[plugin CSS Compress] – has a really bad regex
-
The comment matching regex in css-compress.php is fatally flawed (for most NFA regex engines – including PHP/PCRE). Although this regex does work very well when matching valid comments, it fails and goes super-linear (i.e. experiences “catastrophic backtracking”) when faced with an invalid comment such as this one:
‘/************************ /’
The regex engine requires more than 400,000 steps to determine that this short string does not match. (Adding just two more asterisks kicks this up to over a million!) Fortunately, the regex is easily fixed by adding just one character…
‘Bad:
/\*[^*]*\*+([^/][^*]*\*+)*/
Good:
/\*[^*]*\*+([^/*][^*]*\*+)*/’The fixed regex requires only 9 steps to declare a non-match. Please refer to the book: “Mastering Regular Expressions (3rd Edition” by Jeffrey Friedl for a complete description of this regex and the advanced “un-rolling-the-loop” technique that it employs. (Friedl is the one who originally wrote this regex and came up with this technique).
For more info an Catastrophic Backtracking see:
https://www.regular-expressions.info/catastrophic.htmlHope this helps. =^)
- The topic ‘[plugin CSS Compress] – has a really bad regex’ is closed to new replies.