This is especially important for cases which could be user inputs, because submitting a very long non-matching string can make PCRE fail in bad ways (and even sometimes make PHP segfault for really bad failures on some versions) when it starts backtracking. The package name and version names regexes have no chance to find another way to match through backtracking.
everzet
commented
9 years ago
This is especially important for cases which could be user inputs, because submitting a very long non-matching string can make PCRE fail in bad ways (and even sometimes make PHP segfault for really bad failures on some versions) when it starts backtracking. The package name and version names regexes have no chance to find another way to match through backtracking.