Error on regular expression causes preg_replace to fail

Question

Error on regular expression causes preg_replace to fail

Closed this issue 4 years ago · 2 comments

on file https://github.com/robrichards/xmlseclibs/blob/master/src/Utils/XPath.php

this constant

const EXTENDED_ALPHANUMERIC = '\w\d\s-_:\.';

should be changed to this:

const EXTENDED_ALPHANUMERIC = '-\w\d\s_:\.';

as this string is substituted inside a character class on the regexp, and the - character is considered a range operator unless it appears in the first position in the class, causing preg_replace to throw an error and signature validation to fail:

preg_replace(): Compilation failed: invalid range in character class at offset 8

Answer 1 · 2020-08-26T06:01:39.000Z

This has already been fixed in the file you link. As you can see the - has been properly escaped there. Were you perhaps using an old version of the library?

Answer 2 · 2020-08-26T23:12:14.000Z

Yes, sorry