From: masakielastic at gmail dot com Operating system: Any PHP version: 5.5.0 Package: mbstring related Bug Type: Feature/Change Request Bug description:mb_ereg_replace's e modifier should be deprecated
Description: ------------ mb_ereg_replace's e modifier should be deprecated for prevent PHP's code execution and the explanation for using mb_ereg_replace_callback (since PHP 5.4.1) should be added in the manual. PHP: code execution via mb_ereg_replace http://vigilance.fr/vulnerability/PHP-code-execution-via-mb-ereg-replace-8711 The reason why preg_replace's e modifier was deprecated in PHP 5.5 can be applied to mb_ereg_replace's e modifier. http://www.php.net/manual/en/function.preg-replace.php https://wiki.php.net/rfc/remove_preg_replace_eval_modifier There is an example of implementation of mb_ereg_replace_callback as a user function. http://d.hatena.ne.jp/hnw/20110206 -- Edit bug report at https://bugs.php.net/bug.php?id=65079&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=65079&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=65079&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=65079&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=65079&r=fixed Fixed in release: https://bugs.php.net/fix.php?id=65079&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=65079&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=65079&r=needscript Try newer version: https://bugs.php.net/fix.php?id=65079&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=65079&r=support Expected behavior: https://bugs.php.net/fix.php?id=65079&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=65079&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=65079&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=65079&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=65079&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=65079&r=dst IIS Stability: https://bugs.php.net/fix.php?id=65079&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=65079&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=65079&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=65079&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=65079&r=mysqlcfg
