clarification: warning according to bug #48180

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@280311 c90b9560-bf6c-de11-be94-00142212c4b1
2025-03-16 00:48:54 +00:00 · 2009-05-10 21:21:10 +00:00 · 2009-05-10 21:21:10 +00:00 · b164cbb830
commit b164cbb830
parent 28a4ad2460
2 changed files with 12 additions and 2 deletions
--- a/reference/mbstring/functions/mb-ereg-replace.xml
+++ b/reference/mbstring/functions/mb-ereg-replace.xml
@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!-- $Revision: 1.9 $ -->
+<!-- $Revision: 1.10 $ -->
 <refentry xml:id="function.mb-ereg-replace" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
 <refnamediv>
  <refname>mb_ereg_replace</refname>
@ -85,6 +85,11 @@
  &reftitle.notes;
  
  &note.mbstring.encoding.internal;
+  <warning>
+   <para>
+   Warning: Never use the <literal>e</literal> modifier when working on untrusted input. No automatic escaping will happen (as known from preg_replace). Not taking care of this will most likely create remote code execution vulnerabilities in your application.
+   </para>
+  </warning>
 </refsect1>

 <refsect1 role="seealso">
--- a/reference/mbstring/functions/mb-eregi-replace.xml
+++ b/reference/mbstring/functions/mb-eregi-replace.xml
@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<!-- $Revision: 1.9 $ -->
+<!-- $Revision: 1.10 $ -->
 <refentry xml:id="function.mb-eregi-replace" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
 <refnamediv>
  <refname>mb_eregi_replace</refname>
@ -74,6 +74,11 @@
  &reftitle.notes;
  
  &note.mbstring.encoding.internal;
+  <warning>
+   <para>
+   Warning: Never use the <literal>e</literal> modifier when working on untrusted input. No automatic escaping will happen (as known from preg_replace). Not taking care of this will most likely create remote code execution vulnerabilities in your application.
+   </para>
+  </warning>
 </refsect1>

 <refsect1 role="seealso">