ? 'https' : 'http'), $safe_http_host, getenv('REQUEST_URI')); 1462 1480 } -
trunk/lib/Validator.inc.php
r696 r724 452 452 { 453 453 $app =& App::getInstance(); 454 454 455 // Get rid of any non-digits 455 $cc_num = preg_replace('/[^\d]/ u', '', $val);456 $cc_num = preg_replace('/[^\d]/' . $app->getParam('preg_u'), '', $val); 456 457 457 458 // Perform card-specific checks, if applicable
Note: See TracChangeset
for help on using the changeset viewer.