From: Moriyoshi Koizumi <moriyoshi@php.net>
Date: Sun, 19 Jan 2003 12:56:26 +0000 (+0000)
Subject: MFH: fixed bug #21744
X-Git-Tag: PHP_4_3_before_13561_fix~53
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d3a2e6852c40a4d9ecb31db816940edf106368fb;p=php

MFH: fixed bug #21744
---

diff --git a/ext/standard/string.c b/ext/standard/string.c
index 3f5ae30cc0..b21157070f 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -3515,8 +3515,16 @@ PHPAPI void php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, int
 					state = 3;
 					lc = c;
 				} else {
-					*(rp++) = c;
-				}	
+					if (state == 0) {
+						*(rp++) = c;
+					} else if (allow && state == 1) {
+						*(tp++) = c;
+						if ( (tp-tbuf) >= PHP_TAG_BUF_SIZE ) {
+							/* prevent buffer overflows */
+							tp = tbuf;
+						}
+					}
+				}
 				break;
 
 			case '?':