From 158beca70fd07c90fefbd98211223e4ac4a439c0 Mon Sep 17 00:00:00 2001
From: Kevin Day <thekevinday@gmail.com>
Date: Fri, 2 Feb 2018 23:56:06 -0600
Subject: [PATCH] Bugfix: regular expression parsing logic for error message
 translation is incorrect

preg_replace() may return a non-string, so validate its value before replacing.
- if something goes wrong, then keep original string.

With the use of arguments that begin with ':{' and end with '}', the '/b' command is preventing the regular expressions from working.

If the detail value is not a string, instread provide an empty string for replacement.
---
 .../base/classes/base_error_messages_english.php   | 23 ++++++++++++++++++----
 .../base/classes/base_error_messages_japanese.php  | 22 ++++++++++++++++++---
 2 files changed, 38 insertions(+), 7 deletions(-)

diff --git a/common/base/classes/base_error_messages_english.php b/common/base/classes/base_error_messages_english.php
index 281b659..2a18123 100644
--- a/common/base/classes/base_error_messages_english.php
+++ b/common/base/classes/base_error_messages_english.php
@@ -75,20 +75,35 @@ final class c_base_error_messages_english implements i_base_error_messages {
     if (isset($details['arguments']) && is_array($details['arguments'])) {
       if ($html) {
         foreach ($details['arguments'] as $detail_name => $detail_value) {
+          if (!is_string($detail_value)) {
+            $detail_value = '';
+          }
+
           $detail_name_css = 'error_message-argument-' . preg_replace('/[^[:word:]-]/i', '', $detail_name);
-          $message = preg_replace('/' . preg_quote($detail_name, '/') . '\b/i', '<div class="error_message-argument ' . $detail_name_css . '">' . htmlspecialchars($detail_value, ENT_HTML5 | ENT_COMPAT | ENT_DISALLOWED | ENT_SUBSTITUTE, 'UTF-8') . '</div>', $message);
+          $processed_message = preg_replace('/' . preg_quote($detail_name, '/') . '/i', '<div class="error_message-argument ' . $detail_name_css . '">' . htmlspecialchars($detail_value, ENT_HTML5 | ENT_COMPAT | ENT_DISALLOWED | ENT_SUBSTITUTE, 'UTF-8') . '</div>', $message);
+          if (is_string($processed_message)) {
+            $message = $processed_message;
+          }
         }
         unset($detail_name_css);
+        unset($processed_message);
       }
       else {
-        foreach ($details as $detail_name => $detail_value) {
-          $message = preg_replace('/' . preg_quote($detail_name, '/') . '\b/i', $detail_value, $message);
+        foreach ($details['arguments'] as $detail_name => $detail_value) {
+          if (!is_string($detail_value)) {
+            $detail_value = '';
+          }
+
+          $processed_message = preg_replace('/' . preg_quote($detail_name, '/') . '/i', $detail_value, $message);
+          if (is_string($processed_message)) {
+            $message = $processed_message;
+          }
         }
+        unset($processed_message);
       }
       unset($detail_name);
       unset($detail_value);
       unset($details);
-
       if ($html) {
         return c_base_return_string::s_new('<div class="error_message error_message-' . $code . '">' . $message . '</div>');
       }
diff --git a/common/base/classes/base_error_messages_japanese.php b/common/base/classes/base_error_messages_japanese.php
index ca71ccb..afeff59 100644
--- a/common/base/classes/base_error_messages_japanese.php
+++ b/common/base/classes/base_error_messages_japanese.php
@@ -80,15 +80,31 @@ final class c_base_error_messages_japanese implements i_base_error_messages {
     if (isset($details['arguments']) && is_array($details['arguments'])) {
       if ($html) {
         foreach ($details['arguments'] as $detail_name => $detail_value) {
+          if (!is_string($detail_value)) {
+            $detail_value = '';
+          }
+
           $detail_name_css = 'error_message-argument-' . preg_replace('/[^[:word:]-]/i', '', $detail_name);
-          $message = preg_replace('/' . preg_quote($detail_name, '/') . '\b/i', '<div class="error_message-argument ' . $detail_name_css . '">' . htmlspecialchars($detail_value, ENT_HTML5 | ENT_COMPAT | ENT_DISALLOWED | ENT_SUBSTITUTE, 'UTF-8') . '</div>', $message);
+          $processed_message = preg_replace('/' . preg_quote($detail_name, '/') . '/i', '<div class="error_message-argument ' . $detail_name_css . '">' . htmlspecialchars($detail_value, ENT_HTML5 | ENT_COMPAT | ENT_DISALLOWED | ENT_SUBSTITUTE, 'UTF-8') . '</div>', $message);
+          if (is_string($processed_message)) {
+            $message = $processed_message;
+          }
         }
+        unset($processed_message);
         unset($detail_name_css);
       }
       else {
-        foreach ($details as $detail_name => $detail_value) {
-          $message = preg_replace('/' . preg_quote($detail_name, '/') . '\b/i', $detail_value, $message);
+        foreach ($details['arguments'] as $detail_name => $detail_value) {
+          if (!is_string($detail_value)) {
+            $detail_value = '';
+          }
+
+          $processed_message = preg_replace('/' . preg_quote($detail_name, '/') . '/i', $detail_value, $message);
+          if (is_string($processed_message)) {
+            $message = $processed_message;
+          }
         }
+        unset($processed_message);
       }
       unset($detail_name);
       unset($detail_value);
-- 
1.8.3.1