26 lines
885 B
Plaintext
26 lines
885 B
Plaintext
== Why is this an issue?
|
|
|
|
The PHP function `preg_replace` can be used to perform a search and replace based on regular expression matches. The `$replacement` parameter can contain references to capturing groups used in the `$pattern` parameter. This can be achieved with `\n` or `$n` to reference the n'th group.
|
|
|
|
When referencing a nonexistent group, it will be substituted with an empty string. This is in general not the intended behavior, and might stay unnoticed since no warning is raised.
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,php]
|
|
----
|
|
preg_replace("/(a)(b)(c)/", "\\1, \\9, \\3", "abc"); // Noncompliant - result is "a, , c"
|
|
----
|
|
|
|
=== Compliant solution
|
|
|
|
[source,php]
|
|
----
|
|
preg_replace("/(a)(b)(c)/", "\\1, \\2, \\3", "abc");
|
|
----
|
|
|
|
== Resources
|
|
|
|
* https://www.php.net/manual/en/function.preg-replace.php[preg_replace] - PHP Documentation
|
|
|
|
include::../implementation.adoc[]
|