From: grayson at levy dot org dot il Operating system: Red Hat PHP version: 5.2.12 PHP Bug Type: Unknown/Other Function Bug description: strip_tags() removes long param tags even when param is in the exclude list
Description: ------------ strip_tags() removes long param tags even when param is in the exclude list. Reproduce code: --------------- $var = "<param value=\"file=http://www.whitehouse.gov/videos/2010/January/011910_FallsChurchVA.m4v&path_to_plugins=http://www.whitehouse.gov/sites/default/modules/wh_multimedia/wh_jwplayer/plugins&path_to_player=http://www.whitehouse.gov/sites/all/modules/swftools/shared/flash_media_player&skin=http://www.whitehouse.gov/sites/all/modules/swftools/shared/flash_media_player/skins/EOP_skin.swf&captions_url=http://www.whitehouse.gov/sites/default/files/av_closedcaption/011910_Race_to_the_Top_for_Education_Reform.srtI=http://www.whitehouse.gov/sites/default/files/audio-video/video_thumbnail/P011910LJ-0100-3_0.jpg&controlbar=bottom&frontcolor=AAAAAA&plugins=http://www.whitehouse.gov/sites/default/modules/wh_multimedia/wh_jwplayer/plugins/privacy/privacy,http://www.whitehouse.gov/sites/default/modules/wh_multimedia/wh_jwplayer/plugins/hat/hat,http://www.whitehouse.gov/sites/default/modules/wh_multimedia/wh_jwplayer/plugins/share/share,http://www.whitehouse.gov/sites/default/modules/wh_multimedia/! wh_jwplayer/plugins/captions/captions&captions.file=http://www.whitehouse.gov/sites/default/files/av_closedcaption/011910_Race_to_the_Top_for_Education_Reform.srt\"; name=\"flashvars\" />"; $var = strip_tags($var, "<param>"); Expected result: ---------------- $var should be unchanged. Actual result: -------------- $var is empty. -- Edit bug report at http://bugs.php.net/?id=50847&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=50847&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=50847&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=50847&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=50847&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=50847&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=50847&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=50847&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=50847&r=needscript Try newer version: http://bugs.php.net/fix.php?id=50847&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=50847&r=support Expected behavior: http://bugs.php.net/fix.php?id=50847&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=50847&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=50847&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=50847&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=50847&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=50847&r=dst IIS Stability: http://bugs.php.net/fix.php?id=50847&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=50847&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=50847&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=50847&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=50847&r=mysqlcfg
