Fix ReDoS-bug in string_helper.php Fix for ReDoS (Regular Expression Denial of Service) / Code Injection Risk

commit: 36bd3413be0807fe358d87856b3a2f42047764fd [log] [tgz]
author: Kevin Morssink <contact@kevinmorssink.nl> Tue Aug 04 19:05:46 2015 +0200
committer: Andrey Andreev <narf@devilix.net> Fri Aug 07 13:24:22 2015 +0300
tree: 189aabec8c693b3a0bd78c3c5c886196886685b2
parent: 4e5ff1f7f8c1897526e9362fdcf7b574c1b3cdf9 [diff]
diff --git a/system/helpers/string_helper.php b/system/helpers/string_helper.php
index 5860e15..28e6ab1 100644
--- a/system/helpers/string_helper.php
+++ b/system/helpers/string_helper.php

@@ -253,7 +253,7 @@
 	 */
 	function increment_string($str, $separator = '_', $first = 1)
 	{
-		preg_match('/(.+)'.$separator.'([0-9]+)$/', $str, $match);
+		preg_match('/(.+)' . preg_quote($separator) . '([0-9]+)$/', $str, $match);
 		return isset($match[2]) ? $match[1].$separator.($match[2] + 1) : $str.$separator.$first;
 	}
 }
commit	36bd3413be0807fe358d87856b3a2f42047764fd	[log] [tgz]
author	Kevin Morssink <contact@kevinmorssink.nl>	Tue Aug 04 19:05:46 2015 +0200
committer	Andrey Andreev <narf@devilix.net>	Fri Aug 07 13:24:22 2015 +0300
tree	189aabec8c693b3a0bd78c3c5c886196886685b2
parent	4e5ff1f7f8c1897526e9362fdcf7b574c1b3cdf9 [diff]