From d3a2e6852c40a4d9ecb31db816940edf106368fb Mon Sep 17 00:00:00 2001
From: Moriyoshi Koizumi <moriyoshi@php.net>
Date: Sun, 19 Jan 2003 12:56:26 +0000
Subject: [PATCH] MFH: fixed bug #21744

---
 ext/standard/string.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/ext/standard/string.c b/ext/standard/string.c
index 3f5ae30cc0..b21157070f 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -3515,8 +3515,16 @@ PHPAPI void php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, int
 					state = 3;
 					lc = c;
 				} else {
-					*(rp++) = c;
-				}	
+					if (state == 0) {
+						*(rp++) = c;
+					} else if (allow && state == 1) {
+						*(tp++) = c;
+						if ( (tp-tbuf) >= PHP_TAG_BUF_SIZE ) {
+							/* prevent buffer overflows */
+							tp = tbuf;
+						}
+					}
+				}
 				break;
 
 			case '?':
-- 
2.50.1