Open GoogleCodeExporter opened 8 years ago
The /e modifier inside preg_replace() allows code execution. Often it is the
cause for remote code execution exploits. It is wise to deactivate this
feature and test where in the application it is used. The developer using the
/e modifier should be made aware that he should use preg_replace_callback()
instead.
Original comment by saiv...@gmail.com
on 25 Jun 2014 at 12:20
Original issue reported on code.google.com by
saiv...@gmail.com
on 25 Jun 2014 at 12:15