From ff7ed9021cd72a7f82dd4301cdc266afdff458ad Mon Sep 17 00:00:00 2001 From: Julien Pauli Date: Tue, 22 Dec 2015 16:25:51 +0100 Subject: [PATCH] Fix #70720 --- NEWS | 3 +++ ext/standard/string.c | 5 ++++- ext/standard/tests/strings/bug70720.phpt | 12 ++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 ext/standard/tests/strings/bug70720.phpt diff --git a/NEWS b/NEWS index 16865d67bb..78b7437165 100644 --- a/NEWS +++ b/NEWS @@ -17,6 +17,9 @@ PHP NEWS - Session: . Fixed bug #71122 (Session GC may not remove obsolete session data). (Yasuo) +- Standard: + . Fixed bug #70720 (strip_tags improper php code parsing). (Julien) + 17 Dec 2015, PHP 5.6.17 - Core: diff --git a/ext/standard/string.c b/ext/standard/string.c index 8a960a8ed4..a99faf2665 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -4689,6 +4689,9 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, switch (state) { case 1: /* HTML/XML */ lc = '>'; + if (*(p -1) == '-') { + break; + } in_q = state = 0; if (allow) { if (tp - tbuf >= PHP_TAG_BUF_SIZE) { @@ -4818,7 +4821,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, * state == 2 (PHP). Switch back to HTML. */ - if (state == 2 && p > buf+2 && strncasecmp(p-2, "xm", 2) == 0) { + if (state == 2 && p > buf+2 && strncasecmp(p-4, "test(); ?> this is a test')); +var_dump(strip_tags('test(); ?> this is a test')); +var_dump(strip_tags('test(); ?> this is a test')); +?> +--EXPECTF-- +string(15) " this is a test" +string(15) " this is a test" +string(15) " this is a test" \ No newline at end of file -- 2.40.0