Why is this an issue?
The PHP function
preg_replace can be used to perform a search and replace based on regular expression matches. The
$replacement parameter can contain references to capturing groups used in the
$pattern parameter. This can be achieved with
$n to reference the n’th group.
When referencing a nonexistent group, it will be substituted with an empty string. This is in general not the intended behavior, and might stay
unnoticed since no warning is raised.
Noncompliant code example
preg_replace("/(a)(b)(c)/", "\\1, \\9, \\3", "abc"); // Noncompliant - result is "a, , c"
preg_replace("/(a)(b)(c)/", "\\1, \\2, \\3", "abc");