Tikitiki Wrote:No, I used your patch
Also, are you sure $setting['value'] = ereg_replace("(\\\\*)\\\"","\\1\\1\\\"",$setting['value']); is right? Are you sure there is supposed to be two \\1 ?
I've tested it to see if it works, so it should be right.
However, I put \\1\\1 in there so that way it will turn \ into \\ before the final \", while allowing a potentially infinite number of \ in the find/replace process.
Okey, cool, was just checking
(As you can tell I'm not too good with regex)
Regex is fine. I have trouble with Perl regex sometimes myself.
It's cool. I mean, I definitely understand the motive for asking people to explain why their code is a good idea.
[off-topic]nice presents Tiki![/offtopic]
Eww, I don't like that patch.
It's overly complex, and doesn't address the root problem: unescaped backslashes.
With or without the patch, if I enter "blah////\\\\blah" as the bbname setting, it's written to the file as exactly that, and displayed as "blah////\\blah".
I suggest using this method instead, which will correctly escape all 3 characters that need escaping: backslashes, double quotes, and dollar signs.
$setting['value'] = addcslashes($setting['value'], '\\"$');
While you're at it, this line should be moved up, because the value copied into
$mybb->settings[] shouldn't be escaped.
$mybb->settings[$setting['name']] = $setting['value'];