From: icewavestone at gmail dot com
Operating system: all
PHP version: 5.3.18
Package: DOM XML related
Bug Type: Bug
Bug
description:domå¤çæ ç¾scriptéåæ¶ä¼å°scriptæ ç¾éçæ°æ®ä¸¢å¤±ä¸é¨å
Description:
------------
使ç¨DOMDocument对ä¸æ®µå符串è¿è¡æ ç¾éåå¤çæ¶ï¼å¦æå符串å
å«æscriptæ ç¾ï¼å¨<script></script>æ ç¾éçå
¶ä»çæ ç¾ä¼å¨è¿è¡æ ç¾éåå¤çæ¶ï¼ä¼åºç°ä¸¢å¤±ãå¦å符串ï¼<b>aaaaa<div
ID="te<te"st>st"> startstartstartenhao好å¼å§æµ<b>è¯ç¼è¾å¨\næ交çæ°æ®<br>åµ\nåµ<br>åå<br>å¯endendendend\n\n<br></div><script><span>111</span>alert("<span>ä½ å¥½ï¼</span>")</script>ã
å
¶ä¸<script><span>111</span>alert("<span>ä½ å¥½ï¼</span>")</script>è¿æ®µå符串ä¼å¨ç»è¿ï¼
$dom = new DOMDocument();
$dom->loadHTML('<html><head><meta http-equiv="Content-Type"
content="text/html; charset=utf-8"></head><body>' . $html .
'</body></html>');
$html = $dom->saveHTML();
è¿äºå½æ°å¤çåï¼åæï¼
<script><span>111alert("<span>ä½ å¥½ï¼")</script>
ä¸ç¥ä¸ºä»ä¹ä¼æ¯è¿æ ·çç»æ
Test script:
---------------
å®æ´çæµè¯ä»£ç 段为ï¼
$html = '<b>aaaaa<div
ID="te<te"st>st"> startstartstartenhao好å¼å§æµ<b>è¯ç¼è¾å¨\næ交çæ°æ®<br>åµ\nåµ<br>åå<br>å¯endendendend\n\n<br></div><script><span>111</span>alert("<span>ä½ å¥½ï¼</span>")</script>';
libxml_clear_errors();
$libxml_use_errors = libxml_use_internal_errors(true);
$dom = new DOMDocument();
$dom->loadHTML('<html><head><meta http-equiv="Content-Type"
content="text/html; charset=utf-8"></head><body>' . $html .
'</body></html>');
$html = $dom->saveHTML();
$body_start = strpos($html, '<body>');
$body_end = strrpos($html, '</body>');
$new_string = str_replace("\n", '', substr($html, $body_start + 6,
$body_end - $body_start - 6));
libxml_use_internal_errors($libxml_use_errors);
echo $html . "\n" . $new_string . "\n";
Expected result:
----------------
æµè¯å符串ï¼
<script><span>111</span>alert("<span>ä½ å¥½ï¼</span>")</script>
ç»è¿:$dom = new DOMDocument();
$dom->loadHTML('<html><head><meta http-equiv="Content-Type"
content="text/html; charset=utf-8"></head><body>' . $html .
'</body></html>');
$html = $dom->saveHTML();å¤çåï¼
å¸æè¿åºè¯¥æ¯ï¼
<script><span>111</span>alert("<span>ä½ å¥½ï¼</span>")</script>
Actual result:
--------------
å¦å符串ï¼
<script><span>111</span>alert("<span>ä½ å¥½ï¼</span>")</script>
ç°å¨çè¿åç»ææ¯ï¼
<script><span>111alert("<span>ä½ å¥½ï¼")</script>
--
Edit bug report at https://bugs.php.net/bug.php?id=63417&edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=63417&r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=63417&r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=63417&r=trysnapshottrunk
Fixed in SVN: https://bugs.php.net/fix.php?id=63417&r=fixed
Fixed in release: https://bugs.php.net/fix.php?id=63417&r=alreadyfixed
Need backtrace: https://bugs.php.net/fix.php?id=63417&r=needtrace
Need Reproduce Script: https://bugs.php.net/fix.php?id=63417&r=needscript
Try newer version: https://bugs.php.net/fix.php?id=63417&r=oldversion
Not developer issue: https://bugs.php.net/fix.php?id=63417&r=support
Expected behavior: https://bugs.php.net/fix.php?id=63417&r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=63417&r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=63417&r=submittedtwice
register_globals: https://bugs.php.net/fix.php?id=63417&r=globals
PHP 4 support discontinued: https://bugs.php.net/fix.php?id=63417&r=php4
Daylight Savings: https://bugs.php.net/fix.php?id=63417&r=dst
IIS Stability: https://bugs.php.net/fix.php?id=63417&r=isapi
Install GNU Sed: https://bugs.php.net/fix.php?id=63417&r=gnused
Floating point limitations: https://bugs.php.net/fix.php?id=63417&r=float
No Zend Extensions: https://bugs.php.net/fix.php?id=63417&r=nozend
MySQL Configuration Error: https://bugs.php.net/fix.php?id=63417&r=mysqlcfg
