Seems like old fashioned vulnerability

php / doc-it

Italian translation of the PHP documentation

10 stars 10 forks source link

Seems like old fashioned vulnerability #41

Closed MChaban47 closed 11 months ago

MChaban47 commented 1 year ago

https://github.com/php/doc-it/blob/bb0149be4579d5bbc3c3ade14b1161317394453a/reference/pcre/pattern.modifiers.xml#L114

DavidePastore commented 1 year ago

Hi @MChaban47. Could you please elaborate a bit more?

MChaban47 commented 1 year ago

@DavidePastore, look at line 120 In PHP prior 7.0, 'e' modifier will evaluate result of preg_replace as PHP code. If this '.xml' file will be handled by PHP interpreter on server (if set so) - it becomes a backdoor with remote shell possibility or any PHP function execution on remote server. I mean, I know that this is an example, but it will actually be executed on server with documentation where all files go through the PHP interpreter. You can find out more here: http://www.madirish.net/402

DavidePastore commented 1 year ago

@MChaban47, thank you for elaborating more. This file should be updated to the latest available content of the corresponding doc-en language file in order to get rid of this issue.

DavidePastore commented 1 year ago

To be honest I'm not even sure that the code snippets that are in the example sections are executed by a PHP interpreter.

Girgias commented 11 months ago

To be honest I'm not even sure that the code snippets that are in the example sections are executed by a PHP interpreter.

They are not :)

DavidePastore commented 11 months ago

Thanks for confirming, @Girgias. I'm closing this one.