pajoye Thu, 04 Feb 2010 09:44:16 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=294517
Log: - Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long) Bug: http://bugs.php.net/50847 (unknown) Changed paths: _U php/php-src/branches/PHP_5_3_2/ U php/php-src/branches/PHP_5_3_2/ext/standard/string.c A + php/php-src/branches/PHP_5_3_2/ext/standard/tests/strings/bug50847.phpt (from php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug50847.phpt:r294303) _U php/php-src/branches/PHP_5_3_2/ext/tidy/tests/ _U php/php-src/branches/PHP_5_3_2/tests/security/open_basedir_parse_ini_file.phpt
Property changes on: php/php-src/branches/PHP_5_3_2 ___________________________________________________________________ Modified: svn:mergeinfo - /php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611,292624,292630,292632-292635,292654,292677,292682-292683,292693,292716,292719,292762,292765,292771,292777,292823,293051,293075,293114,293126,293131,293144,293146,293152,293176,293180,293216,293235,293253,293268,293341,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293974,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278,294285 /php/php-src/trunk:284726 + /php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611,292624,292630,292632-292635,292654,292677,292682-292683,292693,292716,292719,292762,292765,292771,292777,292823,293051,293075,293114,293126,293131,293144,293146,293152,293176,293180,293216,293235,293253,293268,293341,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293974,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278,294285,294303 /php/php-src/trunk:284726 Modified: php/php-src/branches/PHP_5_3_2/ext/standard/string.c =================================================================== --- php/php-src/branches/PHP_5_3_2/ext/standard/string.c 2010-02-04 09:42:06 UTC (rev 294516) +++ php/php-src/branches/PHP_5_3_2/ext/standard/string.c 2010-02-04 09:44:16 UTC (rev 294517) @@ -4243,7 +4243,7 @@ { char *tbuf, *buf, *p, *tp, *rp, c, lc; int br, i=0, depth=0, in_q = 0; - int state = 0; + int state = 0, pos; if (stateptr) state = *stateptr; @@ -4256,7 +4256,7 @@ br = 0; if (allow) { php_strtolower(allow, allow_len); - tbuf = emalloc(PHP_TAG_BUF_SIZE+1); + tbuf = emalloc(PHP_TAG_BUF_SIZE + 1); tp = tbuf; } else { tbuf = tp = NULL; @@ -4277,7 +4277,11 @@ lc = '<'; state = 1; if (allow) { - tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); + if (tp - tbuf >= PHP_TAG_BUF_SIZE) { + pos = tp - tbuf; + tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); + tp = tbuf + pos; + } *(tp++) = '<'; } } else if (state == 1) { @@ -4292,7 +4296,11 @@ br++; } } else if (allow && state == 1) { - tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); + if (tp - tbuf >= PHP_TAG_BUF_SIZE) { + pos = tp - tbuf; + tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); + tp = tbuf + pos; + } *(tp++) = c; } else if (state == 0) { *(rp++) = c; @@ -4306,7 +4314,11 @@ br--; } } else if (allow && state == 1) { - tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); + if (tp - tbuf >= PHP_TAG_BUF_SIZE) { + pos = tp - tbuf; + tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); + tp = tbuf + pos; + } *(tp++) = c; } else if (state == 0) { *(rp++) = c; @@ -4328,7 +4340,11 @@ lc = '>'; in_q = state = 0; if (allow) { - tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); + if (tp - tbuf >= PHP_TAG_BUF_SIZE) { + pos = tp - tbuf; + tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); + tp = tbuf + pos; + } *(tp++) = '>'; *tp='\0'; if (php_tag_find(tbuf, tp-tbuf, allow)) { @@ -4378,7 +4394,11 @@ } else if (state == 0) { *(rp++) = c; } else if (allow && state == 1) { - tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); + if (tp - tbuf >= PHP_TAG_BUF_SIZE) { + pos = tp - tbuf; + tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); + tp = tbuf + pos; + } *(tp++) = c; } if (state && p != buf && (state == 1 || *(p-1) != '\\') && (!in_q || *p == in_q)) { @@ -4399,7 +4419,11 @@ if (state == 0) { *(rp++) = c; } else if (allow && state == 1) { - tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); + if (tp - tbuf >= PHP_TAG_BUF_SIZE) { + pos = tp - tbuf; + tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); + tp = tbuf + pos; + } *(tp++) = c; } } @@ -4454,7 +4478,11 @@ if (state == 0) { *(rp++) = c; } else if (allow && state == 1) { - tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); + if (tp - tbuf >= PHP_TAG_BUF_SIZE) { + pos = tp - tbuf; + tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); + tp = tbuf + pos; + } *(tp++) = c; } break; Copied: php/php-src/branches/PHP_5_3_2/ext/standard/tests/strings/bug50847.phpt (from rev 294303, php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug50847.phpt) =================================================================== --- php/php-src/branches/PHP_5_3_2/ext/standard/tests/strings/bug50847.phpt (rev 0) +++ php/php-src/branches/PHP_5_3_2/ext/standard/tests/strings/bug50847.phpt 2010-02-04 09:44:16 UTC (rev 294517) @@ -0,0 +1,10 @@ +--TEST-- +Bug #50847 (strip_tags() removes all tags greater then 1023 bytes long) +--FILE-- +<?php +$var = '<param value="' . str_repeat("a", 2048) . '" />'; +var_dump(strip_tags($var, "<param>"), strip_tags($var)); +?> +--EXPECT-- +string(2066) "<param value="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" />" +string(0) "" Property changes on: php/php-src/branches/PHP_5_3_2/ext/tidy/tests ___________________________________________________________________ Modified: svn:mergeinfo - /php/php-src/branches/PHP_5_3/ext/tidy/tests:292562,292566,292571,292574,292635,292716,292719,292765,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278,294285 /php/php-src/trunk/ext/tidy/tests:284726,287798-287941 + /php/php-src/branches/PHP_5_3/ext/tidy/tests:292562,292566,292571,292574,292635,292716,292719,292765,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278,294285,294303 /php/php-src/trunk/ext/tidy/tests:284726,287798-287941 Property changes on: php/php-src/branches/PHP_5_3_2/tests/security/open_basedir_parse_ini_file.phpt ___________________________________________________________________ Modified: svn:mergeinfo - /php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:292562,292566,292571,292574,292716,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278,294285 /php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:265951 + /php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:292562,292566,292571,292574,292716,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278,294285,294303 /php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:265951
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php