Is this only necessary if running PHP 5.5 [or higher] as it looks like the patch was needed following the depreciation of the /e modifier of preg_replace?
I'm still running FuelPHP 1.5 on PHP 5.4 and upgrading to 1.7 isn't straight forward right now.
It is in some cases possible that malicious code is injected to the the fact that the $1 will be replaced as-is with the input value. If that is posted and/or insuficciently validated, you run a risk.
Donate
