pajoye                                   Thu, 04 Feb 2010 09:44:16 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=294517

Log:
- Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long)

Bug: http://bugs.php.net/50847 (unknown) 
      
Changed paths:
    _U  php/php-src/branches/PHP_5_3_2/
    U   php/php-src/branches/PHP_5_3_2/ext/standard/string.c
    A + php/php-src/branches/PHP_5_3_2/ext/standard/tests/strings/bug50847.phpt
        (from 
php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug50847.phpt:r294303)
    _U  php/php-src/branches/PHP_5_3_2/ext/tidy/tests/
    _U  
php/php-src/branches/PHP_5_3_2/tests/security/open_basedir_parse_ini_file.phpt

Property changes on: php/php-src/branches/PHP_5_3_2
___________________________________________________________________
Modified: svn:mergeinfo
   - /php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611,292624,292630,292632-292635,292654,292677,292682-292683,292693,292716,292719,292762,292765,292771,292777,292823,293051,293075,293114,293126,293131,293144,293146,293152,293176,293180,293216,293235,293253,293268,293341,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293974,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278,294285
/php/php-src/trunk:284726
   + /php/php-src/branches/PHP_5_3:292504,292574,292594-292595,292611,292624,292630,292632-292635,292654,292677,292682-292683,292693,292716,292719,292762,292765,292771,292777,292823,293051,293075,293114,293126,293131,293144,293146,293152,293176,293180,293216,293235,293253,293268,293341,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293974,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278,294285,294303
/php/php-src/trunk:284726

Modified: php/php-src/branches/PHP_5_3_2/ext/standard/string.c
===================================================================
--- php/php-src/branches/PHP_5_3_2/ext/standard/string.c	2010-02-04 09:42:06 UTC (rev 294516)
+++ php/php-src/branches/PHP_5_3_2/ext/standard/string.c	2010-02-04 09:44:16 UTC (rev 294517)
@@ -4243,7 +4243,7 @@
 {
 	char *tbuf, *buf, *p, *tp, *rp, c, lc;
 	int br, i=0, depth=0, in_q = 0;
-	int state = 0;
+	int state = 0, pos;

 	if (stateptr)
 		state = *stateptr;
@@ -4256,7 +4256,7 @@
 	br = 0;
 	if (allow) {
 		php_strtolower(allow, allow_len);
-		tbuf = emalloc(PHP_TAG_BUF_SIZE+1);
+		tbuf = emalloc(PHP_TAG_BUF_SIZE + 1);
 		tp = tbuf;
 	} else {
 		tbuf = tp = NULL;
@@ -4277,7 +4277,11 @@
 					lc = '<';
 					state = 1;
 					if (allow) {
-						tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
+						if (tp - tbuf >= PHP_TAG_BUF_SIZE) {
+							pos = tp - tbuf;
+							tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1);
+							tp = tbuf + pos;
+						}
 						*(tp++) = '<';
 				 	}
 				} else if (state == 1) {
@@ -4292,7 +4296,11 @@
 						br++;
 					}
 				} else if (allow && state == 1) {
-					tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
+					if (tp - tbuf >= PHP_TAG_BUF_SIZE) {
+						pos = tp - tbuf;
+						tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1);
+						tp = tbuf + pos;
+					}
 					*(tp++) = c;
 				} else if (state == 0) {
 					*(rp++) = c;
@@ -4306,7 +4314,11 @@
 						br--;
 					}
 				} else if (allow && state == 1) {
-					tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
+					if (tp - tbuf >= PHP_TAG_BUF_SIZE) {
+						pos = tp - tbuf;
+						tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1);
+						tp = tbuf + pos;
+					}
 					*(tp++) = c;
 				} else if (state == 0) {
 					*(rp++) = c;
@@ -4328,7 +4340,11 @@
 						lc = '>';
 						in_q = state = 0;
 						if (allow) {
-							tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
+							if (tp - tbuf >= PHP_TAG_BUF_SIZE) {
+								pos = tp - tbuf;
+								tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1);
+								tp = tbuf + pos;
+							}
 							*(tp++) = '>';
 							*tp='\0';
 							if (php_tag_find(tbuf, tp-tbuf, allow)) {
@@ -4378,7 +4394,11 @@
 				} else if (state == 0) {
 					*(rp++) = c;
 				} else if (allow && state == 1) {
-					tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
+					if (tp - tbuf >= PHP_TAG_BUF_SIZE) {
+						pos = tp - tbuf;
+						tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1);
+						tp = tbuf + pos;
+					}
 					*(tp++) = c;
 				}
 				if (state && p != buf && (state == 1 || *(p-1) != '\\') && (!in_q || *p == in_q)) {
@@ -4399,7 +4419,11 @@
 					if (state == 0) {
 						*(rp++) = c;
 					} else if (allow && state == 1) {
-						tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
+						if (tp - tbuf >= PHP_TAG_BUF_SIZE) {
+							pos = tp - tbuf;
+							tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1);
+							tp = tbuf + pos;
+						}
 						*(tp++) = c;
 					}
 				}
@@ -4454,7 +4478,11 @@
 				if (state == 0) {
 					*(rp++) = c;
 				} else if (allow && state == 1) {
-					tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp);
+					if (tp - tbuf >= PHP_TAG_BUF_SIZE) {
+						pos = tp - tbuf;
+						tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1);
+						tp = tbuf + pos;
+					}
 					*(tp++) = c;
 				}
 				break;

