如何检查正则表达式在PHP中是否有害？ [英] How can I check if a regular expression is not harmful in PHP

问题描述

我正在研究一个项目。这个项目有一个用PHP编写的用户界面。在管理部分，用户需要输入正则表达式的表单输入。据我所知，我无法检查是否是正则表达式，因为每个字符串都是正则表达式。我想要做的是检查这个输入是否正确？我可以做到这一点？

解决方案

通过分析正则表达式很难做到这一点（实际上解析正则表达式本身。

我建议你宁愿使用保守的设置 pcre.backtrack-limit 和 pcre.recursion_limit a>。

I am working on a project. This project have a user interface that we wrote in PHP. In the management part, there is a form input where the user needs to enter a regular expression. As I know, I can not check if is a regex or not, because every string is a regex. What I want to do is check whether this input is proper or not? Which way I can do it?

解决方案

It's very hard to do this by analysing the regex (short of actually parsing the regex itself.

I suggest you rather use conservative settings for pcre.backtrack-limit and pcre.recursion_limit.

这篇关于如何检查正则表达式在PHP中是否有害？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！