May be I should tell to you that the preg_replace /e option issue is on the way to be fixed.
What's the /e option issue
It is fully explained in this page, but basically the
/e option is added at the end of the regular expression to tell to function
preg_replace it must call to a function with every result of the search.
The problem appears when it is used to format or validate data sent by user to be displayed in a page. In that case it can be used to inject PHP code. A fast fix is to substitute
preg_replace_callback. Another fix is to use other algorithms or code to do the work.
What I'm doing to fix it
I'm doing a simple update to the Gesbit core to fix it. In some cases I've updated some third party libraries that fixes this issue by themselves. In other cases I've modified several core lines. This last cases I'm doing the "fast fix" I talked previously.
I didn't test all them so may be they don't work properly at the moment. If you find any issue, please tell me.