Fix sentence and remove PHP 5 info in PCRE pattern modifiers

reference/pcre/pattern.modifiers.xml

@@ -75,74 +75,6 @@
        </simpara>
       </listitem>
      </varlistentry>
-     <varlistentry xml:id="reference.pcre.pattern.modifiers.eval">
-      <term><emphasis>e</emphasis> (<literal>PREG_REPLACE_EVAL</literal>)</term>
-      <listitem>
-       &warn.deprecated.feature-5-5-0.removed-7-0-0;
-       <simpara>
-        If this deprecated modifier is set, <function>preg_replace</function>
-        does normal substitution of backreferences in the
-        replacement string, evaluates it as PHP code, and uses the
-        result for replacing the search string.
-        Single quotes, double quotes, backslashes (<literal>\</literal>) and NULL chars will 
-        be escaped by backslashes in substituted backreferences.
-       </simpara>
-       <caution>
-        <para>
-         The <function>addslashes</function> function is run on each matched backreference before
-         the substitution takes place. As such, when the backreference
-         is used as a quoted string, escaped characters will be converted
-         to literals. However, characters which are escaped, which would
-         normally not be converted, will retain their slashes. This makes
-         use of this modifier very complicated.
-        </para>
-       </caution>
-       <caution>
-        <para>
-         Make sure that <parameter>replacement</parameter> constitutes a valid PHP code string,
-         otherwise PHP will complain about a parse error at the line containing
-         <function>preg_replace</function>.
-        </para>
-       </caution>
-       <caution>
-        <para>
-         Use of this modifier is <emphasis>discouraged</emphasis>, as it can easily introduce
-         remote code execution vulnerabilities. To prevent these, the
-         <function>preg_replace_callback</function> function should be used instead:
-        </para>
-        <informalexample>
-         <programlisting role="php">
-<![CDATA[
-<?php
-$html = $_POST['html'];
-
-// uppercase headings
-$html = preg_replace_callback(
-    '(<h([1-6])>(.*?)</h\1>)',
-    function ($m) {
-        return "<h$m[1]>" . strtoupper($m[2]) . "</h$m[1]>";
-    },
-    $html
-);
-]]>
-         </programlisting>
-        </informalexample>
-        <para>
-         If the above example was written with <function>preg_replace</function> and the <literal>e</literal>
-         modifier, the code could be easily exploited by passing in a string such as
-         <literal>&lt;h1&gt;{${eval($_GET[php_code])}}&lt;/h1&gt;</literal>. This gave
-         the attacker the ability to execute arbitrary PHP code and as such gave them
-         nearly complete access to the server.
-        </para>
-       </caution>
-       <note>
-        <para>
-         Only <function>preg_replace</function> uses this modifier;
-         it is ignored by other PCRE functions.
-        </para>
-       </note>
-      </listitem>
-     </varlistentry>
      <varlistentry>
       <term><emphasis>A</emphasis> (<literal>PCRE_ANCHORED</literal>)</term>
       <listitem>
@@ -238,8 +170,7 @@ $html = preg_replace_callback(
         treated as UTF-8. An invalid subject will cause the preg_* function to
         match nothing; an invalid pattern will trigger an error of
         level E_WARNING. Five and six octet UTF-8 sequences are
-        regarded as invalid resp. PCRE 7.3 2007-08-28; 
-        formerly those have been regarded as valid UTF-8. 
+        regarded as invalid.
        </simpara>
       </listitem>
      </varlistentry>