archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-18 15:08:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed bug #24556

Browse source
This commit is contained in:
Moriyoshi Koizumi 2003-07-12 09:33:31 +00:00
parent 4c8230696c
commit 4b07cb98b1
1 changed files with 8 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

14
ext/standard/string.c
View file

@ -3800,6 +3800,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in
lc = '<'; lc = '<';
state = 1; state = 1;
if (allow) { if (allow) {
tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
*(tp++) = '<'; *(tp++) = '<';
} }
} else if (state == 1) { } else if (state == 1) {
@ -3814,6 +3815,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in
br++; br++;
} }
} else if (allow && state == 1) { } else if (allow && state == 1) {
tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
*(tp++) = c; *(tp++) = c;
} else if (state == 0) { } else if (state == 0) {
*(rp++) = c; *(rp++) = c;
@ -3827,6 +3829,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in
br--; br--;
} }
} else if (allow && state == 1) { } else if (allow && state == 1) {
tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
*(tp++) = c; *(tp++) = c;
} else if (state == 0) { } else if (state == 0) {
*(rp++) = c; *(rp++) = c;
@ -3844,6 +3847,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in
lc = '>'; lc = '>';
state = 0; state = 0;
if (allow) { if (allow) {
tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
*(tp++) = '>'; *(tp++) = '>';
*tp='\0'; *tp='\0';
if (php_tag_find(tbuf, tp-tbuf, allow)) { if (php_tag_find(tbuf, tp-tbuf, allow)) {
@ -3890,6 +3894,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in
} else if (state == 0) { } else if (state == 0) {
*(rp++) = c; *(rp++) = c;
} else if (allow && state == 1) { } else if (allow && state == 1) {
tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
*(tp++) = c; *(tp++) = c;
} }
break; break;
@ -3903,11 +3908,8 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in
if (state == 0) { if (state == 0) {
*(rp++) = c; *(rp++) = c;
} else if (allow && state == 1) { } else if (allow && state == 1) {
tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
*(tp++) = c; *(tp++) = c;
if ( (tp-tbuf) >= PHP_TAG_BUF_SIZE ) {
/* prevent buffer overflows */
tp = tbuf;
}
} }
} }
break; break;
@ -3960,10 +3962,8 @@ reg_char:
if (state == 0) { if (state == 0) {
*(rp++) = c; *(rp++) = c;
} else if (allow && state == 1) { } else if (allow && state == 1) {
tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
*(tp++) = c; *(tp++) = c;
if ( (tp-tbuf) >= PHP_TAG_BUF_SIZE ) { /* no buffer overflows */
tp = tbuf;
}
} }
break; break;
} }