ALeX,
On Mon, Apr 29, 2013 at 5:53 PM, ALeX <[email protected]> wrote:
> what about patch preg_replace to accept callbacks?
>
> example:
> preg_replace(array(
> "/pattern1(.*)/",
> "/pattern2(.*)/"
> ),
> array(
> function ($pat) { ... } ,
> "replace"
> )
> , ... );
>
>
There are some weird questions that come up with that. For example, if an
array item is an object that implements both __invoke() and __toString(),
which should be fired? Is it a string? Or a callback? What if I pass a
literal string "strlen", is that a callback, or a replacement?
The point is not that it's a bad idea and that we can't make a distinction,
but more that there are pretty severe edge-cases that we'd have to work
around, and if we don't get it right security could suffer significantly
(especially when user-input is allowed to be a replacement)...
Anthony