iliaa Mon Dec 18 14:56:40 2006 UTC
Added files: (Branch: PHP_5_2)
/php-src/ext/filter/tests 044.phpt
Modified files:
/php-src NEWS
/php-src/ext/filter filter_private.h logical_filters.c
/php-src/ext/filter/tests 042.phpt
Log:
Fixed bugs with trimming of spaces
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.437&r2=1.2027.2.547.2.438&diff_format=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.2027.2.547.2.437 php-src/NEWS:1.2027.2.547.2.438
--- php-src/NEWS:1.2027.2.547.2.437 Mon Dec 18 14:56:20 2006
+++ php-src/NEWS Mon Dec 18 14:56:40 2006
@@ -60,6 +60,7 @@
. Invalid filters fails instead of returning unsafe value
. Fixed possible double encoding problem with sanitizing filters
. Make use of space-strict strip_tags() function
+ . Fixed whitespace trimming
- Fixed FastCGI impersonation for persistent connections on Windows. (Dmitry)
- Fixed wrong signature initialization in imagepng (Takeshi Abe)
- Added optimization for imageline with horizontal and vertial lines (Pierre)
http://cvs.php.net/viewvc.cgi/php-src/ext/filter/filter_private.h?r1=1.12.2.6&r2=1.12.2.7&diff_format=u
Index: php-src/ext/filter/filter_private.h
diff -u php-src/ext/filter/filter_private.h:1.12.2.6
php-src/ext/filter/filter_private.h:1.12.2.7
--- php-src/ext/filter/filter_private.h:1.12.2.6 Tue Dec 5 01:24:18 2006
+++ php-src/ext/filter/filter_private.h Mon Dec 18 14:56:40 2006
@@ -16,7 +16,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: filter_private.h,v 1.12.2.6 2006/12/05 01:24:18 pajoye Exp $ */
+/* $Id: filter_private.h,v 1.12.2.7 2006/12/18 14:56:40 iliaa Exp $ */
#ifndef FILTER_PRIVATE_H
#define FILTER_PRIVATE_H
@@ -88,25 +88,30 @@
|| (id >= FILTER_VALIDATE_ALL && id <= FILTER_VALIDATE_LAST) \
|| id == FILTER_CALLBACK)
+#define RETURN_VALIDATION_FAILED \
+ zval_dtor(value); \
+ if (flags & FILTER_NULL_ON_FAILURE) { \
+ ZVAL_NULL(value); \
+ } else { \
+ ZVAL_FALSE(value); \
+ } \
+ return; \
+
#define PHP_FILTER_TRIM_DEFAULT(p, len, end) { \
- while (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\v') { \
+ while (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\v' || *p ==
'\n') { \
p++; \
len--; \
} \
- start = p; \
+ if (len < 1) { \
+ RETURN_VALIDATION_FAILED \
+ } \
+ start = p; \
end = p + len - 1; \
- if (*end == ' ' || *end == '\t' || *end == '\r' || *end == '\v') { \
- unsigned int i; \
- for (i = len - 1; i >= 0; i--) { \
- if (!(p[i] == ' ' || p[i] == '\t' || p[i] == '\r' ||
p[i] == '\v')) { \
- break; \
- } \
- } \
- i++; \
- p[i] = '\0'; \
- end = p + i - 1; \
- len = (int) (end - p) + 1; \
+ while (*end == ' ' || *end == '\t' || *end == '\r' || *end == '\v' ||
*end == '\n') { \
+ end--; \
} \
+ *(end + 1) = '\0'; \
+ len = (end - p + 1); \
}
http://cvs.php.net/viewvc.cgi/php-src/ext/filter/logical_filters.c?r1=1.1.2.13&r2=1.1.2.14&diff_format=u
Index: php-src/ext/filter/logical_filters.c
diff -u php-src/ext/filter/logical_filters.c:1.1.2.13
php-src/ext/filter/logical_filters.c:1.1.2.14
--- php-src/ext/filter/logical_filters.c:1.1.2.13 Sun Dec 17 03:26:04 2006
+++ php-src/ext/filter/logical_filters.c Mon Dec 18 14:56:40 2006
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: logical_filters.c,v 1.1.2.13 2006/12/17 03:26:04 bjori Exp $ */
+/* $Id: logical_filters.c,v 1.1.2.14 2006/12/18 14:56:40 iliaa Exp $ */
#include "php_filter.h"
#include "filter_private.h"
@@ -64,15 +64,6 @@
#define FORMAT_IPV4 4
#define FORMAT_IPV6 6
-#define RETURN_VALIDATION_FAILED \
- zval_dtor(value); \
- if (flags & FILTER_NULL_ON_FAILURE) { \
- ZVAL_NULL(value); \
- } else { \
- ZVAL_FALSE(value); \
- } \
- return; \
-
static int php_filter_parse_int(const char *str, unsigned int str_len, long
*ret TSRMLS_DC) { /* {{{ */
long ctx_value = 0;
long sign = 1;
@@ -308,6 +299,9 @@
}
str = Z_STRVAL_P(value);
+
+ PHP_FILTER_TRIM_DEFAULT(str, len, end);
+
start = str;
if (len == 1) {
@@ -335,8 +329,6 @@
dec_sep = *default_decimal;
}
- PHP_FILTER_TRIM_DEFAULT(str, len, end);
-
if (*str == '-') {
sign = -1;
str++;
http://cvs.php.net/viewvc.cgi/php-src/ext/filter/tests/042.phpt?r1=1.1.2.1&r2=1.1.2.2&diff_format=u
Index: php-src/ext/filter/tests/042.phpt
diff -u php-src/ext/filter/tests/042.phpt:1.1.2.1
php-src/ext/filter/tests/042.phpt:1.1.2.2
--- php-src/ext/filter/tests/042.phpt:1.1.2.1 Mon Dec 18 04:22:04 2006
+++ php-src/ext/filter/tests/042.phpt Mon Dec 18 14:56:40 2006
@@ -5,6 +5,13 @@
$var = 'XYZ< script>alert(/ext/filter+bypass/);< /script>ABC';
$a = filter_var($var, FILTER_SANITIZE_STRING, array("flags" =>
FILTER_FLAG_STRIP_LOW));
echo $a . "\n";
+
+$var = 'XYZ<
+script>alert(/ext/filter+bypass/);<
+/script>ABC';
+$a = filter_var($var, FILTER_SANITIZE_STRING, array("flags" =>
FILTER_FLAG_STRIP_LOW));
+echo $a . "\n";
?>
--EXPECT--
XYZalert(/ext/filter+bypass/);ABC
+XYZalert(/ext/filter+bypass/);ABC
http://cvs.php.net/viewvc.cgi/php-src/ext/filter/tests/044.phpt?view=markup&rev=1.1
Index: php-src/ext/filter/tests/044.phpt
+++ php-src/ext/filter/tests/044.phpt
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
