Edit report at https://bugs.php.net/bug.php?id=62032&edit=1
ID: 62032 Updated by: paj...@php.net Reported by: iamcraigcampbell at gmail dot com Summary: filter_var incorrectly strips characters from strings after "<" Status: Open Type: Bug Package: Filter related Operating System: Mac OS X PHP Version: 5.4.3 Block user comment: N Private report: N New Comment: > or < should be encoded then, see http://www.php.net/manual/en/filter.filters.sanitize.php btw, any option should be added using the option array or defaults, as it is the case already. Previous Comments: ------------------------------------------------------------------------ [2012-05-15 14:45:27] iamcraigcampbell at gmail dot com So in that case I think strip_tags and filter_var are both broken. In this context: "It is true that 5<10" "It is true that 5 < 10" Neither of these are html tags so the string should not be touched regardless of if there is a space or not. ------------------------------------------------------------------------ [2012-05-15 14:42:47] reeze dot xia at gmail dot com PS: the reason why strip_tags() didn't strip it is '<' is followed by a space char but not without ending '>', this is the key point. look deep into the source code, there difference is switch whether or not to trait '<' followed by a(or more) spaces a tag or not. ------------------------------------------------------------------------ [2012-05-15 14:36:26] reeze dot xia at gmail dot com strip_tags will strip it even without the ending '>' if '<' followed by a non-space char. If we need to check whether is a closed tag it is a feature request to change it's behavior. it will break BC. ------------------------------------------------------------------------ [2012-05-15 14:26:52] iamcraigcampbell at gmail dot com Well I can understand stripping it if there is a closing > somewhere, but if it is a < that is not followed by a matching > then it should be allowed in the string and not stripped. I think strip_tags works as expected. ------------------------------------------------------------------------ [2012-05-15 14:24:14] reeze dot xia at gmail dot com Hi, I think it's a document problem. you could refer this commit: http://svn.php.net/viewvc?view=revision&revision=225196 strip_tags() didn't allow space after < so strip_tags didn't trait it as a invalid tag so it didn't get striped. filter_var allow space after < so, it striped everything after <. I think we could add an extra paramater to strip_tags() allow space after < and document it eg: string strip_tags(string str [, string allowable_tags = null [, bool allow_tag_spaces = false]]) ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=62032 -- Edit this bug report at https://bugs.php.net/bug.php?id=62032&edit=1