[PHP-BUG] Bug #53755 [NEW]: FILTER_SANITIZE_STRING truncates string with unmatched <

Fri, 14 Jan 2011 16:41:05 -0800 

From:             
Operating system: Ubuntu/Linux
PHP version:      5.3.5
Package:          Filter related
Bug Type:         Bug
Bug description:FILTER_SANITIZE_STRING truncates string with unmatched <

Description:
------------
If a string containing an unmatched "<" character is run through the
FILTER_SANITIZE_STRING filter the string is truncated at the <.



The problem seems to stem from the last parameter in the call to
php_strip_tags_ex(). That parameter tells php_strip_tags_ex() ignore spaces
trailing "<" characters. I checked how php_strip_tags_ex() is called in the
PHP function strip_tags() and it tells php_strip_tags_ex to allow spaced
after a "<".



See ext/filter/santitizing_filters.c line 203 and ext/standard/string.c
line 4023 in PHP 5.3.5.

Test script:
---------------
echo filter_var('four is < 6', FILTER_SANITIZE_STRING);

Expected result:
----------------
four is < 6

Actual result:
--------------
four is 

-- 
Edit bug report at http://bugs.php.net/bug.php?id=53755&edit=1
-- 
Try a snapshot (PHP 5.2):            
http://bugs.php.net/fix.php?id=53755&r=trysnapshot52
Try a snapshot (PHP 5.3):            
http://bugs.php.net/fix.php?id=53755&r=trysnapshot53
Try a snapshot (trunk):              
http://bugs.php.net/fix.php?id=53755&r=trysnapshottrunk
Fixed in SVN:                        
http://bugs.php.net/fix.php?id=53755&r=fixed
Fixed in SVN and need be documented: 
http://bugs.php.net/fix.php?id=53755&r=needdocs
Fixed in release:                    
http://bugs.php.net/fix.php?id=53755&r=alreadyfixed
Need backtrace:                      
http://bugs.php.net/fix.php?id=53755&r=needtrace
Need Reproduce Script:               
http://bugs.php.net/fix.php?id=53755&r=needscript
Try newer version:                   
http://bugs.php.net/fix.php?id=53755&r=oldversion
Not developer issue:                 
http://bugs.php.net/fix.php?id=53755&r=support
Expected behavior:                   
http://bugs.php.net/fix.php?id=53755&r=notwrong
Not enough info:                     
http://bugs.php.net/fix.php?id=53755&r=notenoughinfo
Submitted twice:                     
http://bugs.php.net/fix.php?id=53755&r=submittedtwice
register_globals:                    
http://bugs.php.net/fix.php?id=53755&r=globals
PHP 4 support discontinued:          http://bugs.php.net/fix.php?id=53755&r=php4
Daylight Savings:                    http://bugs.php.net/fix.php?id=53755&r=dst
IIS Stability:                       
http://bugs.php.net/fix.php?id=53755&r=isapi
Install GNU Sed:                     
http://bugs.php.net/fix.php?id=53755&r=gnused
Floating point limitations:          
http://bugs.php.net/fix.php?id=53755&r=float
No Zend Extensions:                  
http://bugs.php.net/fix.php?id=53755&r=nozend
MySQL Configuration Error:           
http://bugs.php.net/fix.php?id=53755&r=mysqlcfg

Reply via email to