[pmwiki-users] Deprecated preg_replace() eval feature in PHP 5.5

Petko Yotov 5ko at 5ko.fr
Thu May 8 10:59:33 CDT 2014

Thanks for your message and code.

While I appreciate the benefits of automatic code rewriting, this one will  
contain text from the page sources to be eval()'d by PHP and may potentially  
open huge security holes.

I feel it is really less of a headache to just rewrite the Markup() calls of  
your recipes.

If required, I'm willing to work on a way to let you use such a function as  
a recipe instead of adding it into the core.


P.S. The SVN server should be up again soon. Meanwhile there is always the  
latest code packed as a zip archive, see http://www.pmwiki.org/Subversion .

Martin Rüegg writes:
> i'm running v2.2.63 on phph 5.5 and had a lot of warnings in my php-log.
> so i extended the changes to respect the /e modifier in the pattern (as
> opposed the the is_callable() of the replacment).
> additionally the old "'$x'" are being replaced with "\$m[x]".
> here is the patch i used:
> unfortunately i was not able to check out or export the latest trunk form
> the subversion repository.

More information about the pmwiki-users mailing list