

The Prime That Wasn't  - jordanmessina
http://zmievski.org/2010/08/the-prime-that-wasnt

======
paulgb
What's scary here is that PHP returns 0 (meaning no match found) rather than
FALSE, which is the error return value of preg_match. It's this attitude of
failing silently that makes PHP feel like a dangerous language.

Granted, it's smart that PHP does have a default backtrack limit. I believe
this would have prevented errors like the django forms DoS vulnerability from
a while back.

~~~
ars
Line 64 of [http://svn.php.net/repository/php/php-
src/trunk/ext/pcre/php...](http://svn.php.net/repository/php/php-
src/trunk/ext/pcre/php_pcre.c) shows that they do handle it.

And you use the preg_last_error() function to see it.

The return false is for php errors (i.e. programming errors, which also raise
warnings), not library errors.

~~~
paulgb
Setting a flag and failing silently is still failing silently.

------
btilly
This pattern is usually attributed to the famous Perl hacker, Abigail. Abigail
is also noted as one of the people who popularized the idea of a JAPH. That is
a short piece of Perl that prints out "Just another Perl hacker". For instance
the very misleadingly commented:

    
    
      $;                                   # A lone dollar?
      =$";                                 # Pod?
      $;                                   # The return of the lone dollar?
      {Just=>another=>Perl=>Hacker=>}      # Bare block?
      =$/;                                 # More pod?
      print%;                              # No right operand for %?

~~~
cschneid
Do you have a link to a breakdown of that?

~~~
btilly
<http://www.perlmonks.org/index.pl?node_id=24173>

------
phaedrus
The idea behind how this works using regular expressions is very similar to
how some C++ template metaprograms work.

