Last active
September 4, 2021 21:40
-
-
Save drbyte/c188f448137fc149c609 to your computer and use it in GitHub Desktop.
Regex patterns to detect old PHP code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Find each() and create_function() calls >= PHP 7.2 | |
| =(\W)?(each|create_function) ?\( | |
| (or look for the while/list/each construct): | |
| while\W?\(\W?list\W?\(.*=\W?each\( | |
| Find all SHORT tags >= 5.3 | |
| (.*)<\?(?!(p|x|=))(.*) | |
| Old ereg >= 5.3 | |
| \W(spliti?|eregi?|eregi?_replace|sql_regcase)[ ]?\( | |
| HTTP_xxxx VARS >= 5.3 | |
| \$HTTP_((GET|POST|REQUEST|SERVER|FILE|COOKIE)_VARS|RAW_POST_DATA) | |
| mysql_ >= 5.5 | |
| mysql_[a-z]{4,18}\( | |
| magic_quotes or safe_mode >= 5.4 | |
| (magic_quotes|safe_mode) | |
| global $_POST / $_GET etc | |
| \Wglobal .*\$_(POST|GET|SERVER|REQUEST|FILE|COOKIE).*; | |
| or ... | |
| One Pattern To Rule Them All (which includes a few for additional PHP RFCs being incorporated): | |
| (=(\W)?each ?\(|(.*)<\?(?!(p|x|=))(.*)|\W(?<!\.)(spliti?|eregi?|eregi?_replace|sql_regcase|create_function|gmp_random|__autoload|assert)[ ]?\(|\$HTTP_((GET|POST|REQUEST|SERVER|FILE|COOKIE)_VARS|RAW_POST_DATA)|\Wmysql_[a-z]{4,18}\(|magic_quotes|safe_mode|\bglobal .*\$_(POST|GET|SERVER|REQUEST|FILE|COOKIE).*;|\(unset\)|\$php_errormsg) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment