strip_tags improper php code parsing
| Bug #70720 | strip_tags improper php code parsing | ||||
|---|---|---|---|---|---|
| Submitted: | 2015-10-15 14:54 UTC | Modified: | 2016-02-02 09:42 UTC | ||
| From: | admin at sinfocol dot org | Assigned: | jpauli (profile) | ||
| Status: | Closed | Package: | Strings related | ||
| PHP Version: | Irrelevant | OS: | Any | ||
| Private report: | No | CVE-ID: | None | ||
[2015-10-15 14:54 UTC] admin at sinfocol dot org
Description:
------------
Hello,
The strip_tags function stop the processing of php code until the next ">" is found if the string "xml" is included within php tags.
Test script:
---------------
<?php
var_dump(strip_tags('<?php $dom->test(); ?> this is a test'));
var_dump(strip_tags('<?php $xml->test(); ?> this is a test'));
Expected result:
----------------
string(15) " this is a test"
string(15) " this is a test"
Actual result:
--------------
string(15) " this is a test"
string(25) "test(); ?> this is a test"
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits
[2015-12-22 14:15 UTC] jpauli@php.net
-Type: Security +Type: Bug -Assigned To: +Assigned To: jpauli
[2015-12-22 15:28 UTC] jpauli@php.net
-Status: Assigned +Status: Closed
[2015-12-22 15:35 UTC] jpauli@php.net
[2016-01-06 14:35 UTC] tyrael@php.net
[2016-02-02 09:42 UTC] jpauli@php.net
-Status: Closed +Status: Assigned
[2016-02-02 17:17 UTC] jpauli@php.net
-Status: Assigned +Status: Closed
[2016-02-02 17:23 UTC] jpauli@php.net
[2016-03-28 08:33 UTC] samyabbas31 at gmail dot com
Hi, I still have a bug with the following code : <?php [...] scriptLog(' ->/view/main.php'); [...] ?> parsing assumes php code stops with "->" in the scriptLog argument. Regards, Sam