[PHP-CVS] cvs: php-src /ext/filter filter_private.h logical_filters.c /ext/filter/tests 042.phpt 044.phpt

Mon, 18 Dec 2006 07:00:41 -0800 

iliaa           Mon Dec 18 14:57:20 2006 UTC

  Modified files:              
    /php-src/ext/filter filter_private.h logical_filters.c 
    /php-src/ext/filter/tests   044.phpt 042.phpt 
  Log:
  MFB: Fixed bugs with trimming of spaces
  
  
http://cvs.php.net/viewvc.cgi/php-src/ext/filter/filter_private.h?r1=1.17&r2=1.18&diff_format=u
Index: php-src/ext/filter/filter_private.h
diff -u php-src/ext/filter/filter_private.h:1.17 
php-src/ext/filter/filter_private.h:1.18
--- php-src/ext/filter/filter_private.h:1.17    Tue Dec  5 01:23:42 2006
+++ php-src/ext/filter/filter_private.h Mon Dec 18 14:57:20 2006
@@ -16,7 +16,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: filter_private.h,v 1.17 2006/12/05 01:23:42 pajoye Exp $ */
+/* $Id: filter_private.h,v 1.18 2006/12/18 14:57:20 iliaa Exp $ */
 
 #ifndef FILTER_PRIVATE_H
 #define FILTER_PRIVATE_H
@@ -88,25 +88,30 @@
 || (id >= FILTER_VALIDATE_ALL && id <= FILTER_VALIDATE_LAST) \
 || id == FILTER_CALLBACK)
 
+#define RETURN_VALIDATION_FAILED       \
+       zval_dtor(value);       \
+       if (flags & FILTER_NULL_ON_FAILURE) {   \
+               ZVAL_NULL(value);       \
+       } else {        \
+               ZVAL_FALSE(value);      \
+       }       \
+       return; \
+
 #define PHP_FILTER_TRIM_DEFAULT(p, len, end) { \
-       while (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\v') { \
+       while (*p == ' ' || *p == '\t' || *p == '\r' || *p == '\v' || *p == 
'\n') { \
                p++; \
                len--; \
        } \
-       start = p; \
+        if (len < 1) { \
+          RETURN_VALIDATION_FAILED \
+        } \
+        start = p; \
        end = p + len - 1; \
-       if (*end == ' ' || *end == '\t' || *end == '\r' || *end == '\v') { \
-               unsigned int i; \
-               for (i = len - 1; i >= 0; i--) { \
-                       if (!(p[i] == ' ' || p[i] == '\t' || p[i] == '\r' || 
p[i] == '\v')) { \
-                               break; \
-                       } \
-               } \
-               i++; \
-               p[i] = '\0'; \
-               end = p + i - 1; \
-               len = (int) (end - p) + 1; \
+       while (*end == ' ' || *end == '\t' || *end == '\r' || *end == '\v' || 
*end == '\n') { \
+           end--; \
        } \
+       *(end + 1) = '\0'; \
+       len = (end - p + 1); \
 }
 
 
http://cvs.php.net/viewvc.cgi/php-src/ext/filter/logical_filters.c?r1=1.17&r2=1.18&diff_format=u
Index: php-src/ext/filter/logical_filters.c
diff -u php-src/ext/filter/logical_filters.c:1.17 
php-src/ext/filter/logical_filters.c:1.18
--- php-src/ext/filter/logical_filters.c:1.17   Sun Dec 17 12:02:19 2006
+++ php-src/ext/filter/logical_filters.c        Mon Dec 18 14:57:20 2006
@@ -17,7 +17,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: logical_filters.c,v 1.17 2006/12/17 12:02:19 bjori Exp $ */
+/* $Id: logical_filters.c,v 1.18 2006/12/18 14:57:20 iliaa Exp $ */
 
 #include "php_filter.h"
 #include "filter_private.h"
@@ -68,15 +68,6 @@
 #define FORMAT_IPV4    4
 #define FORMAT_IPV6    6
 
-#define RETURN_VALIDATION_FAILED       \
-       zval_dtor(value);       \
-       if (flags & FILTER_NULL_ON_FAILURE) {   \
-               ZVAL_NULL(value);       \
-       } else {        \
-               ZVAL_FALSE(value);      \
-       }       \
-       return; \
-
 static int php_filter_parse_int(const char *str, unsigned int str_len, long 
*ret TSRMLS_DC) { /* {{{ */
        long ctx_value = 0;
        long sign = 1;
@@ -312,6 +303,9 @@
        }
 
        str = Z_STRVAL_P(value);
+
+       PHP_FILTER_TRIM_DEFAULT(str, len, end);
+
        start = str;
 
        if (len == 1) {
@@ -339,8 +333,6 @@
                dec_sep = *default_decimal;
        }
 
-       PHP_FILTER_TRIM_DEFAULT(str, len, end);
-
        if (*str == '-') {
                sign = -1;
                str++;
http://cvs.php.net/viewvc.cgi/php-src/ext/filter/tests/044.phpt?r1=1.1&r2=1.2&diff_format=u
Index: php-src/ext/filter/tests/044.phpt
diff -u /dev/null php-src/ext/filter/tests/044.phpt:1.2
--- /dev/null   Mon Dec 18 14:57:20 2006
+++ php-src/ext/filter/tests/044.phpt   Mon Dec 18 14:57:20 2006
@@ -0,0 +1,21 @@
+--TEST--
+Integer validation with spaces
+--FILE--
+<?php 
+$vals = array(
+"      
+ ",
+" ",
+" 123",
+" 123.01 ",
+);
+
+foreach ($vals as $var) {
+       var_dump(filter_var($var, FILTER_VALIDATE_FLOAT));
+}
+?>
+--EXPECT--
+bool(false)
+bool(false)
+float(123)
+float(123.01)
\ No newline at end of file
http://cvs.php.net/viewvc.cgi/php-src/ext/filter/tests/042.phpt?r1=1.2&r2=1.3&diff_format=u
Index: php-src/ext/filter/tests/042.phpt
diff -u php-src/ext/filter/tests/042.phpt:1.2 
php-src/ext/filter/tests/042.phpt:1.3
--- php-src/ext/filter/tests/042.phpt:1.2       Mon Dec 18 04:24:38 2006
+++ php-src/ext/filter/tests/042.phpt   Mon Dec 18 14:57:20 2006
@@ -5,6 +5,13 @@
 $var = 'XYZ< script>alert(/ext/filter+bypass/);< /script>ABC';
 $a = filter_var($var, FILTER_SANITIZE_STRING, array("flags" => 
FILTER_FLAG_STRIP_LOW));
 echo $a . "\n";
+
+$var = 'XYZ<
+script>alert(/ext/filter+bypass/);<
+/script>ABC';
+$a = filter_var($var, FILTER_SANITIZE_STRING, array("flags" => 
FILTER_FLAG_STRIP_LOW));
+echo $a . "\n";
 ?>
 --EXPECT--
 XYZalert(/ext/filter+bypass/);ABC
+XYZalert(/ext/filter+bypass/);ABC

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to