preg_replace_callback help

[k8jsl]

i  have the following but of coarse its now depreciated

icao = (!empty($this->form['icao'])) ? $this->form['icao'] : $this->conf['icao1x'];

                          $tzoff = preg_replace('/-/', '', $this->conf['tzoff']);

                          $day = (!empty($this->form['day'])) ? $this->form['day'] : '1';

                          $this->day = $day;
$run = (!empty($this->form['run'])) ? $this->form['run'] : $this->conf['run'];                          

                        $url = $this->runconf[$run . '_url'];

                        $post = $this->runconf[$run . '_url_tail'];



                        list($this->temp, $cachet, $runner) = explode("|", $this->runconf[$run . '_settings']);



                          $post = @preg_replace("/\{(\w+)\}/e", '$$1', $post);
 

                        $cachepath = @preg_replace("/\{(\w+)\}/e", '$$1', $this->runconf[$run . '_cache']);

$post IS defined as:

obhistory.php?icao={icao}&day={day}&offset={tzoff}
 

[requinix]

Depending on the rest of your code it may not actually be possible to do this in a reasonable way.

 

Fortunately you should take a slightly different approach to it. Rather than allow anything as a variable, which is extremely dangerous, you should use a whitelist of values. At that point it's really just an array of names and values. Pass that to the callback function.

$values = array(
	"icao" => $icao,
	"tzoff" => $tzoff,
	"day" => $day,
	// etc
);

$post = preg_replace_callback('/\{(\w+)\}/', function($match) use ($values) {
	if (isset($values[$match[1]])) {
		return $values[$match[1]];
	} else {
		return $match[0]; // no change
		// return ""; // empty
		// or whatever you want to do
	}
}, $post);

[k8jsl]

THANKYOU  A MILLION TIMES THANKYOU

I don have a form class that sanitizes all inputs before the 'meat'of my scripts gets anything