Tuhinshubhra
commented
5 years ago Yes indeed my regex isn't really that strong.. thanks for improving the project :)
Closed NickstaDB closed 5 years ago
Tuhinshubhra
commented
5 years ago Yes indeed my regex isn't really that strong.. thanks for improving the project :)
I ran CMSeeK against one of my WP sites and it hung up on "Starting passive theme enumeration". After 10 minutes I investigated and found the regex to be the culprit.
Testing the original regex on https://regex101.com/ caused it to spit out a "catastrophic backtracking" error.
This PR replaces the theme and plugin regexs with simpler ones that achieve the same with less effort - match wp-content/(plugins|themes)/, capture the plugin/theme name, then capture the version number if available. The new regex executed in well under 1s against the same site that the original regex hung up on for over 10 minutes.