From: Scott MacVicar <scottmac@php.net>
Date: Tue, 15 Jul 2008 14:44:46 +0000 (+0000)
Subject: Fix bug when < is used within attribute.
X-Git-Tag: BEFORE_HEAD_NS_CHANGE~1250
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fa85c408a972bfebce49404b482af031ee3e6e4c;p=php

Fix bug when < is used within attribute.
---

diff --git a/ext/standard/string.c b/ext/standard/string.c
index 4051f250da..834203bdad 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -6696,6 +6696,9 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow,
 			case '\0':
 				break;
 			case '<':
+				if (in_q) {
+					break;
+				}
 				if (isspace(*(p + 1)) && !allow_tag_spaces) {
 					goto reg_char;
 				}
diff --git a/ext/standard/tests/strings/strip_tags_variation11.phpt b/ext/standard/tests/strings/strip_tags_variation11.phpt
new file mode 100644
index 0000000000..225433d876
--- /dev/null
+++ b/ext/standard/tests/strings/strip_tags_variation11.phpt
@@ -0,0 +1,41 @@
+--TEST--
+Test strip_tags() function : obscure values within attributes
+--INI--
+short_open_tag = on
+--FILE--
+<?php
+
+echo "*** Testing strip_tags() : obscure functionality ***\n";
+
+// array of arguments
+$string_array = array (
+  'hello <img title="<"> world',
+  'hello <img title=">"> world',
+  'hello <img title=">_<"> world',
+  "hello <img title='>_<'> world"
+);
+
+
+// Calling strip_tags() with default arguments
+// loop through the $string_array to test strip_tags on various inputs
+$iteration = 1;
+foreach($string_array as $string)
+{
+  echo "-- Iteration $iteration --\n";
+  var_dump( strip_tags($string) );
+  $iteration++;
+}
+
+echo "Done";
+?>
+--EXPECTF--
+*** Testing strip_tags() : obscure functionality ***
+-- Iteration 1 --
+unicode(12) "hello  world"
+-- Iteration 2 --
+unicode(12) "hello  world"
+-- Iteration 3 --
+unicode(12) "hello  world"
+-- Iteration 4 --
+unicode(12) "hello  world"
+Done