php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #42882 strip_tags() interprets <' and <= as tags
Submitted: 2007-10-07 11:44 UTC Modified: 2007-11-12 10:33 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: pub1 at hverdag dot dk Assigned:
Status: Not a bug Package: Strings related
PHP Version: 5CVS-2007-10-07 (snap) OS: WinXP Pro
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: pub1 at hverdag dot dk
New email:
PHP Version: OS:

 

 [2007-10-07 11:44 UTC] pub1 at hverdag dot dk 
Description:
------------
Description:
------------
strip_tags() removes too much information, it incorrectly interprets <' and <= as tags. In version 5.1.6 strip_tags($string, "<'><=>") (as mentioned in reproducing code) would solve the problem, but in the 5.2.5-dev snapshot it does not and it even cuts out even more text.

Reproduce code:
---------------
<?php
$string = <<<EOD
Message: Database query for getting dateblock titles failed.
MySQL error: 'opening_date >= '2007-01-01' AND closing_date <' at line 1
SQL: SELECT title FROM dateblocks WHERE opening_date >= '2007-01-01' AND closing_date <= '2007-12-31'
Level 1 file: C:\Inetpub\wwwroot\includes\ini_functions_dateblock.php / line <b>563</b>
Level 2 file: C:\Inetpub\wwwroot\includes\ini_functions_dateblock.php / line <b>750</b> / set_dateblock(<b><font color="brown">'add'</font></b>,  array(
  'opening_date' => '10/19/2007',
  'closing_date' => '11/3/2007',
  'title' => 'flajdsflkj',
))
EOD;

echo strip_tags($string);  //this does it INCORRECTLY
#echo strip_tags($string, "<'><=>");  //this one does it CORRECTLY in 5.1.6 (but not newest snapshot)
?>


Expected result:
----------------
Only the <b> and <font> tags should be removed.

Actual result:
--------------
Everything after the first "closing_date" is cut off! In 5.1.6 some of the remaining text was not cut off.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-11-12 10:33 UTC] tony2001@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Sun May 11 18:01:27 2025 UTC