Yeah, I wrote that code.
I'm a little fuzzy on the original thinking, but think about something
like this:
abc <foo> <?echo "?>"; duh()?> def <bar>
This should, and does, strip down to:
abc def
If you got rid of the quote parsing, how do you know not to end the php
tag at the ?> inside the quotes?
Of course, I don't see any single-quote handling in there, so it isn't
completely implemented.
The bracket counting, along with the quote counting is only done in the
PHP state, and yes, I agree, it doesn't make a whole lot of sense the way
that is written. Basically, right now if you have a malformed PHP tag in
a string that doesn't close a function call:
abc <?foo("bar" ?> def
Will strip down to just
abc
I am sure that seemed logical at some point.
-Rasmus
On Mon, 29 Jul 2002, Brad LaFountain wrote:
> Is any developer familiar with php_strip_tags? I was looking into but 7472 and
> php_strip_tags seems like its keeping track of "'s and changing the state
> according to "'s. From what I can tell the state machine shouldn't need to
> worry about "'s, but I might be missing something obvious tho. Commenting out
> the case '"' fixes the bugs reported by 7427. I don't want to commit it if it
> will break anything else.
>
> Additionally it also keeps track of ('s and )'s. Is this needed as well?
>
> http://bugs.php.net/bug.php?id=7472
>
> - brad
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Health - Feel better, live better
> http://health.yahoo.com
>
> --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
