MFB: Fixed bugs with trimming of spaces

author Ilia Alshanetsky <iliaa@php.net>

Mon, 18 Dec 2006 14:57:20 +0000 (14:57 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Mon, 18 Dec 2006 14:57:20 +0000 (14:57 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Mon, 18 Dec 2006 14:57:20 +0000 (14:57 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Mon, 18 Dec 2006 14:57:20 +0000 (14:57 +0000)
diff --git a/ext/filter/filter_private.h b/ext/filter/filter_private.h

index af3aef4fe4be362fe266bb468da54d35acd67dab..d3b0d072586a2adeac404e8cd3d484469c1cfc0a 100644 (file)
--- a/ext/filter/filter_private.h
+++ b/ext/filter/filter_private.h
@@ -88,25 +88,30 @@
  || (id >= FILTER_VALIDATE_ALL && id <= FILTER_VALIDATE_LAST) \
  || id == FILTER_CALLBACK)
  
+#define RETURN_VALIDATION_FAILED       \
+       zval_dtor(value);       \
+       if (flags & FILTER_NULL_ON_FAILURE) {   \
+               ZVAL_NULL(value);       \
+       } else {        \
+               ZVAL_FALSE(value);      \
+       }       \
+       return; \
+
  #define PHP_FILTER_TRIM_DEFAULT(p, len, end) { \
-       while (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\v') { \
+       while (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\v' || *p == '\n') { \
                 p++; \
                 len--; \
         } \
-       start = p; \
+        if (len < 1) { \
+          RETURN_VALIDATION_FAILED \
+        } \
+        start = p; \
         end = p + len - 1; \
-       if (*end == ' ' || *end == '\t' || *end == '\r' || *end == '\v') { \
-               unsigned int i; \
-               for (i = len - 1; i >= 0; i--) { \
-                       if (!(p[i] == ' ' || p[i] == '\t' || p[i] == '\r' || p[i] == '\v')) { \
-                               break; \
-                       } \
-               } \
-               i++; \
-               p[i] = '\0'; \
-               end = p + i - 1; \
-               len = (int) (end - p) + 1; \
+       while (*end == ' ' || *end == '\t' || *end == '\r' || *end == '\v' || *end == '\n') { \
+           end--; \
         } \
+       *(end + 1) = '\0'; \
+       len = (end - p + 1); \
  }
  
  
diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c

index 8f6a6c9394842f5e5d35eeb1679aed87c9406c39..bbb466d58100d604fa866be120e93c115b029da3 100644 (file)
--- a/ext/filter/logical_filters.c
+++ b/ext/filter/logical_filters.c
@@ -68,15 +68,6 @@
  #define FORMAT_IPV4    4
  #define FORMAT_IPV6    6
  
-#define RETURN_VALIDATION_FAILED       \
-       zval_dtor(value);       \
-       if (flags & FILTER_NULL_ON_FAILURE) {   \
-               ZVAL_NULL(value);       \
-       } else {        \
-               ZVAL_FALSE(value);      \
-       }       \
-       return; \
-
  static int php_filter_parse_int(const char *str, unsigned int str_len, long *ret TSRMLS_DC) { /* {{{ */
         long ctx_value = 0;
         long sign = 1;
@@ -312,6 +303,9 @@ void php_filter_float(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
         }
  
         str = Z_STRVAL_P(value);
+
+       PHP_FILTER_TRIM_DEFAULT(str, len, end);
+
         start = str;
  
         if (len == 1) {
@@ -339,8 +333,6 @@ void php_filter_float(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
                 dec_sep = *default_decimal;
         }
  
-       PHP_FILTER_TRIM_DEFAULT(str, len, end);
-
         if (*str == '-') {
                 sign = -1;
                 str++;
diff --git a/ext/filter/tests/042.phpt b/ext/filter/tests/042.phpt

index b295e0698b0a33fbe681b8fd6d2196944a63d9a3..62d0d81887ada85d1c7e735aa3b3b86db5a32f96 100644 (file)
--- a/ext/filter/tests/042.phpt
+++ b/ext/filter/tests/042.phpt
@@ -5,6 +5,13 @@ Combination of strip & sanitize filters
  $var = 'XYZ< script>alert(/ext/filter+bypass/);< /script>ABC';
  $a = filter_var($var, FILTER_SANITIZE_STRING, array("flags" => FILTER_FLAG_STRIP_LOW));
  echo $a . "\n";
+
+$var = 'XYZ<
+script>alert(/ext/filter+bypass/);<
+/script>ABC';
+$a = filter_var($var, FILTER_SANITIZE_STRING, array("flags" => FILTER_FLAG_STRIP_LOW));
+echo $a . "\n";
  ?>
  --EXPECT--
  XYZalert(/ext/filter+bypass/);ABC
+XYZalert(/ext/filter+bypass/);ABC
diff --git a/ext/filter/tests/044.phpt b/ext/filter/tests/044.phpt

new file mode 100644 (file)

index 0000000..6aa1114
--- /dev/null
+++ b/ext/filter/tests/044.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Integer validation with spaces
+--FILE--
+<?php 
+$vals = array(
+"      
+ ",
+" ",
+" 123",
+" 123.01 ",
+);
+
+foreach ($vals as $var) {
+       var_dump(filter_var($var, FILTER_VALIDATE_FLOAT));
+}
+?>
+--EXPECT--
+bool(false)
+bool(false)
+float(123)
+float(123.01)
+\ No newline at end of file
author	Ilia Alshanetsky <iliaa@php.net>
	Mon, 18 Dec 2006 14:57:20 +0000 (14:57 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Mon, 18 Dec 2006 14:57:20 +0000 (14:57 +0000)
ext/filter/filter_private.h		patch \| blob \| history
ext/filter/logical_filters.c		patch \| blob \| history
ext/filter/tests/042.phpt		patch \| blob \| history
ext/filter/tests/044.phpt	[new file with mode: 0644]	patch \| blob