dmitry Mon Jun 18 11:50:41 2007 UTC Modified files: /php-src/ext/standard string.c Log: MTH: Fixed bug #40432 (strip_tags() fails with greater than in attribute). http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.642&r2=1.643&diff_format=u Index: php-src/ext/standard/string.c diff -u php-src/ext/standard/string.c:1.642 php-src/ext/standard/string.c:1.643 --- php-src/ext/standard/string.c:1.642 Wed Jun 6 21:55:18 2007 +++ php-src/ext/standard/string.c Mon Jun 18 11:50:41 2007 @@ -18,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: string.c,v 1.642 2007/06/06 21:55:18 tony2001 Exp $ */ +/* $Id: string.c,v 1.643 2007/06/18 11:50:41 dmitry Exp $ */ /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */ @@ -6314,6 +6314,7 @@ int32_t idx = 0, tmp, codepts; UChar32 ch, next, prev1, prev2, last, doctype[6]; int br = 0, depth = 0, state = 0, i; + UChar in_q = 0; if (stateptr) state = *stateptr; @@ -6389,10 +6390,14 @@ break; } + if (in_q) { + break; + } + switch (state) { case 1: /* HTML/XML */ last = ch; - state = 0; + in_q = state = 0; if (allow_len) { tp = ((tp-tbuf) >= UBYTES(PHP_TAG_BUF_SIZE) ? tbuf: tp); *(tp++) = ch; @@ -6407,19 +6412,19 @@ case 2: /* PHP */ if (!br && last != 0x22 && prev1 == 0x3F) { /* '"' & '?' */ - state = 0; + in_q = state = 0; tp = tbuf; } break; case 3: - state = 0; + in_q = state = 0; tp = tbuf; break; case 4: /* JavaScript/CSS/etc... */ if (codepts >= 2 && prev1 == 0x2D && prev2 == 0x2D) { /* '-' */ - state = 0; + in_q = state = 0; tp = tbuf; } break; @@ -6444,6 +6449,13 @@ tp = ((tp-tbuf) >= UBYTES(PHP_TAG_BUF_SIZE) ? tbuf: tp); *(tp++) = ch; } + if (state && prev1 != 0x27 /*'\\'*/ && (!in_q || ch == in_q)) { + if (in_q) { + in_q = 0; + } else { + in_q = ch; + } + } break; case 0x21: /* '!' */ @@ -6541,7 +6553,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, int allow_len, zend_bool allow_tag_spaces) { char *tbuf, *buf, *p, *tp, *rp, c, lc; - int br, i=0, depth=0; + int br, i=0, depth=0, in_q=0; int state = 0; if (stateptr) @@ -6615,10 +6627,14 @@ break; } + if (in_q) { + break; + } + switch (state) { case 1: /* HTML/XML */ lc = '>'; - state = 0; + in_q = state = 0; if (allow) { tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); *(tp++) = '>'; @@ -6633,19 +6649,19 @@ case 2: /* PHP */ if (!br && lc != '\"' && *(p-1) == '?') { - state = 0; + in_q = state = 0; tp = tbuf; } break; case 3: - state = 0; + in_q = state = 0; tp = tbuf; break; case 4: /* JavaScript/CSS/etc... */ if (p >= buf + 2 && *(p-1) == '-' && *(p-2) == '-') { - state = 0; + in_q = state = 0; tp = tbuf; } break; @@ -6670,6 +6686,13 @@ tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); *(tp++) = c; } + if (state && p != buf && *(p-1) != '\\' && (!in_q || *p == in_q)) { + if (in_q) { + in_q = 0; + } else { + in_q = *p; + } + } break; case '!':
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php