PhpDig.net - View Single Post

indeh · 11-30-2004, 08:56 AM

I can confirm this bug. The function is phpdigSessionRemoveIt in robot_functions.php (line 1776):

PHP Code:


			
function phpdigSessionRemoveIt($what,$eval) {

    $what = trim($what);

    $eval = ereg_replace($what.'=[a-zA-Z0-9.,;=/-]*','',$eval);

    $eval = str_replace("&amp;&amp;","&amp;",$eval);

    $eval = str_replace("?&amp;","?",$eval);

    $eval = eregi_replace("&amp;$","",$eval);

    $eval = str_replace("&&","&",$eval);

    $eval = eregi_replace("[?][&]","?",$eval);

    $eval = eregi_replace("&$","",$eval);

    $eval = ereg_replace("[?]$","",$eval); // remove trailing question mark

    return $eval;

}

My regex skills are kind of rusty at the moment, but shouldn't the second line of the function be something more like:

PHP Code:


			
    $eval = ereg_replace('([?&])'.$what.'=[a-zA-Z0-9.,;=/-]*','\\1',$eval);

11-30-2004, 08:56 AM	#2
indeh Green Mole Join Date: Oct 2004 Posts: 3	I can confirm this bug. The function is phpdigSessionRemoveIt in robot_functions.php (line 1776): PHP Code: function phpdigSessionRemoveIt($what,$eval) { $what = trim($what); $eval = ereg_replace($what.'=[a-zA-Z0-9.,;=/-]','',$eval); $eval = str_replace("&&","&",$eval); $eval = str_replace("?&","?",$eval); $eval = eregi_replace("&$","",$eval); $eval = str_replace("&&","&",$eval); $eval = eregi_replace("[?][&]","?",$eval); $eval = eregi_replace("&$","",$eval); $eval = ereg_replace("[?]$","",$eval); // remove trailing question mark return $eval; } My regex skills are kind of rusty at the moment, but shouldn't the second line of the function be something more like: PHP Code: `$eval = ereg_replace('([?&])'.$what.'=[a-zA-Z0-9.,;=/-]','\\1',$eval);`