Bug #50847 [Com]: strip_tags() fails with extremely long tags (attributes)

Fri, 16 Apr 2010 20:53:32 -0700 

Edit report at http://bugs.php.net/bug.php?id=50847&edit=1

 ID:               50847
 Comment by:       sarun37823 at bigfoot dot com
 Reported by:      grayson at levy dot org dot il
 Summary:          strip_tags() fails with extremely long tags
                   (attributes)
 Status:           Closed
 Type:             Bug
 Package:          Strings related
 Operating System: *
 PHP Version:      5.*, 6

 New Comment:

http://th.php.net/ChangeLog-5.php#5.2.13

 

greater then 1023 bytes

should change to

greater than 1023 bytes

 


Previous Comments:
------------------------------------------------------------------------
[2010-02-01 12:59:21] il...@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.



------------------------------------------------------------------------
[2010-02-01 12:59:09] s...@php.net

Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&revision=294303
Log: Fixed bug #50847 (strip_tags() removes all tags greater then 1023
bytes long)

------------------------------------------------------------------------
[2010-01-26 17:18:19] j...@php.net

It doesn't matter what the tag is. Or what it contains. Single char
repeated enough times will make a mess.. 

------------------------------------------------------------------------
[2010-01-26 15:06:38] grayson at levy dot org dot il

Description:
------------
strip_tags() removes long param tags even when param is in the exclude
list.

Reproduce code:
---------------
$var = "<param
value=\"file=http://www.whitehouse.gov/videos/2010/January/011910_FallsChurchVA.m4v&path_to_plugins=http://www.whitehouse.gov/sites/default/modules/wh_multimedia/wh_jwplayer/plugins&path_to_player=http://www.whitehouse.gov/sites/all/modules/swftools/shared/flash_media_player&skin=http://www.whitehouse.gov/sites/all/modules/swftools/shared/flash_media_player/skins/EOP_skin.swf&captions_url=http://www.whitehouse.gov/sites/default/files/av_closedcaption/011910_Race_to_the_Top_for_Education_Reform.srtI=http://www.whitehouse.gov/sites/default/files/audio-video/video_thumbnail/P011910LJ-0100-3_0.jpg&controlbar=bottom&frontcolor=AAAAAA&plugins=http://www.whitehouse.gov/sites/default/modules/wh_multimedia/wh_jwplayer/plugins/privacy/privacy,http://www.whitehouse.gov/sites/default/modules/wh_multimedia/wh_jwplayer/plugins/hat/hat,http://www.whitehouse.gov/sites/default/modules/wh_multimedia/wh_jwplayer/plugins/share/share,http://www.whitehouse.gov/sites/default/modules/wh_multimedia/w
 
h_jwplayer/plugins/captions/captions&captions.file=http://www.whitehouse.gov/sites/default/files/av_closedcaption/011910_Race_to_the_Top_for_Education_Reform.srt\";
name=\"flashvars\" />";



$var = strip_tags($var, "<param>");





Expected result:
----------------
$var should be unchanged.

Actual result:
--------------
$var is empty.


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=50847&edit=1

Reply via email to