Fix bug when < is used within attribute.

diff --git a/ext/standard/string.c b/ext/standard/string.c
index 4051f250da2c40b6f4749bdaa6a338cc3321c683..834203bdad741fe4a95adad46b8267b7a8e6188b 100644 (file)
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -6696,6 +6696,9 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow,
                        case '\0':
                                break;
                        case '<':
+                               if (in_q) {
+                                       break;
+                               }
                                if (isspace(*(p + 1)) && !allow_tag_spaces) {
                                        goto reg_char;
                                }

diff --git a/ext/standard/tests/strings/strip_tags_variation11.phpt b/ext/standard/tests/strings/strip_tags_variation11.phpt
new file mode 100644 (file)
index 0000000..225433d
--- /dev/null
+++ b/ext/standard/tests/strings/strip_tags_variation11.phpt
@@ -0,0 +1,41 @@
+--TEST--
+Test strip_tags() function : obscure values within attributes
+--INI--
+short_open_tag = on
+--FILE--
+<?php
+
+echo "*** Testing strip_tags() : obscure functionality ***\n";
+
+// array of arguments
+$string_array = array (
+  'hello <img title="<"> world',
+  'hello <img title=">"> world',
+  'hello <img title=">_<"> world',
+  "hello <img title='>_<'> world"
+);
+
+
+// Calling strip_tags() with default arguments
+// loop through the $string_array to test strip_tags on various inputs
+$iteration = 1;
+foreach($string_array as $string)
+{
+  echo "-- Iteration $iteration --\n";
+  var_dump( strip_tags($string) );
+  $iteration++;
+}
+
+echo "Done";
+?>
+--EXPECTF--
+*** Testing strip_tags() : obscure functionality ***
+-- Iteration 1 --
+unicode(12) "hello  world"
+-- Iteration 2 --
+unicode(12) "hello  world"
+-- Iteration 3 --
+unicode(12) "hello  world"
+-- Iteration 4 --
+unicode(12) "hello  world"
+Done