Open buildapps2016 opened 7 years ago
jrfnl
commented
7 years ago Hi Samuel,
This is not a false positive. The regex in the preg_replace() is: '!s:(\d+):"(.*?)";!es',. The ! is used as the regex delimiter, which means that s:(\d+):"(.*?)"; is the effective regex with es as modifiers, i.e. e is one of the modifiers used and the error is legitimate.
buildapps2016
commented
7 years ago Thank you for your reply.
I replaced the statement to:
if (version_compare(PHP_VERSION, '7.0.0') >= 0) {
$value = preg_replace_callback('!s:(\d+):"(.*?)";!s', function($matches) {
return 's:'.strlen($matches[2]).':"'.$matches[2].'";';
}, stripslashes($meta['value']));
$value = maybe_unserialize($value);
}else{
$value = maybe_unserialize( preg_replace( '!s:(\d+):"(.*?)";!es', "'s:'.strlen('$2').':\"$2\";'", stripslashes( $meta['value'] ) ) );
}but it still detect as error.
In this case, just ignore the result and my script will run in php 7.0, right?
jrfnl
commented
7 years ago The preg_replace_callback() function has existed since PHP 4, so why not use it unconditionally and remove the else part altogether ?
If you still want to be compatible with PHP 5.2, you would need to change the closure you use in it to a full function, but if you've dropped PHP 5.2 support already, using the closure should be fine.
Hi,
Below is probably a false positive. Kindly please check it.
FILE: /home/r/u/ftp_**-**com/wp-content/themes/**-**/metaboxes/MetaBox.php
FOUND 1 ERROR AND 1 WARNING AFFECTING 2 LINES
448 | WARNING | Use of deprecated PHP4 style class constructor is not supported since PHP 7. 540 | ERROR | preg_replace() - /e modifier is deprecated since PHP 5.5 and removed since PHP 7.0
Below is the Line 540 on MetaBox.php, /e modifier didn't use in the code below.
$value = maybe_unserialize( preg_replace( '!s:(\d+):"(.*?)";!es', "'s:'.strlen('$2').':\"$2\";'", stripslashes( $meta['value'] ) ) );
Best Regards, Samuel Chin http://www.buildapps.com.my/