Package: php
Version: php5
Severity: normal
strip_tags() produces incorrect output for certain input that contains
an apostrophe. The basic bug is that, if strip_tags() encounters an
apostrophe anywhere other than the first character of its input string,
then all input from the '<' that opens the first HTML tag that follows
the offending apostrophe will be cut off. For instance:
strip_tags("'<test>b") --> "'b"
strip_tags("a'<test>b") --> "a'"
strip_tags("<test>'<test>b") --> "'"
This is a serious issue and can cause a denial of service and loss of
data whenever code relies on strip_tags() to sanitize its input.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-amd64
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
