From 6b0b29edd6084699ae6690064c997b9bf44462d4 Mon Sep 17 00:00:00 2001
From: Julien Pauli <jpauli@php.net>
Date: Tue, 22 Dec 2015 16:25:51 +0100
Subject: [PATCH 1/2] Fix #70720

---
 ext/standard/string.c                    | 7 ++++---
 ext/standard/tests/strings/bug70720.phpt | 6 +++++-
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/ext/standard/string.c b/ext/standard/string.c
index 5889b87ffb6..bcfc3b61812 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -4590,6 +4590,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow,
 	int br, i=0, depth=0, in_q = 0;
 	int state = 0, pos;
 	char *allow_free = NULL;
+	char is_xml = 0;
 
 	if (stateptr)
 		state = *stateptr;
@@ -4689,10 +4690,10 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow,
 				switch (state) {
 					case 1: /* HTML/XML */
 						lc = '>';
-						if (*(p -1) == '-') {
+						if (is_xml && *(p -1) == '-') {
 							break;
 						}
-						in_q = state = 0;
+						in_q = state = is_xml = 0;
 						if (allow) {
 							if (tp - tbuf >= PHP_TAG_BUF_SIZE) {
 								pos = tp - tbuf;
@@ -4822,7 +4823,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow,
 				 */
 
 				if (state == 2 && p > buf+2 && strncasecmp(p-4, "<?xm", 4) == 0) {
-					state = 1;
+					state = 1; is_xml=1;
 					break;
 				}
 
diff --git a/ext/standard/tests/strings/bug70720.phpt b/ext/standard/tests/strings/bug70720.phpt
index edf60080acc..6cdc600c2da 100644
--- a/ext/standard/tests/strings/bug70720.phpt
+++ b/ext/standard/tests/strings/bug70720.phpt
@@ -5,8 +5,12 @@ Bug #70720 (strip_tags() doesnt handle "xml" correctly)
 var_dump(strip_tags('<?php $dom->test(); ?> this is a test'));
 var_dump(strip_tags('<?php $xml->test(); ?> this is a test'));
 var_dump(strip_tags('<?xml $xml->test(); ?> this is a test'));
+
+/* "->" case in HTML */
+var_dump(strip_tags("<span class=sf-dump-> this is a test</span>"));
 ?>
 --EXPECTF--
 string(15) " this is a test"
 string(15) " this is a test"
-string(15) " this is a test"
\ No newline at end of file
+string(15) " this is a test"
+string(15) " this is a test"

From ed80ca00f40866001c024288171e35cfc0b078c4 Mon Sep 17 00:00:00 2001
From: Julien Pauli <jpauli@php.net>
Date: Tue, 2 Feb 2016 18:14:57 +0100
Subject: [PATCH 2/2] Updated NEWS

---
 NEWS | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/NEWS b/NEWS
index e328c6b4fdd..a5433b218d7 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,9 @@ PHP                                                                        NEWS
 - PCRE:
   . Upgraded bundled PCRE library to 8.38.
 
+- Standard:
+  . Fixed bug #70720 (strip_tags improper php code parsing). (Julien)
+
 04 Feb 2016, PHP 5.6.18
 
 - Core:
@@ -44,9 +47,6 @@ PHP                                                                        NEWS
   . Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading).
     (Laruence)
 
-- Standard:
-  . Fixed bug #70720 (strip_tags improper php code parsing). (Julien)
-
 07 Jan 2016, PHP 5.6.17
 
 - Core: