hirokawa Sat, 24 Sep 2011 02:12:17 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=317231
Log: MFH: fixed #40685: removed '&' in mb_decode_numericentity(). Bug: https://bugs.php.net/40685 (Bogus) '&&&' => '&&' at mb_decode_numericentity Changed paths: U php/php-src/branches/PHP_5_4/ext/mbstring/libmbfl/mbfl/mbfilter.c A php/php-src/branches/PHP_5_4/ext/mbstring/tests/bug40685.phpt Modified: php/php-src/branches/PHP_5_4/ext/mbstring/libmbfl/mbfl/mbfilter.c =================================================================== --- php/php-src/branches/PHP_5_4/ext/mbstring/libmbfl/mbfl/mbfilter.c 2011-09-24 02:11:48 UTC (rev 317230) +++ php/php-src/branches/PHP_5_4/ext/mbstring/libmbfl/mbfl/mbfilter.c 2011-09-24 02:12:17 UTC (rev 317231) @@ -2954,6 +2954,80 @@ return c; } +int mbfl_filt_decode_htmlnumericentity_flush(mbfl_convert_filter *filter) +{ + struct collector_htmlnumericentity_data *pc = (struct collector_htmlnumericentity_data *)filter; + int n, s, r, d; + + if (pc->status) { + switch (pc->status) { + case 1: /* '&' */ + (*pc->decoder->filter_function)(0x26, pc->decoder); /* '&' */ + break; + case 2: /* '#' */ + (*pc->decoder->filter_function)(0x26, pc->decoder); /* '&' */ + (*pc->decoder->filter_function)(0x23, pc->decoder); /* '#' */ + break; + case 3: /* '0'-'9' */ + (*pc->decoder->filter_function)(0x26, pc->decoder); /* '&' */ + (*pc->decoder->filter_function)(0x23, pc->decoder); /* '#' */ + + s = pc->cache; + r = 1; + n = pc->digit; + while (n > 0) { + r *= 10; + n--; + } + s %= r; + r /= 10; + while (r > 0) { + d = s/r; + s %= r; + r /= 10; + (*pc->decoder->filter_function)(mbfl_hexchar_table[d], pc->decoder); + } + + break; + case 4: /* 'x' */ + (*pc->decoder->filter_function)(0x26, pc->decoder); /* '&' */ + (*pc->decoder->filter_function)(0x23, pc->decoder); /* '#' */ + (*pc->decoder->filter_function)(0x78, pc->decoder); /* 'x' */ + break; + case 5: /* '0'-'9','a'-'f' */ + (*pc->decoder->filter_function)(0x26, pc->decoder); /* '&' */ + (*pc->decoder->filter_function)(0x23, pc->decoder); /* '#' */ + (*pc->decoder->filter_function)(0x78, pc->decoder); /* 'x' */ + + s = pc->cache; + r = 1; + n = pc->digit; + while (n > 0) { + r *= 16; + n--; + } + s %= r; + r /= 16; + while (r > 0) { + d = s/r; + s %= r; + r /= 16; + (*pc->decoder->filter_function)(mbfl_hexchar_table[d], pc->decoder); + } + break; + default: + break; + } + } + + pc->status = 0; + pc->cache = 0; + pc->digit = 0; + + return 0; +} + + mbfl_string * mbfl_html_numeric_entity( mbfl_string *string, @@ -2996,7 +3070,8 @@ encoder = mbfl_convert_filter_new( string->no_encoding, mbfl_no_encoding_wchar, - collector_decode_htmlnumericentity, 0, &pc); + collector_decode_htmlnumericentity, + (int (*)(void*))mbfl_filt_decode_htmlnumericentity_flush, &pc); } if (pc.decoder == NULL || encoder == NULL) { mbfl_convert_filter_delete(encoder); Added: php/php-src/branches/PHP_5_4/ext/mbstring/tests/bug40685.phpt =================================================================== --- php/php-src/branches/PHP_5_4/ext/mbstring/tests/bug40685.phpt (rev 0) +++ php/php-src/branches/PHP_5_4/ext/mbstring/tests/bug40685.phpt 2011-09-24 02:12:17 UTC (rev 317231) @@ -0,0 +1,25 @@ +--TEST-- +Bug #40685 (mb_decode_numericentity() removes '&' in the string) +--SKIPIF-- +<?php extension_loaded('mbstring') or die('skip mbstring not available'); ?> +--FILE-- +<?php +$map = array(0, 0x10FFFF, 0, 0xFFFFFF); +var_dump(mb_decode_numericentity('&', $map, 'UTF-8')); +var_dump(mb_decode_numericentity('&&&', $map, 'UTF-8')); +var_dump(mb_decode_numericentity('&#', $map, 'UTF-8')); +var_dump(mb_decode_numericentity('&#x', $map, 'UTF-8')); +var_dump(mb_decode_numericentity('=', $map, 'UTF-8')); +var_dump(mb_decode_numericentity('=', $map, 'UTF-8')); +var_dump(mb_decode_numericentity('=', $map, 'UTF-8')); +var_dump(mb_decode_numericentity('=', $map, 'UTF-8')); +?> +--EXPECTF-- +string(1) "&" +string(3) "&&&" +string(2) "&#" +string(3) "&#x" +string(4) "=" +string(5) "=" +string(1) "=" +string(1) "=" Property changes on: php/php-src/branches/PHP_5_4/ext/mbstring/tests/bug40685.phpt ___________________________________________________________________ Added: svn:keywords + Id Rev Revision Added: svn:eol-style + native
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php