PHP :: Bug #7472 :: problem with strip_tags() function
| Bug #7472 | problem with strip_tags() function | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Submitted: | 2000-10-25 23:06 UTC | Modified: | 2002-09-21 12:39 UTC |
|
||||||
| From: | kjackson at gpu dot srv dot ualberta dot ca | Assigned: | ||||||||
| Status: | Closed | Package: | Strings related | |||||||
| PHP Version: | 4.3.0-dev | OS: | linux | |||||||
| Private report: | No | CVE-ID: | None | |||||||
[2000-10-25 23:06 UTC] kjackson at gpu dot srv dot ualberta dot ca
This bug causes strip_tags to stop stripping php tags, if your string contains the following in a <?php?> delimiter.
"title = \"([^\"]+)\""
Example:
echo strip_tags("
aghh1
<?PHP
if (eregi(\"title = \\\"([^\\\"]+)\", $x, $y))
echo \"foobar\";
?>
aghh2
");
will result in only aghh1 being reported when aghh2 should clearly be as well
Patches
Pull Requests
History
AllCommentsChangesGit/SVN commits
[2000-10-25 23:09 UTC] kjackson at gpu dot srv dot ualberta dot ca
[2001-02-10 15:14 UTC] jimw@php.net
it is the unbalanced quotes that causes this. smaller example: <?php echo strip_tags("first <?echo \"\\\"\"?> second"); ?> refiling against 4.0, although it would be nice if any fix were backported. (or the behavior could be documented.)[2002-01-22 07:34 UTC] martin at humany dot com
Bug still exists in PHP 4.1.1, tested under Linux 2.4 and Windows XP with: echo strip_tags("first <?echo \"\\\"\"?> second");[2002-07-29 09:16 UTC] nohn@php.net
[2002-07-29 17:12 UTC] rodif_bl@php.net
looked at php_strip_tags, The state machine is tracking "'s, )'s and ('s. I don't know if this is necessary. Can fix by simply removing that code. Emailed dev list asking for any further info.[2002-09-21 04:44 UTC] nohn@php.net
$result_strip_tags = strip_tags("first <?echo \"\\\"\"?> second"); echo "\n$result_strip_tags\n"; still results in sebastian@linux:~> /usr/local/bin/php strip_tags.php first sebastian@linux:~>[2002-09-21 12:39 UTC] iliaa@php.net