Bug #53755 [Opn->Bgs]: FILTER_SANITIZE_STRING truncates string with unmatched <

Tue, 18 Jan 2011 05:02:32 -0800 

Edit report at http://bugs.php.net/bug.php?id=53755&edit=1

 ID:                 53755
 Updated by:         il...@php.net
 Reported by:        pgarvin76 at gmail dot com
 Summary:            FILTER_SANITIZE_STRING truncates string with
                     unmatched <
-Status:             Open
+Status:             Bogus
 Type:               Bug
 Package:            Filter related
 Operating System:   Ubuntu/Linux
 PHP Version:        5.3.5
 Block user comment: N
 Private report:     N

 New Comment:

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php




Previous Comments:
------------------------------------------------------------------------
[2011-01-17 14:39:49] il...@php.net

The fix is not correct, since it would not change the fact that "four is
<6" would 

return "four is "

------------------------------------------------------------------------
[2011-01-15 01:50:01] pgarvin76 at gmail dot com

The bugtracker would let me upload my diff so I created a Gist for it on
Github.

https://gist.github.com/780577

I tested this solves the problem on 5.3.5.



Also here is a PHPT test for the bug.

https://gist.github.com/780574

------------------------------------------------------------------------
[2011-01-15 01:40:56] pgarvin76 at gmail dot com

Description:
------------
If a string containing an unmatched "<" character is run through the
FILTER_SANITIZE_STRING filter the string is truncated at the <.



The problem seems to stem from the last parameter in the call to
php_strip_tags_ex(). That parameter tells php_strip_tags_ex() ignore
spaces trailing "<" characters. I checked how php_strip_tags_ex() is
called in the PHP function strip_tags() and it tells php_strip_tags_ex
to allow spaced after a "<".



See ext/filter/santitizing_filters.c line 203 and ext/standard/string.c
line 4023 in PHP 5.3.5.

Test script:
---------------
echo filter_var('four is < 6', FILTER_SANITIZE_STRING);

Expected result:
----------------
four is < 6

Actual result:
--------------
four is 


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=53755&edit=1

Reply via email to