From 76c687feaf86d305f8ba510a7319ccc1b66a8901 Mon Sep 17 00:00:00 2001
From: Nikita Popov <nikita.ppv@gmail.com>
Date: Tue, 8 Jan 2019 10:21:01 +0100
Subject: Fixed bug #77428

mb_ereg_replace historically has not supported escaping backslashes
with backslashes. Go back to that behavior for BC reasons.
---
 ext/mbstring/php_mbregex.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'ext/mbstring/php_mbregex.c')

diff --git a/ext/mbstring/php_mbregex.c b/ext/mbstring/php_mbregex.c
index 85219b00e4..cc96e04f39 100644
--- a/ext/mbstring/php_mbregex.c
+++ b/ext/mbstring/php_mbregex.c
@@ -791,7 +791,9 @@ static inline void mb_regex_substitute(
 				no = onig_name_to_backref_number(regexp, (OnigUChar *)name, (OnigUChar *)name_end, regs);
 				break;
 			default:
-				p += clen;
+				/* We're not treating \ as an escape character and will interpret something like
+				 * \\1 as \ followed by \1, rather than \\ followed by 1. This is because this
+				 * function has not supported escaping of backslashes historically. */
 				smart_str_appendl(pbuf, sp, p - sp);
 				continue;
 		}
-- 
cgit v1.2.1