PHP :: Bug #37898 :: strip_tags selectively strips allowed

Bug #37898

strip_tags selectively strips allowed_tags

Submitted:

2006-06-23 02:53 UTC

Modified:

2006-07-30 01:00 UTC

Votes:	2
Avg. Score:	3.5 ± 0.5
Reproduced:	2 of 2 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

admin at rcczone dot com

Assigned:

Status:

No Feedback

Package:

Strings related

PHP Version:

4.4.2

OS:

Linux / Apache

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	admin at rcczone dot com
New email:
PHP Version:		OS:

New Comment:

[2006-06-23 02:53 UTC] admin at rcczone dot com

Description:
------------
For some reason beyond my knowledge, the strip_tags function is selectively stripping allowed_tags. I have tested it against three relatively similar strings (all <embed> tags) and it passing on only one out of the three. The string and xhtml tags themselves are perfectly valid, and I have no clue why strip_tags is behaving in such a way.

Reproduce code:
---------------
echo strip_tags('<embed allowScriptAccess="never"   src="http://www.picturetrail.com/photoFlick/l_bookhorizontal.swf" name="photoFlick" FlashVars="img1=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756363.jpg&img2=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756370.jpg&img3=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756373.jpg&img4=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756375.jpg&img5=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756377.jpg&img6=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756379.jpg&img7=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756381.jpg&img8=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756384.jpg&img9=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756386.jpg&img10=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756388.jpg&img11=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756391.jpg&img12=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756394.jpg&img13=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756395.jpg&img14=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756397.jpg" loop="false" menu="false" quality="high" bgcolor="..ffffff" width="600" height="410" align="middle" allowScriptAccess="never" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer"></embed>','<embed>');

Expected result:
----------------
<embed allowScriptAccess="never"   src="http://www.picturetrail.com/photoFlick/l_bookhorizontal.swf" name="photoFlick" FlashVars="img1=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756363.jpg&img2=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756370.jpg&img3=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756373.jpg&img4=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756375.jpg&img5=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756377.jpg&img6=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756379.jpg&img7=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756381.jpg&img8=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756384.jpg&img9=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756386.jpg&img10=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756388.jpg&img11=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756391.jpg&img12=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756394.jpg&img13=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756395.jpg&img14=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756397.jpg" loop="false" menu="false" quality="high" bgcolor="..ffffff" width="600" height="410" align="middle" allowScriptAccess="never" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer"></embed>

Actual result:
--------------
</embed>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2006-07-22 12:15 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

[2006-07-30 01:00 UTC] php-bugs at lists dot php dot net

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

[2007-06-20 14:10 UTC] vorandrew+php at gmail dot com

Code:
=================
<?php
var_dump($data['Value']);
$text = trim(strip_tags($data['Value'],'<br><a><b><strong><i><em><u>'));
var_dump($text);
?>

Result:
=================
string(218) "Cliquez &quot;TELECHARGEZ MAINTENANT&quot; pour commencer l'instalation du logiciel de Casino Las Vegas<br />
<br />
<strong>Cliquez &agrave; nouveau sur &quot;Ouvrir (Run)&quot; (ou &quot;Ouvrir- Open&quot;).</strong>"
string(103) "Cliquez &quot;TELECHARGEZ MAINTENANT&quot; pour commencer l'instalation du logiciel de Casino Las Vegas"

[2007-06-20 14:12 UTC] vorandrew+php at gmail dot com

Linux IGMAPPSERV 2.6.18-4-686 #1 SMP Mon Mar 26 17:17:36 UTC 2007 i686 GNU/Linux

Packages
======================
ii  libapache2-mod-php5               5.2.0-8+etch4                   server-side, HTML-embedded scripting languag
ii  php-pear                          5.2.0-8+etch4                   PEAR - PHP Extension and Application Reposit
ii  php5                              5.2.0-8+etch4                   server-side, HTML-embedded scripting languag
ii  php5-cli                          5.2.0-8+etch4                   command-line interpreter for the php5 script
ii  php5-common                       5.2.0-8+etch4                   Common files for packages built from the php
ii  php5-dev                          5.2.0-8+etch4                   Files for PHP5 module development
ii  php5-gd                           5.2.0-8+etch4                   GD module for php5
ii  php5-imagick                      0.9.11+1-4.1                    ImageMagick module for php5
ii  php5-mysql                        5.2.0-8+etch4                   MySQL module for php5
ii  php5-sqlite                       5.2.0-8+etch4                   SQLite module for php5
ii  phpmyadmin                        2.9.1.1-3                       Administrate MySQL over the WWW

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 01:01:30 2024 UTC