- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
create_function('frist')
Admin
< php create_function ($m, 'echo "secnod, because frist is wrong"') ? >
Admin
create_function('invent new regular expression language')
Admin
There is a reason for the while loop: after $content is mangled it can match in new and interesting ways (especially as it is unescaping things).
Admin
I haven't parsed this, but the while() loop allows for nested PHP markup?
Admin
That was my first thought, also--the replacement might add something more that can be replaced.
What really worries me here is what is the source of whatever's being processed here? Is the client in any way involved?
Admin
Chances are, they're having to loop the regular expression because it's only catching the outermost instance. So if, for instance, you had (and the regex replaced the tags with square-bracketed versions):
<html><body>Things</body></html>The first iteration would give you:
[html]<body>Things</body>[/html]
The second would give you:
[html][body]Things[/body][/html]
And so on.
Admin
From the comments:
I agree it's not automation making PHP bad as much as some kind of demonic influence to always do the worst possible thing.
Admin
It is PHP all the way down. That's what "PHP" stands for.
Admin
The comment you quoted does not evoke the true horror this feature. This does, quoted from the same manual page:
See if you run that code in a loop, every cycle creates a new Anonymous function that consumes memory that can never be reclaimed. The creator of create_function is truly evil, also demented.
Admin
Unfortunately yes, the $content parameter was coming straight and not sanitized from a client side editor panel...
Admin
Maybe they thought they could fix it the way this comment suggested:
Admin
Many many sins in PHP's development were committed with the excuse that a process that exists to serve a single web page wouldn't be running for very long anyway.
Admin
I thought it stood for "Pretty Horrible Programs".
Admin
You got it almost right. It's "PHP Horrible Programs".