From: Nuno Lopes <nlopess@php.net>
Date: Sun, 27 May 2007 15:45:18 +0000 (+0000)
Subject: fix the new 'no-double-encoding' feature of htmlspecialchars()  (the length for char... 
X-Git-Tag: php-5.2.3~30
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=452524fe3ae8644bad4c29aa498272054e1f0ba8;p=php

fix the new 'no-double-encoding' feature of htmlspecialchars()  (the length for char search was wrong. this could lead to crashes..)
---

diff --git a/ext/standard/html.c b/ext/standard/html.c
index 9d73ce216c..a5f5292c33 100644
--- a/ext/standard/html.c
+++ b/ext/standard/html.c
@@ -1153,7 +1153,7 @@ encode_amp:
 					memcpy(replaced + len, "&amp;", sizeof("&amp;") - 1);
 					len += sizeof("&amp;") - 1;
 				} else {
-					char *e = memchr(old + i, ';', len - i);
+					char *e = memchr(old + i, ';', oldlen - i);
 					char *s = old + i + 1;
 
 					if (!e || (e - s) > 10) { /* minor optimization to avoid "entities" over 10 chars in length */