Bugfix: regular expression parsing logic for error message translation is incorrect

preg_replace() may return a non-string, so validate its value before replacing.
- if something goes wrong, then keep original string.

With the use of arguments that begin with ':{' and end with '}', the '/b' command is preventing the regular expressions from working.

If the detail value is not a string, instread provide an empty string for replacement.

diff --git a/common/base/classes/base_error_messages_english.php b/common/base/classes/base_error_messages_english.php
index 281b659ded678a2e8806c2bb7ecbf5aadfb8726f..2a18123d0c90e498329f34bb625a30c1958e97df 100644 (file)
--- a/common/base/classes/base_error_messages_english.php
+++ b/common/base/classes/base_error_messages_english.php
@@ -75,20 +75,35 @@ final class c_base_error_messages_english implements i_base_error_messages {
     if (isset($details['arguments']) && is_array($details['arguments'])) {
       if ($html) {
         foreach ($details['arguments'] as $detail_name => $detail_value) {
+          if (!is_string($detail_value)) {
+            $detail_value = '';
+          }
+
           $detail_name_css = 'error_message-argument-' . preg_replace('/[^[:word:]-]/i', '', $detail_name);
-          $message = preg_replace('/' . preg_quote($detail_name, '/') . '\b/i', '<div class="error_message-argument ' . $detail_name_css . '">' . htmlspecialchars($detail_value, ENT_HTML5 | ENT_COMPAT | ENT_DISALLOWED | ENT_SUBSTITUTE, 'UTF-8') . '</div>', $message);
+          $processed_message = preg_replace('/' . preg_quote($detail_name, '/') . '/i', '<div class="error_message-argument ' . $detail_name_css . '">' . htmlspecialchars($detail_value, ENT_HTML5 | ENT_COMPAT | ENT_DISALLOWED | ENT_SUBSTITUTE, 'UTF-8') . '</div>', $message);
+          if (is_string($processed_message)) {
+            $message = $processed_message;
+          }
         }
         unset($detail_name_css);
+        unset($processed_message);
       }
       else {
-        foreach ($details as $detail_name => $detail_value) {
-          $message = preg_replace('/' . preg_quote($detail_name, '/') . '\b/i', $detail_value, $message);
+        foreach ($details['arguments'] as $detail_name => $detail_value) {
+          if (!is_string($detail_value)) {
+            $detail_value = '';
+          }
+
+          $processed_message = preg_replace('/' . preg_quote($detail_name, '/') . '/i', $detail_value, $message);
+          if (is_string($processed_message)) {
+            $message = $processed_message;
+          }
         }
+        unset($processed_message);
       }
       unset($detail_name);
       unset($detail_value);
       unset($details);
-
       if ($html) {
         return c_base_return_string::s_new('<div class="error_message error_message-' . $code . '">' . $message . '</div>');
       }

diff --git a/common/base/classes/base_error_messages_japanese.php b/common/base/classes/base_error_messages_japanese.php
index ca71ccb762f478ff124b3099effbfbae568460b4..afeff59720d0632e7282ec62622ad36094674fb5 100644 (file)
--- a/common/base/classes/base_error_messages_japanese.php
+++ b/common/base/classes/base_error_messages_japanese.php
@@ -80,15 +80,31 @@ final class c_base_error_messages_japanese implements i_base_error_messages {
     if (isset($details['arguments']) && is_array($details['arguments'])) {
       if ($html) {
         foreach ($details['arguments'] as $detail_name => $detail_value) {
+          if (!is_string($detail_value)) {
+            $detail_value = '';
+          }
+
           $detail_name_css = 'error_message-argument-' . preg_replace('/[^[:word:]-]/i', '', $detail_name);
-          $message = preg_replace('/' . preg_quote($detail_name, '/') . '\b/i', '<div class="error_message-argument ' . $detail_name_css . '">' . htmlspecialchars($detail_value, ENT_HTML5 | ENT_COMPAT | ENT_DISALLOWED | ENT_SUBSTITUTE, 'UTF-8') . '</div>', $message);
+          $processed_message = preg_replace('/' . preg_quote($detail_name, '/') . '/i', '<div class="error_message-argument ' . $detail_name_css . '">' . htmlspecialchars($detail_value, ENT_HTML5 | ENT_COMPAT | ENT_DISALLOWED | ENT_SUBSTITUTE, 'UTF-8') . '</div>', $message);
+          if (is_string($processed_message)) {
+            $message = $processed_message;
+          }
         }
+        unset($processed_message);
         unset($detail_name_css);
       }
       else {
-        foreach ($details as $detail_name => $detail_value) {
-          $message = preg_replace('/' . preg_quote($detail_name, '/') . '\b/i', $detail_value, $message);
+        foreach ($details['arguments'] as $detail_name => $detail_value) {
+          if (!is_string($detail_value)) {
+            $detail_value = '';
+          }
+
+          $processed_message = preg_replace('/' . preg_quote($detail_name, '/') . '/i', $detail_value, $message);
+          if (is_string($processed_message)) {
+            $message = $processed_message;
+          }
         }
+        unset($processed_message);
       }
       unset($detail_name);
       unset($detail_value);