Edit report at http://bugs.php.net/bug.php?id=53755&edit=1
ID: 53755
Updated by: il...@php.net
Reported by: pgarvin76 at gmail dot com
Summary: FILTER_SANITIZE_STRING truncates string with
unmatched <
Status: Open
Type: Bug
Package: Filter related
Operating System: Ubuntu/Linux
PHP Version: 5.3.5
Block user comment: N
Private report: N
New Comment:
The fix is not correct, since it would not change the fact that "four is
<6" would
return "four is "
Previous Comments:
------------------------------------------------------------------------
[2011-01-15 01:50:01] pgarvin76 at gmail dot com
The bugtracker would let me upload my diff so I created a Gist for it on
Github.
https://gist.github.com/780577
I tested this solves the problem on 5.3.5.
Also here is a PHPT test for the bug.
https://gist.github.com/780574
------------------------------------------------------------------------
[2011-01-15 01:40:56] pgarvin76 at gmail dot com
Description:
------------
If a string containing an unmatched "<" character is run through the
FILTER_SANITIZE_STRING filter the string is truncated at the <.
The problem seems to stem from the last parameter in the call to
php_strip_tags_ex(). That parameter tells php_strip_tags_ex() ignore
spaces trailing "<" characters. I checked how php_strip_tags_ex() is
called in the PHP function strip_tags() and it tells php_strip_tags_ex
to allow spaced after a "<".
See ext/filter/santitizing_filters.c line 203 and ext/standard/string.c
line 4023 in PHP 5.3.5.
Test script:
---------------
echo filter_var('four is < 6', FILTER_SANITIZE_STRING);
Expected result:
----------------
four is < 6
Actual result:
--------------
four is
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=53755&edit=1
