Less hackish support for spaces at the start of tags within strip_tags()

diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c
index 3c2d9988f8e247ba3dc125025c07517be38459fa..22554bdf5dbf1efc317e1d1afc0c191dcdca21b6 100644 (file)
--- a/ext/filter/sanitizing_filters.c
+++ b/ext/filter/sanitizing_filters.c
@@ -179,7 +179,7 @@ void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL)
        php_filter_encode_html(value, enc);
 
        /* strip tags, implicitly also removes \0 chars */
-       new_len = php_strip_tags(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NULL, -1);
+       new_len = php_strip_tags_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NULL, 0, 1);
        Z_STRLEN_P(value) = new_len;
 
        if (new_len == 0) {

diff --git a/ext/standard/php_string.h b/ext/standard/php_string.h
index f11fc71095b1f3cff015a45acc37bd69d551a1ed..a804b323fd92de01f0563a76f959d3018469d16e 100644 (file)
--- a/ext/standard/php_string.h
+++ b/ext/standard/php_string.h
@@ -132,6 +132,7 @@ PHPAPI char *php_str_to_str(char *haystack, int length, char *needle,
                int needle_len, char *str, int str_len, int *_new_length);
 PHPAPI char *php_trim(char *c, int len, char *what, int what_len, zval *return_value, int mode TSRMLS_DC);
 PHPAPI size_t php_strip_tags(char *rbuf, int len, int *state, char *allow, int allow_len);
+PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, int allow_len, zend_bool allow_tag_spaces);
 PHPAPI int php_char_to_str_ex(char *str, uint len, char from, char *to, int to_len, zval *result, int case_sensitivity, int *replace_count);
 PHPAPI int php_char_to_str(char *str, uint len, char from, char *to, int to_len, zval *result);
 PHPAPI void php_implode(zval *delim, zval *arr, zval *return_value TSRMLS_DC);

diff --git a/ext/standard/string.c b/ext/standard/string.c
index 6f5dc819aaf0b7cff9e955b830278125d36192fb..4814de6cf0bb3ba2bcf30b47250256ad98d91107 100644 (file)
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -3890,7 +3890,7 @@ PHP_FUNCTION(strip_tags)
        }
        convert_to_string_ex(str);
        buf = estrndup(Z_STRVAL_PP(str), Z_STRLEN_PP(str));
-       retval_len = php_strip_tags(buf, Z_STRLEN_PP(str), NULL, allowed_tags, allowed_tags_len);
+       retval_len = php_strip_tags_ex(buf, Z_STRLEN_PP(str), NULL, allowed_tags, allowed_tags_len, 0);
        RETURN_STRINGL(buf, retval_len, 0);
 }
 /* }}} */
@@ -4095,6 +4095,11 @@ int php_tag_find(char *tag, int len, char *set) {
 }
 /* }}} */
 
+PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, int allow_len)
+{
+       return php_strip_tags_ex(rbuf, len, stateptr, allow, allow_len, 0);
+}
+
 /* {{{ php_strip_tags
  
        A simple little state-machine to strip out html and php tags 
@@ -4115,7 +4120,7 @@ int php_tag_find(char *tag, int len, char *set) {
        swm: Added ability to strip <?xml tags without assuming it PHP
        code.
 */
-PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, int allow_len)
+PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, int allow_len, zend_bool allow_tag_spaces)
 {
        char *tbuf, *buf, *p, *tp, *rp, c, lc;
        int br, i=0, depth=0;
@@ -4143,7 +4148,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in
                        case '\0':
                                break;
                        case '<':
-                               if (isspace(*(p + 1)) && allow_len >=- 0) {
+                               if (isspace(*(p + 1)) && !allow_tag_spaces) {
                                        goto reg_char;
                                }
                                if (state == 0) {