From 9c980b1e13bb0193ae3cd97e3d1a16801f686be2 Mon Sep 17 00:00:00 2001 From: Tymoteusz Motylewski Date: Wed, 22 Apr 2020 11:29:50 +0200 Subject: [PATCH] Pass delimiter char to preg_quote The most common used delimiters in PHP are /@#~, which are not escaped by default (by default preg_quote escapes .\+*?[^]$(){}=!<>|:-). --- app/code/core/Mage/Api2/Model/Resource/Validator/Eav.php | 4 ++-- app/code/core/Mage/Catalog/Model/Url.php | 4 ++-- app/code/core/Mage/Core/Model/Translate/Inline.php | 2 +- .../core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php | 2 +- .../app/Mage/Catalog/Test/Handler/CatalogCategory/Curl.php | 2 +- lib/Zend/Cloud/DocumentService/Adapter/WindowsAzure.php | 2 +- lib/Zend/Db/Statement.php | 6 +++--- lib/Zend/Http/Cookie.php | 2 +- 8 files changed, 12 insertions(+), 12 deletions(-) diff --git a/app/code/core/Mage/Api2/Model/Resource/Validator/Eav.php b/app/code/core/Mage/Api2/Model/Resource/Validator/Eav.php index f0cf6ef95ff..b93709ae1ed 100644 --- a/app/code/core/Mage/Api2/Model/Resource/Validator/Eav.php +++ b/app/code/core/Mage/Api2/Model/Resource/Validator/Eav.php @@ -225,11 +225,11 @@ public function getErrors() // business asked to avoid additional validation message, so we filter it here $errors = array(); $requiredAttrs = array(); - $isRequiredRE = '/^' . str_replace('%s', '(.+)', preg_quote(Mage::helper('eav')->__('"%s" is a required value.'))) . '$/'; + $isRequiredRE = '/^' . str_replace('%s', '(.+)', preg_quote(Mage::helper('eav')->__('"%s" is a required value.'), '/') ) . '$/'; $greaterThanRE = '/^' . str_replace( '%s', '(.+)', - preg_quote(Mage::helper('eav')->__('"%s" length must be equal or greater than %s characters.')) + preg_quote(Mage::helper('eav')->__('"%s" length must be equal or greater than %s characters.'), '/') ) . '$/'; // find all required attributes labels diff --git a/app/code/core/Mage/Catalog/Model/Url.php b/app/code/core/Mage/Catalog/Model/Url.php index 2d70607597c..bcce41380d7 100644 --- a/app/code/core/Mage/Catalog/Model/Url.php +++ b/app/code/core/Mage/Catalog/Model/Url.php @@ -659,8 +659,8 @@ public function getUnusedPathByUrlKey($storeId, $requestPath, $idPath, $urlKey) } // match request_url abcdef1234(-12)(.html) pattern $match = array(); - $regularExpression = '#(?P(.*/)?' . preg_quote($urlKey) . ')(-(?P[0-9]+))?(?P' - . preg_quote($suffix) . ')?$#i'; + $regularExpression = '#(?P(.*/)?' . preg_quote($urlKey, '#') . ')(-(?P[0-9]+))?(?P' + . preg_quote($suffix, '#') . ')?$#i'; if (!preg_match($regularExpression, $requestPath, $match)) { return $this->getUnusedPathByUrlKey($storeId, '-', $idPath, $urlKey); } diff --git a/app/code/core/Mage/Core/Model/Translate/Inline.php b/app/code/core/Mage/Core/Model/Translate/Inline.php index 6a9a8be9aa1..83eb5f16557 100644 --- a/app/code/core/Mage/Core/Model/Translate/Inline.php +++ b/app/code/core/Mage/Core/Model/Translate/Inline.php @@ -383,7 +383,7 @@ protected function _prepareTagAttributesForContent(&$content) $attrRegExp = '#' . $this->_tokenRegex . '#S'; $trArr = $this->_getTranslateData($attrRegExp, $tagHtml, array($this, '_getAttributeLocation')); if ($trArr) { - $transRegExp = '# data-translate=' . $quoteHtml . '\[([^'.preg_quote($quoteHtml).']*)]' . $quoteHtml . '#i'; + $transRegExp = '# data-translate=' . $quoteHtml . '\[([^'.preg_quote($quoteHtml, '#').']