mirror of
https://github.com/php/php-src.git
synced 2025-08-18 15:08:55 +02:00
Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long)
This commit is contained in:
Ilia Alshanetsky
parent
8aa8b6135b
commit
b0f76c2534
3 changed files with 49 additions and 9 deletions
2
NEWS
2
NEWS
|
|
@ -25,6 +25,8 @@ PHP NEWS
|
||||||
|
|
||||||
- Fixed bug #50859 (build fails with openssl 1.0 due to md2 deprecation).
|
- Fixed bug #50859 (build fails with openssl 1.0 due to md2 deprecation).
|
||||||
(Ilia, hanno at hboeck dot de)
|
(Ilia, hanno at hboeck dot de)
|
||||||
|
- Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes
|
||||||
|
long). (Ilia)
|
||||||
- Fixed bug #50829 (php.ini directive pdo_mysql.default_socket is ignored).
|
- Fixed bug #50829 (php.ini directive pdo_mysql.default_socket is ignored).
|
||||||
(Ilia)
|
(Ilia)
|
||||||
- Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP
|
- Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP
|
||||||
|
|
|
||||||
|
|
@ -4243,7 +4243,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow,
|
||||||
{
|
{
|
||||||
char *tbuf, *buf, *p, *tp, *rp, c, lc;
|
char *tbuf, *buf, *p, *tp, *rp, c, lc;
|
||||||
int br, i=0, depth=0, in_q = 0;
|
int br, i=0, depth=0, in_q = 0;
|
||||||
int state = 0;
|
int state = 0, pos;
|
||||||
|
|
||||||
if (stateptr)
|
if (stateptr)
|
||||||
state = *stateptr;
|
state = *stateptr;
|
||||||
|
|
@ -4277,7 +4277,11 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow,
|
||||||
lc = '<';
|
lc = '<';
|
||||||
state = 1;
|
state = 1;
|
||||||
if (allow) {
|
if (allow) {
|
||||||
tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
|
if (tp - tbuf >= PHP_TAG_BUF_SIZE) {
|
||||||
|
pos = tp - tbuf;
|
||||||
|
tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1);
|
||||||
|
tp = tbuf + pos;
|
||||||
|
}
|
||||||
*(tp++) = '<';
|
*(tp++) = '<';
|
||||||
}
|
}
|
||||||
} else if (state == 1) {
|
} else if (state == 1) {
|
||||||
|
|
@ -4292,7 +4296,11 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow,
|
||||||
br++;
|
br++;
|
||||||
}
|
}
|
||||||
} else if (allow && state == 1) {
|
} else if (allow && state == 1) {
|
||||||
tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
|
if (tp - tbuf >= PHP_TAG_BUF_SIZE) {
|
||||||
|
pos = tp - tbuf;
|
||||||
|
tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1);
|
||||||
|
tp = tbuf + pos;
|
||||||
|
}
|
||||||
*(tp++) = c;
|
*(tp++) = c;
|
||||||
} else if (state == 0) {
|
} else if (state == 0) {
|
||||||
*(rp++) = c;
|
*(rp++) = c;
|
||||||
|
|
@ -4306,7 +4314,11 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow,
|
||||||
br--;
|
br--;
|
||||||
}
|
}
|
||||||
} else if (allow && state == 1) {
|
} else if (allow && state == 1) {
|
||||||
tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
|
if (tp - tbuf >= PHP_TAG_BUF_SIZE) {
|
||||||
|
pos = tp - tbuf;
|
||||||
|
tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1);
|
||||||
|
tp = tbuf + pos;
|
||||||
|
}
|
||||||
*(tp++) = c;
|
*(tp++) = c;
|
||||||
} else if (state == 0) {
|
} else if (state == 0) {
|
||||||
*(rp++) = c;
|
*(rp++) = c;
|
||||||
|
|
@ -4328,7 +4340,11 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow,
|
||||||
lc = '>';
|
lc = '>';
|
||||||
in_q = state = 0;
|
in_q = state = 0;
|
||||||
if (allow) {
|
if (allow) {
|
||||||
tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
|
if (tp - tbuf >= PHP_TAG_BUF_SIZE) {
|
||||||
|
pos = tp - tbuf;
|
||||||
|
tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1);
|
||||||
|
tp = tbuf + pos;
|
||||||
|
}
|
||||||
*(tp++) = '>';
|
*(tp++) = '>';
|
||||||
*tp='\0';
|
*tp='\0';
|
||||||
if (php_tag_find(tbuf, tp-tbuf, allow)) {
|
if (php_tag_find(tbuf, tp-tbuf, allow)) {
|
||||||
|
|
@ -4378,7 +4394,11 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow,
|
||||||
} else if (state == 0) {
|
} else if (state == 0) {
|
||||||
*(rp++) = c;
|
*(rp++) = c;
|
||||||
} else if (allow && state == 1) {
|
} else if (allow && state == 1) {
|
||||||
tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
|
if (tp - tbuf >= PHP_TAG_BUF_SIZE) {
|
||||||
|
pos = tp - tbuf;
|
||||||
|
tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1);
|
||||||
|
tp = tbuf + pos;
|
||||||
|
}
|
||||||
*(tp++) = c;
|
*(tp++) = c;
|
||||||
}
|
}
|
||||||
if (state && p != buf && (state == 1 || *(p-1) != '\\') && (!in_q || *p == in_q)) {
|
if (state && p != buf && (state == 1 || *(p-1) != '\\') && (!in_q || *p == in_q)) {
|
||||||
|
|
@ -4399,7 +4419,11 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow,
|
||||||
if (state == 0) {
|
if (state == 0) {
|
||||||
*(rp++) = c;
|
*(rp++) = c;
|
||||||
} else if (allow && state == 1) {
|
} else if (allow && state == 1) {
|
||||||
tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
|
if (tp - tbuf >= PHP_TAG_BUF_SIZE) {
|
||||||
|
pos = tp - tbuf;
|
||||||
|
tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1);
|
||||||
|
tp = tbuf + pos;
|
||||||
|
}
|
||||||
*(tp++) = c;
|
*(tp++) = c;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -4454,7 +4478,11 @@ reg_char:
|
||||||
if (state == 0) {
|
if (state == 0) {
|
||||||
*(rp++) = c;
|
*(rp++) = c;
|
||||||
} else if (allow && state == 1) {
|
} else if (allow && state == 1) {
|
||||||
tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
|
if (tp - tbuf >= PHP_TAG_BUF_SIZE) {
|
||||||
|
pos = tp - tbuf;
|
||||||
|
tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1);
|
||||||
|
tp = tbuf + pos;
|
||||||
|
}
|
||||||
*(tp++) = c;
|
*(tp++) = c;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
|
||||||
10
ext/standard/tests/strings/bug50847.phpt
Normal file
10
ext/standard/tests/strings/bug50847.phpt
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
--TEST--
|
||||||
|
Bug #50847 (strip_tags() removes all tags greater then 1023 bytes long)
|
||||||
|
--FILE--
|
||||||
|
<?php
|
||||||
|
$var = '<param value="' . str_repeat("a", 2048) . '" />';
|
||||||
|
var_dump(strip_tags($var, "<param>"), strip_tags($var));
|
||||||
|
?>
|
||||||
|
--EXPECT--
|
||||||
|
string(2066) "<param value="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" />"
|
||||||
|
string(0) ""
|
||||||
Loading…
Add table
Add a link
Reference in a new issue