1
0
Fork 0

Workaround for PCRE regression

pull/9941/head
Jordi Boggiano 2021-06-04 07:17:57 +02:00
parent 304455be48
commit d77ff0f729
No known key found for this signature in database
GPG Key ID: 7BBD42C429EC80BC
1 changed files with 15 additions and 3 deletions

View File

@ -109,13 +109,25 @@ class Url
// e.g. https://api.github.com/repositories/9999999999?access_token=github_token // e.g. https://api.github.com/repositories/9999999999?access_token=github_token
$url = preg_replace('{([&?]access_token=)[^&]+}', '$1***', $url); $url = preg_replace('{([&?]access_token=)[^&]+}', '$1***', $url);
$url = preg_replace_callback('{(?P<prefix>://|^)(?P<user>[^:/\s@]+):(?P<password>[^@\s/]+)@}i', function ($m) { // duplication here to apparent PCRE regression in v10.37 26-May-2021 which
// makes (?P<prefix>://|^) not match anymore
// should be reverted ideally when fixed in upstream
$url = preg_replace_callback('{^(?P<user>[^:/\s@]+):(?P<password>[^@\s/]+)@}i', function ($m) {
// if the username looks like a long (12char+) hex string, or a modern github token (e.g. gp1_xxx) we obfuscate that // if the username looks like a long (12char+) hex string, or a modern github token (e.g. gp1_xxx) we obfuscate that
if (preg_match('{^([a-f0-9]{12,}|g[a-z]\d_[a-zA-Z0-9_]+)$}', $m['user'])) { if (preg_match('{^([a-f0-9]{12,}|g[a-z]\d_[a-zA-Z0-9_]+)$}', $m['user'])) {
return $m['prefix'].'***:***@'; return '***:***@';
} }
return $m['prefix'].$m['user'].':***@'; return $m['user'].':***@';
}, $url);
$url = preg_replace_callback('{://(?P<user>[^:/\s@]+):(?P<password>[^@\s/]+)@}i', function ($m) {
// if the username looks like a long (12char+) hex string, or a modern github token (e.g. gp1_xxx) we obfuscate that
if (preg_match('{^([a-f0-9]{12,}|g[a-z]\d_[a-zA-Z0-9_]+)$}', $m['user'])) {
return '://***:***@';
}
return '://'.$m['user'].':***@';
}, $url); }, $url);
return $url; return $url;