dmitry Mon Jun 18 11:50:41 2007 UTC
Modified files:
/php-src/ext/standard string.c
Log:
MTH: Fixed bug #40432 (strip_tags() fails with greater than in attribute).
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.642&r2=1.643&diff_format=u
Index: php-src/ext/standard/string.c
diff -u php-src/ext/standard/string.c:1.642 php-src/ext/standard/string.c:1.643
--- php-src/ext/standard/string.c:1.642 Wed Jun 6 21:55:18 2007
+++ php-src/ext/standard/string.c Mon Jun 18 11:50:41 2007
@@ -18,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: string.c,v 1.642 2007/06/06 21:55:18 tony2001 Exp $ */
+/* $Id: string.c,v 1.643 2007/06/18 11:50:41 dmitry Exp $ */
/* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */
@@ -6314,6 +6314,7 @@
int32_t idx = 0, tmp, codepts;
UChar32 ch, next, prev1, prev2, last, doctype[6];
int br = 0, depth = 0, state = 0, i;
+ UChar in_q = 0;
if (stateptr)
state = *stateptr;
@@ -6389,10 +6390,14 @@
break;
}
+ if (in_q) {
+ break;
+ }
+
switch (state) {
case 1: /* HTML/XML */
last = ch;
- state = 0;
+ in_q = state = 0;
if (allow_len) {
tp = ((tp-tbuf) >=
UBYTES(PHP_TAG_BUF_SIZE) ? tbuf: tp);
*(tp++) = ch;
@@ -6407,19 +6412,19 @@
case 2: /* PHP */
if (!br && last != 0x22 && prev1 == 0x3F) { /*
'"' & '?' */
- state = 0;
+ in_q = state = 0;
tp = tbuf;
}
break;
case 3:
- state = 0;
+ in_q = state = 0;
tp = tbuf;
break;
case 4: /* JavaScript/CSS/etc... */
if (codepts >= 2 && prev1 == 0x2D && prev2 ==
0x2D) { /* '-' */
- state = 0;
+ in_q = state = 0;
tp = tbuf;
}
break;
@@ -6444,6 +6449,13 @@
tp = ((tp-tbuf) >= UBYTES(PHP_TAG_BUF_SIZE) ?
tbuf: tp);
*(tp++) = ch;
}
+ if (state && prev1 != 0x27 /*'\\'*/ && (!in_q || ch ==
in_q)) {
+ if (in_q) {
+ in_q = 0;
+ } else {
+ in_q = ch;
+ }
+ }
break;
case 0x21: /* '!' */
@@ -6541,7 +6553,7 @@
PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char
*allow, int allow_len, zend_bool allow_tag_spaces)
{
char *tbuf, *buf, *p, *tp, *rp, c, lc;
- int br, i=0, depth=0;
+ int br, i=0, depth=0, in_q=0;
int state = 0;
if (stateptr)
@@ -6615,10 +6627,14 @@
break;
}
+ if (in_q) {
+ break;
+ }
+
switch (state) {
case 1: /* HTML/XML */
lc = '>';
- state = 0;
+ in_q = state = 0;
if (allow) {
tp = ((tp-tbuf) >=
PHP_TAG_BUF_SIZE ? tbuf: tp);
*(tp++) = '>';
@@ -6633,19 +6649,19 @@
case 2: /* PHP */
if (!br && lc != '\"' && *(p-1)
== '?') {
- state = 0;
+ in_q = state = 0;
tp = tbuf;
}
break;
case 3:
- state = 0;
+ in_q = state = 0;
tp = tbuf;
break;
case 4: /* JavaScript/CSS/etc... */
if (p >= buf + 2 && *(p-1) ==
'-' && *(p-2) == '-') {
- state = 0;
+ in_q = state = 0;
tp = tbuf;
}
break;
@@ -6670,6 +6686,13 @@
tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ?
tbuf: tp);
*(tp++) = c;
}
+ if (state && p != buf && *(p-1) != '\\' &&
(!in_q || *p == in_q)) {
+ if (in_q) {
+ in_q = 0;
+ } else {
+ in_q = *p;
+ }
+ }
break;
case '!':-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
