In need of a PHP guru - I'm miles out of touch

[Scott]

Ok so I built a forum many moons ago which I then added my own bespoke recipe section to. This allowed creation of homebrew recipes etc. It took me AGES to figure out how to write it as I don't have any actual background in coding other than being a self taught hobbyist. At the time, I got by quite well and by the end of all the trial and error I got to a decent level of understanding.

FFWD to now and I'm looking at the code feeling like I wrote it drunk. I'm looking at an error glaring back at me with not even the foggiest idea how to solve it.

So... onto the query. I have the following that used to sanitise error messages, I believe it removed any potential SQL injection (I honestly can't be sure).

$error = preg_replace('#^([A-Z_]+)$#e', "(!empty(\$user->lang['\\1'])) ? \$user->lang['\\1'] : '\\1'", $error);

This shows how long ago I wrote it as I believe it was PHP 5.4. Current versions are just knocking me back as this isn't allowed and I need to use preg_replace_callback instead.

The trouble is that I believe my initial preg_replace is quite "fancy", in that it doesn't easily transpose to the preg_replace_callback function using the brief tutorials that I have found.

Can anyone make sense of what the hell I've written to sort it out for me?

Many thanks

 

[Scott]

$error = array_map(array($user, 'lang'), $error);

Seemed to fix my error. No idea if that's even the same thing, as it looks nothing functionally like it, but the error disappeared.

 

[Tony1044]

Can you not just remove the /e?

 

[Scott]

Can you not just remove the /e?

It doesn't have one though. It clearly does as part of a variable but I've no idea where that variable is set. I took me 10 minutes to remember where the common functions were lol.

 

[Tony1044]

It doesn't have one though. It clearly does as part of a variable but I've no idea where that variable is set. I took me 10 minutes to remember where the common functions were lol.

I think the #e was being interpreted as /e - I'd have suggested trying just # but you've fixed it already

Edit: The reason I think it's not a variable is if you take that one line of code and drop it into a PHP test site, it returns an error around /e not being supported - despite there being no variables set to pass that through.

Interesting conundrum. I haven't used PHP in anger in over a decade so not the ideal person to help.

 

[debiruman665]

Are you using PHP 7?

 

[Scott]

Are you using PHP 7?

Yeah, but I've not updated my BB in line with it. I'm just using it locally now, to keep track of my recipes etc.

Working now though

 

[debiruman665]

Also this looks like

Yeah, but I've not updated my BB in line with it. I'm just using it locally now, to keep track of my recipes etc.

Working now though

Ok i'm not entirely sure what you are trying to do, but it looks like you are trying to alter a ternary operator.

Which suggests that you will eventually eval() the output and run it?

 

[Scott]

Also this looks like


Ok i'm not entirely sure what you are trying to do, but it looks like you are trying to alter a ternary operator.

Which suggests that you will eventually eval() the output and run it?

It evaluates the error code and translates it to a message in the chosen language of the current user.

 

[debiruman665]

It evaluates the error code and translates it to a message in the chosen language of the current user.

Would you mind sending me the surrounding code in PM?

I suspect there might be a more straight forward way to achieve this. Especially if you were just trying to sanitise the message, without needing to use eval() which depending on how it is used could open you up to PHP injection.

 

[Scott]

Tried to send it over but it won't let me as it's too big. Don't worry about it though, the fix I put above solved the issue.

Like I said, it's local now so I'm not using anything online or anything like that. It's purely for my offline use.

If you are REALLY interested in it though it's the ucp_prefs.php file from phpbb from around 2009 (I think).