Both `str_replace` and `preg_replace` (deprecated /e modifier is checked in another rule) are widely used and shouldn't be considered as a marker of malicious code
JAMSS rule#23 gives false-positive warning for files that starts with `defined('_JEXEC')` (because of partial `exec` match) and use `$_GET` or `$_POST`. This patch requires `exec` (and other function names in) to be checked explicitly using word boundaries (`\b`) in the regex.