Re: Re: CVE Request - roundcubemail

[Florian Weimer <fw () deneb enyo de>]

* Ingrid wrote:

> Therefore, I agree with Raphael that the issue has not been found yet.

It may be related to:

  <http://www.hardened-php.net/advisory_042006.119.html>

Is there some way to turn of /e support in preg_replace (causing PHP
to abort with an error instead), in particular if the captures contain
one of the characters "$", "{", "}"?

Is it safe to surround the captures with '$1' instead of "$1"?