]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 933ef32)
MFH(r-1.393): fixed bug #24556
authorMoriyoshi Koizumi <moriyoshi@php.net>
Sat, 12 Jul 2003 09:33:58 +0000 (09:33 +0000)
committerMoriyoshi Koizumi <moriyoshi@php.net>
Sat, 12 Jul 2003 09:33:58 +0000 (09:33 +0000)
ext/standard/string.c patch | blob | history

diff --git a/ext/standard/string.c b/ext/standard/string.c
index c8310fcde200bba0e3372c541fd55f224e8f5daa..2bf5719bffe7940497a83820f75706e4c3c3f144 100644 (file)
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -3352,6 +3352,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in
                                        lc = '<';
                                        state = 1;
                                        if (allow) {
+                                               tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
                                                *(tp++) = '<';
                                        }
                                } else if (state == 1) {
@@ -3366,6 +3367,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in
                                                br++;
                                        }
                                } else if (allow && state == 1) {
+                                       tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
                                        *(tp++) = c;
                                } else if (state == 0) {
                                        *(rp++) = c;
@@ -3379,6 +3381,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in
                                                br--;
                                        }
                                } else if (allow && state == 1) {
+                                       tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
                                        *(tp++) = c;
                                } else if (state == 0) {
                                        *(rp++) = c;
@@ -3396,6 +3399,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in
                                                lc = '>';
                                                state = 0;
                                                if (allow) {
+                                                       tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
                                                        *(tp++) = '>';
                                                        *tp='\0';
                                                        if (php_tag_find(tbuf, tp-tbuf, allow)) {
@@ -3442,6 +3446,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in
                                } else if (state == 0) {
                                        *(rp++) = c;
                                } else if (allow && state == 1) {
+                                       tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
                                        *(tp++) = c;
                                }
                                break;
@@ -3455,11 +3460,8 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in
                                        if (state == 0) {
                                                *(rp++) = c;
                                        } else if (allow && state == 1) {
+                                               tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
                                                *(tp++) = c;
-                                               if ( (tp-tbuf) >= PHP_TAG_BUF_SIZE ) {
-                                                       /* prevent buffer overflows */
-                                                       tp = tbuf;
-                                               }
                                        }
                                }
                                break;
@@ -3474,7 +3476,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in
 
                        case '?':
 
-                               if (state == 1 && *(p-1)=='<') { 
+                               if (state == 1 && *(p-1) == '<') { 
                                        br=0;
                                        state=2;
                                        break;
@@ -3512,10 +3514,8 @@ reg_char:
                                if (state == 0) {
                                        *(rp++) = c;
                                } else if (allow && state == 1) {
+                                       tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
                                        *(tp++) = c;
-                                       if ( (tp-tbuf) >= PHP_TAG_BUF_SIZE ) { /* no buffer overflows */
-                                               tp = tbuf;
-                                       }
                                } 
                                break;
                }
Unnamed repository; edit this file 'description' to name the repository.