*)]' . $quoteHtml . '#i'; if (preg_match($transRegExp, $tagHtml, $m)) { $tagHtml = str_replace($m[0], '', $tagHtml); //remove tra $trAttr = ' data-translate=' . $quoteHtml diff --git a/app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php b/app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php index 17634ae9caa..1dc657bf408 100644 --- a/app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php +++ b/app/code/core/Mage/Dataflow/Model/Convert/Parser/Xml/Excel.php @@ -126,7 +126,7 @@ public function parse() continue; } else { - if (preg_match('/ss:Name=\"'.preg_quote($worksheet).'\"/siU', substr($xmlTmpString, 0, $strposF))) { + if (preg_match('/ss:Name=\"'.preg_quote($worksheet, '/').'\"/siU', substr($xmlTmpString, 0, $strposF))) { $xmlString = substr($xmlTmpString, $strposF); $isWorksheet = true; continue; diff --git a/dev/tests/functional/tests/app/Mage/Catalog/Test/Handler/CatalogCategory/Curl.php b/dev/tests/functional/tests/app/Mage/Catalog/Test/Handler/CatalogCategory/Curl.php index e08ac3dd9a3..9b8f42588c9 100644 --- a/dev/tests/functional/tests/app/Mage/Catalog/Test/Handler/CatalogCategory/Curl.php +++ b/dev/tests/functional/tests/app/Mage/Catalog/Test/Handler/CatalogCategory/Curl.php @@ -137,7 +137,7 @@ protected function getBlockId($landingName) $curl->write($url, [], CurlInterface::POST); $response = $curl->read(); $curl->close(); - preg_match('~' . preg_quote($landingName) . '~', $response, $matches); + preg_match('~' . preg_quote($landingName, '~') . '~', $response, $matches); $id = isset($matches[1]) ? (int)$matches[1] : null; return $id; diff --git a/lib/Zend/Cloud/DocumentService/Adapter/WindowsAzure.php b/lib/Zend/Cloud/DocumentService/Adapter/WindowsAzure.php index ffc02297540..0f778d8f683 100644 --- a/lib/Zend/Cloud/DocumentService/Adapter/WindowsAzure.php +++ b/lib/Zend/Cloud/DocumentService/Adapter/WindowsAzure.php @@ -525,7 +525,7 @@ protected function _resolveAttributes(Zend_Service_WindowsAzure_Storage_TableEnt */ protected function _validateKey($key) { - if (preg_match('@[/#?' . preg_quote('\\') . ']@', $key)) { + if (preg_match('@[/#?' . preg_quote('\\', '@') . ']@', $key)) { throw new Zend_Cloud_DocumentService_Exception('Invalid partition or row key provided; must not contain /, \\, #, or ? characters'); } } diff --git a/lib/Zend/Db/Statement.php b/lib/Zend/Db/Statement.php index 88380b731f1..5155827f237 100644 --- a/lib/Zend/Db/Statement.php +++ b/lib/Zend/Db/Statement.php @@ -185,11 +185,11 @@ protected function _stripQuoted($sql) // e.g. \' or '' $qe = $this->_adapter->quote($q); $qe = substr($qe, 1, 2); - $qe = preg_quote($qe); + $qe = preg_quote($qe, '/'); $escapeChar = substr($qe,0,1); // remove 'foo\'bar' if (!empty($q)) { - $escapeChar = preg_quote($escapeChar); + $escapeChar = preg_quote($escapeChar, '/'); // this segfaults only after 65,000 characters instead of 9,000 $sql = preg_replace("/$q([^$q{$escapeChar}]*|($qe)*)*$q/s", '', $sql); } @@ -207,7 +207,7 @@ protected function _stripQuoted($sql) // e.g. \" or "" or \` $de = $this->_adapter->quoteIdentifier($d); $de = substr($de, 1, 2); - $de = preg_quote($de); + $de = preg_quote($de, '/'); // Note: $de and $d where never used..., now they are: $sql = preg_replace("/$d($de|\\\\{2}|[^$d])*$d/Us", '', $sql); return $sql; diff --git a/lib/Zend/Http/Cookie.php b/lib/Zend/Http/Cookie.php index 766314e5dbc..3f928856dc2 100644 --- a/lib/Zend/Http/Cookie.php +++ b/lib/Zend/Http/Cookie.php @@ -395,7 +395,7 @@ public static function matchCookieDomain($cookieDomain, $host) // Check for either exact match or suffix match return ($cookieDomain == $host || - preg_match('/\.' . preg_quote($cookieDomain) . '$/', $host)); + preg_match('/\.' . preg_quote($cookieDomain, '/') . '$/', $host)); } /**