From: Stanislav Malyshev Date: Thu, 23 Jan 2020 06:41:56 +0000 (-0800) Subject: Merge branch 'PHP-7.2' into PHP-7.3 X-Git-Tag: php-7.3.15RC1~22 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=dd3c664f8f72263ec690f20c1eeca4c52f473dba;p=php Merge branch 'PHP-7.2' into PHP-7.3 * PHP-7.2: More checks for php_strip_tags_ex --- dd3c664f8f72263ec690f20c1eeca4c52f473dba diff --cc ext/standard/string.c index 0fe8796a03,749e57b7d5..f443519a72 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@@ -5078,201 -4740,149 +5078,201 @@@ PHPAPI size_t php_strip_tags_ex(char *r tbuf = tp = NULL; } - while (i < len) { - switch (c) { - case '\0': + if (stateptr) { + state = *stateptr; + switch (state) { + case 1: goto state_1; + case 2: goto state_2; + case 3: goto state_3; + case 4: goto state_4; + default: break; - case '<': - if (in_q) { - break; - } - if (isspace(*(p + 1)) && !allow_tag_spaces) { - goto reg_char; - } - if (state == 0) { - lc = '<'; - state = 1; - if (allow) { - if (tp - tbuf >= PHP_TAG_BUF_SIZE) { - pos = tp - tbuf; - tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); - tp = tbuf + pos; - } - *(tp++) = '<'; - } - } else if (state == 1) { - depth++; + } + } + +state_0: + if (p >= end) { + goto finish; + } + c = *p; + switch (c) { + case '\0': + break; + case '<': + if (in_q) { + break; + } + if (isspace(*(p + 1)) && !allow_tag_spaces) { + *(rp++) = c; + break; + } + lc = '<'; + state = 1; + if (allow) { + if (tp - tbuf >= PHP_TAG_BUF_SIZE) { + pos = tp - tbuf; + tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); + tp = tbuf + pos; } + *(tp++) = '<'; + } + p++; + goto state_1; + case '>': + if (depth) { + depth--; break; + } - case '(': - if (state == 2) { - if (lc != '"' && lc != '\'') { - lc = '('; - br++; - } - } else if (allow && state == 1) { - if (tp - tbuf >= PHP_TAG_BUF_SIZE) { - pos = tp - tbuf; - tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); - tp = tbuf + pos; - } - *(tp++) = c; - } else if (state == 0) { - *(rp++) = c; - } + if (in_q) { break; + } - case ')': - if (state == 2) { - if (lc != '"' && lc != '\'') { - lc = ')'; - br--; - } - } else if (allow && state == 1) { - if (tp - tbuf >= PHP_TAG_BUF_SIZE) { - pos = tp - tbuf; - tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); - tp = tbuf + pos; - } - *(tp++) = c; - } else if (state == 0) { - *(rp++) = c; - } + *(rp++) = c; + break; + default: + *(rp++) = c; + break; + } + p++; + goto state_0; + +state_1: + if (p >= end) { + goto finish; + } + c = *p; + switch (c) { + case '\0': + break; + case '<': + if (in_q) { break; + } + if (isspace(*(p + 1)) && !allow_tag_spaces) { + goto reg_char_1; + } + depth++; + break; + case '>': + if (depth) { + depth--; + break; + } + if (in_q) { + break; + } - case '>': - if (depth) { - depth--; - break; + lc = '>'; + if (is_xml && p >= buf + 1 && *(p -1) == '-') { + break; + } + in_q = state = is_xml = 0; + if (allow) { + if (tp - tbuf >= PHP_TAG_BUF_SIZE) { + pos = tp - tbuf; + tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); + tp = tbuf + pos; } - + *(tp++) = '>'; + *tp='\0'; + if (php_tag_find(tbuf, tp-tbuf, allow_actual)) { + memcpy(rp, tbuf, tp-tbuf); + rp += tp-tbuf; + } + tp = tbuf; + } + p++; + goto state_0; + case '"': + case '\'': + if (p != buf && (!in_q || *p == in_q)) { if (in_q) { - break; + in_q = 0; + } else { + in_q = *p; } - - switch (state) { - case 1: /* HTML/XML */ - lc = '>'; - if (is_xml && p >= buf + 1 && *(p-1) == '-') { - break; - } - in_q = state = is_xml = 0; - if (allow) { - if (tp - tbuf >= PHP_TAG_BUF_SIZE) { - pos = tp - tbuf; - tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); - tp = tbuf + pos; - } - *(tp++) = '>'; - *tp='\0'; - if (php_tag_find(tbuf, tp-tbuf, allow_actual)) { - memcpy(rp, tbuf, tp-tbuf); - rp += tp-tbuf; - } - tp = tbuf; - } - break; - - case 2: /* PHP */ - if (!br && lc != '\"' && p >= buf + 1 && *(p-1) == '?') { - in_q = state = 0; - tp = tbuf; - } - break; - - case 3: - in_q = state = 0; - tp = tbuf; - break; - - case 4: /* JavaScript/CSS/etc... */ - if (p >= buf + 2 && *(p-1) == '-' && *(p-2) == '-') { - in_q = state = 0; - tp = tbuf; - } - break; - - default: - *(rp++) = c; - break; + } + goto reg_char_1; + case '!': + /* JavaScript & Other HTML scripting languages */ + if (p >= buf + 1 && *(p-1) == '<') { + state = 3; + lc = c; + p++; + goto state_3; + } else { + goto reg_char_1; + } + break; + case '?': + if (p >= buf + 1 && *(p-1) == '<') { + br=0; + state = 2; + p++; + goto state_2; + } else { + goto reg_char_1; + } + break; + default: +reg_char_1: + if (allow) { + if (tp - tbuf >= PHP_TAG_BUF_SIZE) { + pos = tp - tbuf; + tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); + tp = tbuf + pos; } + *(tp++) = c; + } + break; + } + p++; + goto state_1; + +state_2: + if (p >= end) { + goto finish; + } + c = *p; + switch (c) { + case '(': + if (lc != '"' && lc != '\'') { + lc = '('; + br++; + } + break; + case ')': + if (lc != '"' && lc != '\'') { + lc = ')'; + br--; + } + break; + case '>': + if (depth) { + depth--; break; + } + if (in_q) { + break; + } - if (!br && lc != '\"' && *(p-1) == '?') { - case '"': - case '\'': - if (state == 4) { - /* Inside */ - break; - } else if (state == 2 && p >= buf + 1 && *(p-1) != '\\') { - if (lc == c) { - lc = '\0'; - } else if (lc != '\\') { - lc = c; - } - } else if (state == 0) { - *(rp++) = c; - } else if (allow && state == 1) { - if (tp - tbuf >= PHP_TAG_BUF_SIZE) { - pos = tp - tbuf; - tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); - tp = tbuf + pos; - } - *(tp++) = c; ++ if (!br && p >= buf + 1 && lc != '\"' && *(p-1) == '?') { + in_q = state = 0; + tp = tbuf; + p++; + goto state_0; + } + break; + case '"': + case '\'': + if (*(p-1) != '\\') { + if (lc == c) { + lc = '\0'; + } else if (lc != '\\') { + lc = c; } - if (state && p != buf && (state == 1 || *(p-1) != '\\') && (!in_q || *p == in_q)) { + if (p != buf && (!in_q || *p == in_q)) { if (in_q) { in_q = 0; } else {