From 173c1615131a373443b5466b2758c8f6030f1e44 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20B=C3=BCrk?= <stefan@buerk.tech>
Date: Sun, 23 Jun 2024 23:07:53 +0200
Subject: [PATCH] [BUGFIX] Silence regexp pattern errors in EXT:redirects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This change adds a `@` silence operator to the usage of
`preg_match()` in the `RedirectService`. This prevents errors
in case of manually-entered malformed regexp patterns and follows
existing similar usages of the service.

Additionally, a todo comment is added to evaluate future early
pattern evaluation in record creation/editing so that
a proper response to invalid patterns can be emitted.

Resolves: #102176
Releases: main, 12.4, 11.5
Change-Id: I88687c128986ae6fa1e2b7a3a4bf414ee8f952f0
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/84843
Reviewed-by: Stefan BÃ¼rk <stefan@buerk.tech>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Stefan BÃ¼rk <stefan@buerk.tech>
---
 typo3/sysext/redirects/Classes/Service/RedirectService.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/typo3/sysext/redirects/Classes/Service/RedirectService.php b/typo3/sysext/redirects/Classes/Service/RedirectService.php
index 1fd725038ad7..679e1ed9940a 100644
--- a/typo3/sysext/redirects/Classes/Service/RedirectService.php
+++ b/typo3/sysext/redirects/Classes/Service/RedirectService.php
@@ -110,6 +110,7 @@ class RedirectService implements LoggerAwareInterface
                 }
             }
 
+            // @todo Evaluate if regexp patterns could be validated on creation/edit to give feedback on creation.
             // check all regex redirects respecting query arguments
             if (!empty($redirects['regexp_query_parameters'])) {
                 $allRegexps = array_keys($redirects['regexp_query_parameters']);
@@ -133,6 +134,7 @@ class RedirectService implements LoggerAwareInterface
                 }
             }
 
+            // @todo Evaluate if regexp patterns could be validated on creation/edit to give feedback on creation.
             // check all redirects that are registered as regex
             if (!empty($redirects['regexp_flat'])) {
                 $allRegexps = array_keys($redirects['regexp_flat']);
@@ -161,7 +163,7 @@ class RedirectService implements LoggerAwareInterface
                 // preg_match would have found it.
                 if (!empty($query)) {
                     foreach ($allRegexps as $regexp) {
-                        $matchResult = preg_match((string)$regexp, $path);
+                        $matchResult = @preg_match((string)$regexp, $path);
                         if ($matchResult > 0) {
                             if ($matchedRedirect = $this->getFirstActiveRedirectFromPossibleRedirects($redirects['regexp_flat'][$regexp])) {
                                 return $matchedRedirect;
@@ -422,7 +424,7 @@ class RedirectService implements LoggerAwareInterface
         if (($matchedRedirect['respect_query_parameters'] ?? false) && $uri->getQuery()) {
             $uriToCheck .= '?' . rawurldecode($uri->getQuery());
         }
-        $matchResult = preg_match($matchedRedirect['source_path'], $uriToCheck, $matches);
+        $matchResult = @preg_match($matchedRedirect['source_path'], $uriToCheck, $matches);
         if ($matchResult > 0) {
             foreach ($matches as $key => $val) {
                 // Unsafe regexp captching group may lead to adding query parameters to result url, which we need
-- 
GitLab