When an allow string is passed in we keep track of the string
in state 1 and when the tag is closed check it against the
allow string to see if we should allow it.
+
+ swm: Added ability to strip <?xml tags without assuming it PHP
+ code.
*/
PHPAPI void php_strip_tags(char *rbuf, int len, int state, char *allow, int allow_len)
{
break;
case '?':
- if (state==1 && *(p-1)=='<') {
+ if (state==1 && *(p-1)=='<' && *(p+1) != 'x'
+ && *(p+2) != 'm' && *(p+3) != 'l') {
+
br=0;
state=2;
break;
}
- /* fall-through */
+ /* else, it is xml, since state == 1, lets just fall through
+ * to '>'
+ */
+ /* fall-through */
default:
if (state == 0) {
*(rp++) = c;
if( (tp-tbuf)>=PHP_TAG_BUF_SIZE ) { /* no buffer overflows */
tp = tbuf;
}
- }
+ }
break;
}
c = *(++p);
projects / php / commitdiff