MFB: Less hackish support for spaces at the start of tags within

strip_tags()

diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c
index 3c2d9988f8e247ba3dc125025c07517be38459fa..22554bdf5dbf1efc317e1d1afc0c191dcdca21b6 100644 (file)
--- a/ext/filter/sanitizing_filters.c
+++ b/ext/filter/sanitizing_filters.c
@@ -179,7 +179,7 @@ void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL)
        php_filter_encode_html(value, enc);
 
        /* strip tags, implicitly also removes \0 chars */
-       new_len = php_strip_tags(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NULL, -1);
+       new_len = php_strip_tags_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NULL, 0, 1);
        Z_STRLEN_P(value) = new_len;
 
        if (new_len == 0) {

diff --git a/ext/standard/php_string.h b/ext/standard/php_string.h
index 909c3d29d11a88a9d30f4d5183666d89321757f9..0fc493f0e72653bd224200fd3397eaa6ae5d9173 100644 (file)
--- a/ext/standard/php_string.h
+++ b/ext/standard/php_string.h
@@ -146,6 +146,7 @@ PHPAPI char *php_str_to_str(char *haystack, int length, char *needle,
 PHPAPI char *php_trim(char *c, int len, char *what, int what_len, zval *return_value, int mode TSRMLS_DC);
 PHPAPI int php_u_strip_tags(UChar *rbuf, int len, int *stateptr, UChar *allow, int allow_len TSRMLS_DC);
 PHPAPI size_t php_strip_tags(char *rbuf, int len, int *state, char *allow, int allow_len);
+PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, int allow_len, zend_bool allow_tag_spaces);
 PHPAPI int php_char_to_str_ex(char *str, uint len, char from, char *to, int to_len, zval *result, int case_sensitivity, int *replace_count);
 PHPAPI int php_char_to_str(char *str, uint len, char from, char *to, int to_len, zval *result);
 PHPAPI void php_implode(zval *delim, zval *arr, zval *return_value TSRMLS_DC);

diff --git a/ext/standard/string.c b/ext/standard/string.c
index f9c808efcc3cd72876205f73369344f816665f9c..9ef4e202701fe5e1dd301a9f1166258fceb21b72 100644 (file)
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -5988,7 +5988,7 @@ PHP_FUNCTION(strip_tags)
                RETURN_UNICODEL((UChar *)buf, retval_len, 0);
        } else {
                buf = estrndup(str, str_len);
-               retval_len = php_strip_tags((char *)buf, str_len, NULL, (char *)allow, allow_len);
+               retval_len = php_strip_tags_ex((char *)buf, str_len, NULL, (char *)allow, allow_len, 0);
                RETURN_STRINGL((char *)buf, retval_len, 0);
        }
 }
@@ -6502,9 +6502,14 @@ reg_u_char:
 }
 /* }}} */
 
+PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, int allow_len)
+{
+       return php_strip_tags_ex(rbuf, len, stateptr, allow, allow_len, 0);
+}
+
 /* {{{ php_strip_tags
  */
-PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, int allow_len)
+PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, int allow_len, zend_bool allow_tag_spaces)
 {
        char *tbuf, *buf, *p, *tp, *rp, c, lc;
        int br, i=0, depth=0;
@@ -6532,7 +6537,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in
                        case '\0':
                                break;
                        case '<':
-                               if (isspace(*(p + 1)) && allow_len >=- 0) {
+                               if (isspace(*(p + 1)) && !allow_tag_spaces) {
                                        goto reg_char;
                                }
                                if (state == 0) {