Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:28986 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 26724 invoked by uid 1010); 24 Apr 2007 16:16:55 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 26709 invoked from network); 24 Apr 2007 16:16:55 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 24 Apr 2007 16:16:55 -0000 Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain lerdorf.com from 204.11.219.139 cause and error) X-PHP-List-Original-Sender: rasmus@lerdorf.com X-Host-Fingerprint: 204.11.219.139 mail.lerdorf.com Received: from [204.11.219.139] ([204.11.219.139:33195] helo=mail.lerdorf.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id E7/C1-60955-57D2E264 for ; Tue, 24 Apr 2007 12:16:54 -0400 Received: from shiny.lerdorf.com (dsl093-079-130.sfo1.dsl.speakeasy.net [66.93.79.130]) (authenticated bits=0) by mail.lerdorf.com (8.13.8/8.13.8/Debian-3) with ESMTP id l3OGGkIG018206; Tue, 24 Apr 2007 09:16:47 -0700 Message-ID: <462E2D6E.7080205@lerdorf.com> Date: Tue, 24 Apr 2007 09:16:46 -0700 User-Agent: Thunderbird 2.0.0.0 (Macintosh/20070326) MIME-Version: 1.0 To: Chris Malton CC: internals@lists.php.net References: <35.58.21560.7D6AD264@pb1.pair.com> <462DB34D.4080506@zend.com> <56.EF.60955.8A52E264@pb1.pair.com> <462E2989.4090908@zend.com> <40.81.60955.D9C2E264@pb1.pair.com> In-Reply-To: <40.81.60955.D9C2E264@pb1.pair.com> X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.90.2/3155/Tue Apr 24 06:27:10 2007 on colo X-Virus-Status: Clean Subject: Re: [PHP-DEV] Segfault in PHP 5.2.1 From: rasmus@lerdorf.com (Rasmus Lerdorf) Chris Malton wrote: > // secure variables from outside > $modxtags = array('@]*?>.*?@si', > '@&#(\d+);@e', > '@\[\[(.*?)\]\]@si', > '@\[!(.*?)!\]@si', > '@\[\~(.*?)\~\]@si', > '@\[$(.*?)$\]@si', > '@{{(.*?)}}@si', > '@\[\*(.*?)\*\]@si'); > foreach($_POST as $key => $value) { > $_POST[$key] = preg_replace($modxtags,"", $value); > } > foreach($_GET as $key => $value) { > $_GET[$key] = preg_replace($modxtags,"", $value); > } I find this part funny. I wonder what they think this is securing. -Rasmus