search

robrichards / xmlseclibs

A PHP library for XML Security
BSD 3-Clause "New" or "Revised" License
386 stars 180 forks source link

Error on regular expression causes preg_replace to fail #215

Closed faragom closed 3 years ago

faragom commented 3 years ago

on file https://github.com/robrichards/xmlseclibs/blob/master/src/Utils/XPath.php

this constant 

const EXTENDED_ALPHANUMERIC = '\w\d\s-_:\.';

should be changed to this:

const EXTENDED_ALPHANUMERIC = '-\w\d\s_:\.';

as this string is substituted inside a character class on the regexp, and the - character is considered a range operator unless it appears in the first position in the class, causing preg_replace to throw an error and signature validation to fail:

preg_replace(): Compilation failed: invalid range in character class at offset 8
thijskh commented 3 years ago

This has already been fixed in the file you link. As you can see the - has been properly escaped there. Were you perhaps using an old version of the library?

faragom commented 3 years ago

Yes, sorry