Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PHP error: The /e modifier is deprecated, use preg_replace_callback instead #35

Open
njwgh opened this issue Apr 6, 2017 · 2 comments

Comments

@njwgh
Copy link

njwgh commented Apr 6, 2017

Getting a php error on the xssclean.php file at lines 285 and 286
"The /e modifier is deprecated, use preg_replace_callback instead "

285:
$str = preg_replace('~&#x(0*[0-9a-f]{2,5})~ei', 'chr(hexdec("\1"))', $str);

suggest it is rewritten to:
$str = preg_replace_callback('~&#x(0*[0-9a-f]{2,5})~ei',
create_function ('$matches', 'return chr(hexdec($matches[1]));'), $str);

286:
return preg_replace('~&#([0-9]{2,4})~e', 'chr(\1)', $str);

suggest it is rewritten to:

return preg_replace_callback('~&#([0-9]{2,4})~e', 'chr(\1)',
create_function ('$matches', 'return chr($matches[1]);'), $str);

Can anyone confirm that this is correct?

@njwgh
Copy link
Author

njwgh commented Mar 29, 2019

OK so it seems 'create_function' is deprecated as well.

Here's another attempt. I would love confirmation that it is correct. Thanks

$str = preg_replace_callback('~&#x(0*[0-9a-f]{2,5})~i', function ($m) {
return chr(hexdec($m[1]));}, $str);

return preg_replace_callback('&#([0-9]{2,4})', function ($m) {
return chr($m[1]);}, $str);

@njwgh
Copy link
Author

njwgh commented Mar 29, 2019

Seems I'm a victim of 'auto replace' In the code above the section that has the strike-through should actually have a ~ after the first single quote and before the last single quote. No idea how to make it show correctly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant