php-bugs

From: chiaroscuro at achromatic dot fsnet dot co dot uk
Operating system: Apache 1.3.31
PHP version: 4.3.10
PHP Bug Type: PCRE related
Bug description: Repetition quantifiers

Description:
------------
I'm using quantifiers in preg_match_all functions,amongst other things, to
restrict the length of strings strings submitted from HTML forms. The lower
limit catches discrepant strings, but the upper limit has no effect. I've
tried using very basic code, but unsuccessfully.

Reproduce code:
---------------
$failure = 0;
$userpattern = "/t{3,6}/";
$username = 'ttttttt';
$usercheck = preg_match_all($userpattern,$username,$results);
if ( !$usercheck )
{ $failure++; }

Expected result:
----------------
$usercheck = 'tt';
This would be a disallowed string
$usercheck = 'ttttttt';
This would also be a disallowed string

Actual result:
--------------
$usercheck = 'tt'; results in $failure == 1 & the string 'fails' as it
should.
$usercheck = 'ttttttt'; results in $failure = 0 & the string is allowed.
This happens however many repetitions the string comprises and with any
upper limit set.

--
Edit bug report at http://bugs.php.net/?id=32875&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=32875&r=trysnapshot4
Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=32875&r=trysnapshot50
Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=32875&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=32875&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=32875&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=32875&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=32875&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=32875&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=32875&r=support
Expected behavior: http://bugs.php.net/fix.php?id=32875&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=32875&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=32875&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=32875&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=32875&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=32875&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=32875&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=32875&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=32875&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=32875&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=32875&r=mysqlcfg

ID: 32875
Updated by: wez@php.net
Reported By: chiaroscuro at achromatic dot fsnet dot co dot uk
-Status: Open
+Status: Bogus
Bug Type: PCRE related
Operating System: Apache 1.3.31
PHP Version: 4.3.10
New Comment:

Anchor your regex using ^ and $


Previous Comments:
------------------------------------------------------------------------

[2005-04-28 20:52:02] chiaroscuro at achromatic dot fsnet dot co dot uk

Description:
------------
I'm using quantifiers in preg_match_all functions,amongst other things,
to restrict the length of strings strings submitted from HTML forms. The
lower limit catches discrepant strings, but the upper limit has no
effect. I've tried using very basic code, but unsuccessfully.

Reproduce code:
---------------
$failure = 0;
$userpattern = "/t{3,6}/";
$username = 'ttttttt';
$usercheck = preg_match_all($userpattern,$username,$results);
if ( !$usercheck )
{ $failure++; }

Expected result:
----------------
$usercheck = 'tt';
This would be a disallowed string
$usercheck = 'ttttttt';
This would also be a disallowed string

Actual result:
--------------
$usercheck = 'tt'; results in $failure == 1 & the string 'fails' as it
should.
$usercheck = 'ttttttt'; results in $failure = 0 & the string is
allowed.
This happens however many repetitions the string comprises and with any
upper limit set.


------------------------------------------------------------------------


--
Edit this bug report at http://bugs.php.net/?id=32875&edit=1