WordPress.org

Support

Support » Plugins and Hacks » [plugin CSS Compress] – has a really bad regex

[plugin CSS Compress] – has a really bad regex

  • The comment matching regex in css-compress.php is fatally flawed (for most NFA regex engines – including PHP/PCRE). Although this regex does work very well when matching valid comments, it fails and goes super-linear (i.e. experiences “catastrophic backtracking”) when faced with an invalid comment such as this one:

    ‘/************************ /’

    The regex engine requires more than 400,000 steps to determine that this short string does not match. (Adding just two more asterisks kicks this up to over a million!) Fortunately, the regex is easily fixed by adding just one character…

    ‘Bad:
    /\*[^*]*\*+([^/][^*]*\*+)*/
    Good:
    /\*[^*]*\*+([^/*][^*]*\*+)*/’

    The fixed regex requires only 9 steps to declare a non-match. Please refer to the book: “Mastering Regular Expressions (3rd Edition” by Jeffrey Friedl for a complete description of this regex and the advanced “un-rolling-the-loop” technique that it employs. (Friedl is the one who originally wrote this regex and came up with this technique).

    For more info an Catastrophic Backtracking see:
    http://www.regular-expressions.info/catastrophic.html

    Hope this helps. =^)

  • The topic ‘[plugin CSS Compress] – has a really bad regex’ is closed to new replies.
Skip to toolbar