rfc:remove_preg_replace_eval_modifier
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
rfc:remove_preg_replace_eval_modifier [2012/02/05 14:42] – nikic | rfc:remove_preg_replace_eval_modifier [2012/03/13 17:31] – Just remove the vote, as I broke it anyways nikic | ||
---|---|---|---|
Line 3: | Line 3: | ||
* Date: 2012-02-04 | * Date: 2012-02-04 | ||
* Author: Nikita Popov < | * Author: Nikita Popov < | ||
- | * Status: | + | * Status: |
===== Summary ===== | ===== Summary ===== | ||
Line 35: | Line 35: | ||
For example the above example can be used to execute arbitrary PHP code by passing the string | For example the above example can be used to execute arbitrary PHP code by passing the string | ||
''< | ''< | ||
- | ''"< | + | '' |
'' | '' | ||
An example of a larger project which suffered from such a code injection vulnerability is RoundCube | An example of a larger project which suffered from such a code injection vulnerability is RoundCube | ||
- | (see [[this changeset|http:// | + | (see [[http:// |
=== Alternative === | === Alternative === | ||
Line 73: | Line 73: | ||
The application of '' | The application of '' | ||
- | also results in unexpected behavior when the input contains quotes. | + | also results in unexpected behavior when the input contains quotes: |
- | As always both quote types are escaped, but only one of them needs escaping, one of the quote types will always | + | '' |
- | overescaped. E.g. if ''< | + | only '' |
- | ''< | + | the quote types to be overescaped. E.g. if ''< |
+ | would be ''< | ||
- | This behavior makes ''/ | + | This behavior makes ''/ |
- | is broken). | + | |
==== Use as obfuscation in exploit scripts ==== | ==== Use as obfuscation in exploit scripts ==== | ||
Line 90: | Line 90: | ||
* [[http:// | * [[http:// | ||
- | This obfuscation hides scripts from '' | + | This obfuscation hides scripts from '' |
function). Additionally - as you can see in the second link - it is possible to obfuscate the use of the ''/ | function). Additionally - as you can see in the second link - it is possible to obfuscate the use of the ''/ | ||
modifier itself, making it even harder to find. | modifier itself, making it even harder to find. | ||
Line 102: | Line 102: | ||
replaced by a callback there would be no loss in functionality. | replaced by a callback there would be no loss in functionality. | ||
- | The time line for deprecation | + | ===== Vote ===== |
+ | |||
+ | The vote ended with 23 in favor and 4 against the proposal. | ||
+ | |||
+ | ===== Current state ===== | ||
+ | |||
+ | The ''/ | ||
+ | be removed at some later point in time. |
rfc/remove_preg_replace_eval_modifier.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1