Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Checking either the "Respect word boundaries" or "Match whole word/phrase" boxes in the config section of the screen for creating or editing a new instance of a tamper plugin will silently switch the find-and-replace to using REGEXes.
Further, because $settings['find'] isn't escaped, any slash that a user puts into the "Text to find" field will lead to preg_replace() to try to wrongly interpret any characters after the slash as REGEX modifiers, leading to a total, silent failure of the import.
plugins/find_replace.inc:
function feeds_tamper_find_replace_validate(&$settings) {
$settings['regex'] = FALSE;
if (!$settings['word_boundaries'] && !$settings['whole'] && $settings['case_sensitive']) {
$settings['func'] = 'str_replace';
}
elseif (!$settings['word_boundaries'] && !$settings['whole'] && !$settings['case_sensitive']) {
$settings['func'] = 'str_ireplace';
}
else {
$settings['regex'] = TRUE;
if ($settings['whole']) {
$regex = '/^' . $settings['find'] . '$/';
}
else {
$regex = '/\b' . $settings['find'] . '\b/';
}
if (!$settings['case_sensitive']) {
$regex .= 'i';
}
$settings['regex_find'] = $regex;
}
}
Comments
Comment #1
twistor CreditAttribution: twistor commentedHow about we fix it rather than document it?
Comment #4
twistor CreditAttribution: twistor commented