]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 766de15)
Fixed buffer overflow issue.
authorGavin Sherry <swm@php.net>
Wed, 22 Aug 2001 05:47:11 +0000 (05:47 +0000)
committerGavin Sherry <swm@php.net>
Wed, 22 Aug 2001 05:47:11 +0000 (05:47 +0000)
ext/standard/string.c patch | blob | history

diff --git a/ext/standard/string.c b/ext/standard/string.c
index 9656b116cac09c7b73f85f86722751730b25b1c5..058ab85dfa735f8d3c7061bc5ee616bba56523d3 100644 (file)
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -3289,16 +3289,23 @@ PHPAPI void php_strip_tags(char *rbuf, int len, int state, char *allow, int allo
                                break;
 
                        case '?':
-                               if (state==1 && *(p-1)=='<' && *(p+1) != 'x' 
-                                 && *(p+2) != 'm' && *(p+3) != 'l') {
 
+                               if (state==1 && *(p-1)=='<') { 
                                        br=0;
                                        state=2;
                                        break;
                                }
-                                       /* else, it is xml, since state == 1, lets just fall through
-                                        * to '>'
-                                        */
+
+                       case 'l':
+
+                               /* swm: If we encounter '<?xml' then we shouldn't be in
+                                * state == 2 (PHP). Switch back to HTML.
+                                */
+
+                               if(state == 2 && *(p-1) == 'm' && *(p-2) == 'x') {
+                                       state = 1;
+                                       break;
+                               }
 
                                /* fall-through */
                        default:
Unnamed repository; edit this file 'description' to name the repository.