HomePhabricator

Safer way to inject mediainfo html

Authored by matthiasmullie on Feb 14 2019, 2:26 PM.

Description

Safer way to inject mediainfo html

The preg_replace replacement value ($structuredDataHtml)
includes content that could be tricky.
GUIDs, for example, look like to: M123$12f34-...
preg_replace thinks that $12 portion is a back reference, and
that $12 needs to be replaced with the 12th captured group
in that regex. Since there is none, the $12 part just gets
omitted, and we're left with an incorrect GUID.

Since we're not even doing any pattern matching in here,
we could just as well use str_replace, that's going to be safer :)

Change-Id: I2baeaddb80cd4517c7d53968b12e6fe396a3b389