1

i have an error in my plugin in WordPress, it showed error on line 89 which is 

if ( is_array( $related ) ) {
        foreach ( $related as $value ) {
        $words[] = $this->search_string( $value );
        if ( isset( $this->settings[ 'tooltip' ] ) ) {
          $links[] = $this->tooltip_html( $link, '$0', $post, $target, $nofollow, $internal );
        } else {
          $links[] = '<a href="' . $link . '"' . $target . $nofollow . '>$0</a>';
        }
        }
      }
    endwhile;
    if ( !empty( $words ) ) {
      if ( isset( $this->settings[ 'first_occurence' ] ) ) {
        $text = preg_replace( $words, $links, $text, 1 );
      } else {
        $text = preg_replace( $words, $links, $text ); //line 89
      }
    }
    wp_reset_postdata();
    }

So when i reached there i saw that search_string() function is being called and immediately went there and found a string of symbols i applied the ~ fix but don't know if this works.

 public function search_string( $title ) {
return '~/(?<!\w)((?i)~' . $title . '~(?-i))(?=[ \.\,\:\;\*\"\)\!\?\/\%\$\£\|\^\<\>])(?![^<]*(<\/a>|<\/span>|" \/>|>))/~';

} As you may see i have applied ~ before all single quote i wanna ask am i in the right way ?

Manish Jesani
  • 1,339
  • 5
  • 20
  • 36
Saif Ali
  • 429
  • 5
  • 23
  • not when you combine them like this `~' . $title . '~`, and you should always use `preg_quote()` on variable input in regx unless it's part of the regx of course. – ArtisticPhoenix Jul 05 '16 at 07:49

1 Answers1

3

Im guessing title starts with a C right? Ideally your code should be

return '~/(?<!\w)((?i)' . preg_quote($title,'~') . '(?-i))(?=[ \.\,\:\;\*\"\)\!\?\/\%\$\£\|\^\<\>])(?![^<]*(<\/a>|<\/span>|" \/>|>))/~';

Or something similar, because this bit is including the delimiters a second time

return '~/(?<!\w)((?i)~' . $title . '~ ..etc

And that is not gonna work very well. See the thing is if Title start with C as in Cats

'~/(?<!\w)((?i)~Cats~( ... );'

PHP will think you have these flags C,a,t and s, as in

'~/(?<!\w)((?i)~Cats`

Because it will end the regex when it gets to those added delimiters, and as such anything left becomes the flags and eventually you'll hit on a character that is not a valid flag. It's kind of like a double quoting issue, if that makes sense.

Also you should use preg_quote whenever inserting variables into a regex(if they are not meant to be a regex) because if title has a . or other special things like []() etc.. or even the ~ as in $title='yoursite ~ cats' it will think its part of the regex. You can even add the delimiter in as the second argument so preg_quote($title, '~'). And then of course get rid of those delimiters I mentioned above.

string preg_quote ( string $str [, string $delimiter = NULL ] )

preg_quote() takes str and puts a backslash in front of every character that is part of the regular expression syntax. This is useful if you have a run-time string that you need to match in some text and the string may contain special regex characters.

The special regular expression characters are: . \ + * ? [ ^ ] $ ( ) { } = ! < > | : -

http://php.net/manual/en/function.preg-quote.php

Hope that helps!

Community
  • 1
  • 1
ArtisticPhoenix
  • 21,464
  • 2
  • 24
  • 38