Extension talk:RegexParserFunctions

Could you put more samples of use here, Please. For example, what are the different using between match and replacement. --Roc michael 12:17, 15 June 2007 (UTC)


 * Hi Roc! More detailed examples and usage instructions are availble on the RegexParserFunctions Project HomePage. --Jimbojw 04:42, 16 June 2007 (UTC)


 * Thank for your help, Jimbojw.--Roc michael 07:10, 16 June 2007 (UTC)

I really love this extension!

I also have an improvement idea:

replacing like  would be much more usefull if it would be possible to do something with the replace string $1. For example. Certainly $1 as variable for such operations wouldn't be a good variable name because it also could be possible that in the match string is a $1. In this case we would get a problem. Perhaps you could make this work as variable for wikis with variable extension like: This would offer much new possiblities like run another regex over the matches. --Danwe 20:25, 22 February 2009 (UTC)

Helpful examples
I think it could be helpful if everybody who wrote a regex which is generally helpful adds it here. I Wrote one which dissolves all links inside a given string:

 

Example: " text text linktext and link " is going to be "text text linktext and link" --Danwe 22:15, 22 February 2009 (UTC)

Remove Category links
%\[\[Category?(?(?=[^\[\]\|]*\|)[^\[\]\|]*\||)([^\[\]]*)\]\]\n%

this removes cat links like. But it doesn't work if the category name includes : like in. How would I do that? Big thanks! --Subfader 20:32, 5 July 2009 (UTC)
 * /\[\[Category:.*\]\]\s*/s --Subfader 00:09, 8 July 2009 (UTC)

Doesn't work in 1.16alpha
Maybe you can have a look now already before everyone using this extension will come here ;) --Subfader 00:09, 8 July 2009 (UTC)
 * Using Extension:RegexFunctions instead :) --Subfader 22:45, 11 July 2009 (UTC)

New function for array regex (regexall)
I created a function regexall to get all matches of a regex. It returns all matches separated so you could use the result with the array extension for example. Replacing or getting some parts from brackets only is not possible yet. Please feel free to implement new features as well or to improve my code.

The function is based on the original regexParserFunction so I post it here for you as well:

--Danwe 14:02, 1 December 2009 (UTC)

New, (mostly) compatible regex extension with advanced features
I have just released my extension Regex Fun which also provides  function as provided by this function but with some extended features like: So there is no real reason to stick to the use of RegexParserFunctions right now. So far I have used that extension as well and time after time I have created my own functions, keeping it compatible. --Danwe 07:32, 5 November 2011 (UTC)
 * More sophisticated regular expression validation. Invalid expression will now output a formated inline error, catchable by . This might be the only reason why my new extension could break some of you old code, if you rely on invalid regex returning empty string. But you shouldn't have invalid regex anyway.
 * 'r' flag for  returning "" in case no replacement was done.
 * 'e' flag allows to parse replacement string after reference insertion before input text replacement.
 * Three more useful parser functions dealing with regular expressions:,   and

Real example of a PHP injection?
The page states it's vulnerable to PHP code execution. But there is a following line in the code:

$acceptable = '/^([\\/\\|%]).*\\1[imsu]*$/';

I.e. it checks the input regexp for [imsu] flags, [e] flag is discarded. And it checks it in default /s mode (without PCRE_MULTILINE) so it's not possible to do

/a\/ /e

And nothing else comes to my mind... So, what's the real example of php injection here?

OK, there is a null-byte attack - like /a/e/. But I'm curious how to put a null byte into a mediawiki article? Even if it's present in the DB it gets transformed into \xFFFD probably by part of some UTF-8 sanitizing. So it seems impossible to use this kind of attack, either... Or is there a way of doing it?

VitaliyFilippov (talk) 11:40, 7 October 2013 (UTC)

Breaks the built-in 'urlencode' function
This extension registers its own 'urlencode' parser function, for some reason, which replaces the built-in parser function of the same name. This version of 'urlencode' does not recognize the parameters of the official 'urlencode', leading to incorrect results.

So, for example:

This extension also registers an undocumented 'eval' parser function, which seems like a security risk.

Smith.dan (talk) 17:29, 30 April 2018 (UTC)