From a938d8e3862fc0bcf38a73cedb0b8b3716b01936 Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Mon, 18 Dec 2006 14:56:40 +0000
Subject: [PATCH] Fixed bugs with trimming of spaces

---
 NEWS                         |  1 +
 ext/filter/filter_private.h  | 31 ++++++++++++++++++-------------
 ext/filter/logical_filters.c | 14 +++-----------
 ext/filter/tests/042.phpt    |  7 +++++++
 ext/filter/tests/044.phpt    | 21 +++++++++++++++++++++
 5 files changed, 50 insertions(+), 24 deletions(-)
 create mode 100644 ext/filter/tests/044.phpt

diff --git a/NEWS b/NEWS
index 0621dab911..254e639f3e 100644
--- a/NEWS
+++ b/NEWS
@@ -60,6 +60,7 @@ PHP                                                                        NEWS
   . Invalid filters fails instead of returning unsafe value
   . Fixed possible double encoding problem with sanitizing filters
   . Make use of space-strict strip_tags() function
+  . Fixed whitespace trimming
 - Fixed FastCGI impersonation for persistent connections on Windows. (Dmitry)
 - Fixed wrong signature initialization in imagepng (Takeshi Abe)
 - Added optimization for imageline with horizontal and vertial lines (Pierre)
diff --git a/ext/filter/filter_private.h b/ext/filter/filter_private.h
index af3aef4fe4..d3b0d07258 100644
--- a/ext/filter/filter_private.h
+++ b/ext/filter/filter_private.h
@@ -88,25 +88,30 @@
 || (id >= FILTER_VALIDATE_ALL && id <= FILTER_VALIDATE_LAST) \
 || id == FILTER_CALLBACK)
 
+#define RETURN_VALIDATION_FAILED	\
+	zval_dtor(value);	\
+	if (flags & FILTER_NULL_ON_FAILURE) {	\
+		ZVAL_NULL(value);	\
+	} else {	\
+		ZVAL_FALSE(value);	\
+	}	\
+	return;	\
+
 #define PHP_FILTER_TRIM_DEFAULT(p, len, end) { \
-	while (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\v') { \
+	while (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\v' || *p == '\n') { \
 		p++; \
 		len--; \
 	} \
-	start = p; \
+        if (len < 1) { \
+          RETURN_VALIDATION_FAILED \
+        } \
+        start = p; \
 	end = p + len - 1; \
-	if (*end == ' ' || *end == '\t' || *end == '\r' || *end == '\v') { \
-		unsigned int i; \
-		for (i = len - 1; i >= 0; i--) { \
-			if (!(p[i] == ' ' || p[i] == '\t' || p[i] == '\r' || p[i] == '\v')) { \
-				break; \
-			} \
-		} \
-		i++; \
-		p[i] = '\0'; \
-		end = p + i - 1; \
-		len = (int) (end - p) + 1; \
+	while (*end == ' ' || *end == '\t' || *end == '\r' || *end == '\v' || *end == '\n') { \
+	    end--; \
 	} \
+	*(end + 1) = '\0'; \
+	len = (end - p + 1); \
 }
 
 
diff --git a/ext/filter/logical_filters.c b/ext/filter/logical_filters.c
index 5779cc31c4..7596108f09 100644
--- a/ext/filter/logical_filters.c
+++ b/ext/filter/logical_filters.c
@@ -64,15 +64,6 @@
 #define FORMAT_IPV4    4
 #define FORMAT_IPV6    6
 
-#define RETURN_VALIDATION_FAILED	\
-	zval_dtor(value);	\
-	if (flags & FILTER_NULL_ON_FAILURE) {	\
-		ZVAL_NULL(value);	\
-	} else {	\
-		ZVAL_FALSE(value);	\
-	}	\
-	return;	\
-
 static int php_filter_parse_int(const char *str, unsigned int str_len, long *ret TSRMLS_DC) { /* {{{ */
 	long ctx_value = 0;
 	long sign = 1;
@@ -308,6 +299,9 @@ void php_filter_float(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 	}
 
 	str = Z_STRVAL_P(value);
+
+	PHP_FILTER_TRIM_DEFAULT(str, len, end);
+
 	start = str;
 
 	if (len == 1) {
@@ -335,8 +329,6 @@ void php_filter_float(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
 		dec_sep = *default_decimal;
 	}
 
-	PHP_FILTER_TRIM_DEFAULT(str, len, end);
-
 	if (*str == '-') {
 		sign = -1;
 		str++;
diff --git a/ext/filter/tests/042.phpt b/ext/filter/tests/042.phpt
index b295e0698b..62d0d81887 100644
--- a/ext/filter/tests/042.phpt
+++ b/ext/filter/tests/042.phpt
@@ -5,6 +5,13 @@ Combination of strip & sanitize filters
 $var = 'XYZ< script>alert(/ext/filter+bypass/);< /script>ABC';
 $a = filter_var($var, FILTER_SANITIZE_STRING, array("flags" => FILTER_FLAG_STRIP_LOW));
 echo $a . "\n";
+
+$var = 'XYZ<
+script>alert(/ext/filter+bypass/);<
+/script>ABC';
+$a = filter_var($var, FILTER_SANITIZE_STRING, array("flags" => FILTER_FLAG_STRIP_LOW));
+echo $a . "\n";
 ?>
 --EXPECT--
 XYZalert(/ext/filter+bypass/);ABC
+XYZalert(/ext/filter+bypass/);ABC
diff --git a/ext/filter/tests/044.phpt b/ext/filter/tests/044.phpt
new file mode 100644
index 0000000000..6aa1114d34
--- /dev/null
+++ b/ext/filter/tests/044.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Integer validation with spaces
+--FILE--
+<?php 
+$vals = array(
+"	
+ ",
+" ",
+" 123",
+" 123.01 ",
+);
+
+foreach ($vals as $var) {
+	var_dump(filter_var($var, FILTER_VALIDATE_FLOAT));
+}
+?>
+--EXPECT--
+bool(false)
+bool(false)
+float(123)
+float(123.01)
\ No newline at end of file
-- 
2.50.1