Not compatible with SUHOSIN

JulianBarathieu / stikked

Automatically exported from code.google.com/p/stikked

GNU General Public License v3.0

0 stars 0 forks source link

Not compatible with SUHOSIN #44

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

[Wed Jun 25 14:10:50 2014] [error] [client 89.221.250.160] PHP Fatal error:  
SUHOSIN - Use of preg_replace() with /e modifier is forbidden by configuration 
in /pastebin/system/application/libraries/geshi/geshi.php(2148) : regexp code 
on line 2148, referer: http://paste.lan/

Seems like more lazy coding.

Original issue reported on code.google.com by saiv...@gmail.com on 25 Jun 2014 at 12:15

GoogleCodeExporter commented 9 years ago

The /e modifier inside preg_replace() allows code execution. Often it is the
cause for remote code execution exploits. It is wise to deactivate this
feature and test where in the application it is used. The developer using the
/e modifier should be made aware that he should use preg_replace_callback()
instead.

Original comment by saiv...@gmail.com on 25 Jun 2014 at 12:20