Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:104306 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 41829 invoked from network); 8 Feb 2019 14:20:03 -0000 Received: from unknown (HELO mail-it1-f177.google.com) (209.85.166.177) by pb1.pair.com with SMTP; 8 Feb 2019 14:20:03 -0000 Received: by mail-it1-f177.google.com with SMTP id q78so8319963itc.0 for ; Fri, 08 Feb 2019 03:01:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=51P4XQnkqFMaOn5R7bSwkDgVcBxn2fxthaQhbhqkzWc=; b=KfOwQwH3Tpf4pxW7QYsxaSnmcLiDXnrbjafmhUEdLGnImRYvyJsit/LPp8mudaMatX L7dj+4LRB8Yd/SO3PIPSXX/iSXwrz2feFFgam77n2sSMBQUH/5Q+k7NwhqQerwUdDO4O vHWjgFH+it8eBokHmME7BIJTHdPpmDK48Z+7jO6y1tSs3u4MV+AeLBzjiidenh65CiEC OjfapzAS+egyub9RRIl+9c3FW2R5WqK5FQa2AepG2VxzXr6Lw+4akuV25ekiP7jibMVK 9XKrlf20ptlIE6/tTFVz5MKnd9nu80j5SV0P8fyumtrloBI9UI6m9NDlIdpYMZBoSbAD WnAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=51P4XQnkqFMaOn5R7bSwkDgVcBxn2fxthaQhbhqkzWc=; b=FR5N4udTJH+t5qpUNYPiSPYSBYtM4YTwOSQ4fJ0MlBGGARESPb5DyBZTnPG1q0qK6y D82PP5okO7JiD3T35UqDV++QxyMRFnKkrXQBBbYcCr5uD+WnpEJn/4K7iXIfTIYWNyie 13LrzQM+p/2SL40fSRPb2Q/Skto6kr96uwJYQBP9ovosCGKfKHux7rYxvMK5N7BWsklo lfTrgwqI/w0+bqZ7tbfrp8rl9TYrpd3g3kQv6TDGI4Wxx5ZNR2KV2bvHi/7sN+e9DPai IWZ1QRQ06qAZxFnjaa3jThkaNdBw2RNYEVaxucqnQr4O2U9lBvOjktNLhH5aXvR6EtL2 uUTg== X-Gm-Message-State: AHQUAubEJVH81oakyoP13cSDyLxJEjf+f25eExAxYSiiIRDh9nhLvHiU DkdJ1rEdJVE93+P+QCjg7fKhCvCLuYrrhpZXj7kBDw== X-Google-Smtp-Source: AHgI3Iad1K9OnXx6aabDoKLlxbAwT6fH7zSxosNOSVaT/k2c2p7FRZJ3lNR7Sn2q9yy3/GIoGJDV6BXfXO5/+Sk+aL4= X-Received: by 2002:a5d:88d3:: with SMTP id i19mr9463856iol.187.1549623715443; Fri, 08 Feb 2019 03:01:55 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: Date: Fri, 8 Feb 2019 12:01:39 +0100 Message-ID: To: Sjon Hortensius Cc: PHP internals Content-Type: multipart/alternative; boundary="0000000000001837ac05815fe3c8" Subject: Re: [PHP-DEV] pcre: shouldn't pass BAD_ESCAPE_IS_LITERAL by default From: nikita.ppv@gmail.com (Nikita Popov) --0000000000001837ac05815fe3c8 Content-Type: text/plain; charset="UTF-8" On Fri, Feb 8, 2019 at 11:57 AM Sjon Hortensius wrote: > Hi internals, > > PHP enables bad_escape_is_literal by default when using pcre methods - this > results in invalid escape-patterns (such as \i) being interpreted as a > literal `i`. This option is documented in pcre as "a dangerous option. Use > with care" - and the pcre author raised concern about PHP enabling this by > default (see https://bugs.exim.org/show_bug.cgi?id=2362 ). > > I agree and I'd like to propose to disable this in the next major version. > The existing modifier to disable this (X - PCRE_EXTRA) can be removed as > well. Would this require an RFC ? > This change sounds reasonable and I don't think it needs an RFC if there are no disagreements on list. Nikita --0000000000001837ac05815fe3c8--