From bd4150ed806a2aebd8bdbd90c97459681c0b485c Mon Sep 17 00:00:00 2001
From: Gavin Sherry <swm@php.net>
Date: Wed, 22 Aug 2001 05:47:11 +0000
Subject: [PATCH] Fixed buffer overflow issue.

---
 ext/standard/string.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/ext/standard/string.c b/ext/standard/string.c
index 9656b116ca..058ab85dfa 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -3289,16 +3289,23 @@ PHPAPI void php_strip_tags(char *rbuf, int len, int state, char *allow, int allo
 				break;
 
 			case '?':
-				if (state==1 && *(p-1)=='<' && *(p+1) != 'x' 
-				  && *(p+2) != 'm' && *(p+3) != 'l') {
 
+				if (state==1 && *(p-1)=='<') { 
 					br=0;
 					state=2;
 					break;
 				}
-					/* else, it is xml, since state == 1, lets just fall through
-					 * to '>'
-					 */
+
+			case 'l':
+
+				/* swm: If we encounter '<?xml' then we shouldn't be in
+				 * state == 2 (PHP). Switch back to HTML.
+				 */
+
+				if(state == 2 && *(p-1) == 'm' && *(p-2) == 'x') {
+					state = 1;
+					break;
+				}
 
 				/* fall-through */
 			default:
-- 
2.40.0