From: Operating system: Ubuntu/Linux PHP version: 5.3.5 Package: Filter related Bug Type: Bug Bug description:FILTER_SANITIZE_STRING truncates string with unmatched <
Description: ------------ If a string containing an unmatched "<" character is run through the FILTER_SANITIZE_STRING filter the string is truncated at the <. The problem seems to stem from the last parameter in the call to php_strip_tags_ex(). That parameter tells php_strip_tags_ex() ignore spaces trailing "<" characters. I checked how php_strip_tags_ex() is called in the PHP function strip_tags() and it tells php_strip_tags_ex to allow spaced after a "<". See ext/filter/santitizing_filters.c line 203 and ext/standard/string.c line 4023 in PHP 5.3.5. Test script: --------------- echo filter_var('four is < 6', FILTER_SANITIZE_STRING); Expected result: ---------------- four is < 6 Actual result: -------------- four is -- Edit bug report at http://bugs.php.net/bug.php?id=53755&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=53755&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=53755&r=trysnapshot53 Try a snapshot (trunk): http://bugs.php.net/fix.php?id=53755&r=trysnapshottrunk Fixed in SVN: http://bugs.php.net/fix.php?id=53755&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=53755&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=53755&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=53755&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=53755&r=needscript Try newer version: http://bugs.php.net/fix.php?id=53755&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=53755&r=support Expected behavior: http://bugs.php.net/fix.php?id=53755&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=53755&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=53755&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=53755&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=53755&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=53755&r=dst IIS Stability: http://bugs.php.net/fix.php?id=53755&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=53755&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=53755&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=53755&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=53755&r=mysqlcfg