From: Moriyoshi Koizumi <moriyoshi@php.net>
Date: Sun, 19 Jan 2003 11:32:54 +0000 (+0000)
Subject: Fixed bug #21744(21741)
X-Git-Tag: PHP_5_0_dev_before_13561_fix~127
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a1e6457561ec2630fe2cd30df245ace6f19a1ed2;p=php

Fixed bug #21744(21741)
Added test case for the bug
---

diff --git a/ext/standard/string.c b/ext/standard/string.c
index b6fe0f03ae..25206d93a5 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -3630,8 +3630,16 @@ PHPAPI void php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, int
 					state = 3;
 					lc = c;
 				} else {
-					*(rp++) = c;
-				}	
+					if (state == 0) {
+						*(rp++) = c;
+					} else if (allow && state == 1) {
+						*(tp++) = c;
+						if ( (tp-tbuf) >= PHP_TAG_BUF_SIZE ) {
+							/* prevent buffer overflows */
+							tp = tbuf;
+						}
+					}
+				}
 				break;
 
 			case '?':
diff --git a/ext/standard/tests/strings/bug21744.phpt b/ext/standard/tests/strings/bug21744.phpt
new file mode 100644
index 0000000000..925dac3fa0
--- /dev/null
+++ b/ext/standard/tests/strings/bug21744.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Bug #21744 (strip_tags misses exclamation marks in alt text)
+--FILE--
+<?php
+$test = <<< HERE
+<a href="test?test\\!!!test">test</a>
+<!-- test -->
+HERE;
+
+print strip_tags($test, '');
+print strip_tags($test, '<a>');
+?>
+--EXPECT--
+test
+<a href="test?test\!!!test">test</a>