Introduction to testing PHP preg_match() function information leakage method_PHP tutorial

We are using

Affected systems:

PHP PHP <= 5.3

PHP preg_match() function description:

PHP is a widely used general-purpose scripting language, especially suitable for Web development and can be embedded into HTML.

The preg_match() function used by PHP obtains parameters from the user input string. If the value passed is an array instead of a string, a warning will be generated. The warning message contains the full path of the currently running script.

<ol class="dp-xml"><li class="alt"><span><span class="tag">< </span><span>*来源：David Vieira-Kurz  </span></span></li><li><span>链接：http://marc.info/?</span><span class="attribute">l</span><span>=</span><span class="attribute-value">bugtraq<br /></span><span>&</span><span class="attribute">m</span><span>=</span><span class="attribute-value">125415056222332</span><span>&</span><span class="attribute">w</span><span>=</span><span class="attribute-value">2</span><span> </span></li><li class="alt"><span>*</span><span class="tag">><span> </span></p>
<p></p>
<p><strong>PHP preg_match() function test method: </strong></p>
<p>Temporary solution: </p>
<p></p>
<pre class="brush:php;toolbar:false"><ol class="dp-xml"><li class="alt"><span><span class="tag"><</span><span> ?PHP  </span></span></li><li><span>if(isset($_GET['page'])) {  </span></li><li class="alt"><span>if (is_array($</span><span class="attribute">page</span><span> = $_GET['page'])) {   </span></li><li><span>$</span><span class="attribute">casted</span><span> = (string)$page;  </span></li><li class="alt"><span>} else {  </span></li><li><span>$</span><span class="attribute">page</span><span> = </span><span class="attribute-value">htmlspecialchars</span><span>($_GET<br />['page'],ENT_QUOTES,'UTF-8');  </span></li><li class="alt"><span>validate_alpha($page);  </span></li><li><span>}  </span></li><li class="alt"><span>}  </span></li><li><span>function validate_alpha($page) {  </span></li><li class="alt"><span>return preg_match("/^[A-Za-z0-9_-]<br />+$/ ", $page);  </span></li><li><span>} </span><span class="tag">?></span><span> </span></span></li></ol>

Manufacturer patch:

Currently, the manufacturer has not provided relevant patches or upgrades for the vulnerability in the PHP preg_match() function. We recommend using this software. Users always pay attention to the manufacturer's homepage to get the latest version:

http://www.php.net

http://localhost/cms/modules/system/admin.php?fct= users&op[]=

Warning: preg_match() expects parameter 2 to be string, array given in /htdocs/cms/include/common.php on line 105

http://www.bkjia.com/PHPjc/445956.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/445956.htmlTechArticleWe are using the affected system: PHP PHP = 5.3 PHP preg_match() function description: PHP is a widely used general purpose Purpose scripting language, especially suitable for web development, can be embedded in HTML. P...