Copied: php/php-src/branches/PHP_5_3_2/ext/standard/tests/strings/bug50847.phpt (from rev 294303, php/php-src/branches/PHP_5_3/ext/standard/tests/strings/bug50847.phpt)
===================================================================
--- php/php-src/branches/PHP_5_3_2/ext/standard/tests/strings/bug50847.phpt	                        (rev 0)
+++ php/php-src/branches/PHP_5_3_2/ext/standard/tests/strings/bug50847.phpt	2010-02-04 09:44:16 UTC (rev 294517)
@@ -0,0 +1,10 @@
+--TEST--
+Bug #50847 (strip_tags() removes all tags greater then 1023 bytes long)
+--FILE--
+<?php
+$var = '<param value="' . str_repeat("a", 2048) . '" />';
+var_dump(strip_tags($var, "<param>"), strip_tags($var));
+?>
+--EXPECT--
+string(2066) "<param value="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" />"
+string(0) ""


Property changes on: php/php-src/branches/PHP_5_3_2/ext/tidy/tests
___________________________________________________________________
Modified: svn:mergeinfo
   - /php/php-src/branches/PHP_5_3/ext/tidy/tests:292562,292566,292571,292574,292635,292716,292719,292765,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278,294285
/php/php-src/trunk/ext/tidy/tests:284726,287798-287941
   + /php/php-src/branches/PHP_5_3/ext/tidy/tests:292562,292566,292571,292574,292635,292716,292719,292765,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278,294285,294303
/php/php-src/trunk/ext/tidy/tests:284726,287798-287941


Property changes on: php/php-src/branches/PHP_5_3_2/tests/security/open_basedir_parse_ini_file.phpt
___________________________________________________________________
Modified: svn:mergeinfo
   - /php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:292562,292566,292571,292574,292716,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278,294285
/php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:265951
   + /php/php-src/branches/PHP_5_3/tests/security/open_basedir_parse_ini_file.phpt:292562,292566,292571,292574,292716,293146,293152,293176,293180,293216,293235,293253,293380,293400,293442,293447,293466,293487,293502,293538,293548,293558,293588,293590,293597,293627,293644,293653,293655,293699,293726-293728,293732,293762,293768,293804,293862,293897,293901-293902,293906,293965,293985,293998,294040,294053,294089,294094,294100,294102,294104,294267,294269,294272,294278,294285,294303
/php/php-src/trunk/tests/security/open_basedir_parse_ini_file.phpt:265951
-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to