php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #50847 strip_tags() fails with extremely long tags (attributes)
Submitted: 2010-01-26 15:06 UTC Modified: 2010-02-01 12:59 UTC
From: grayson at levy dot org dot il Assigned:
Status: Closed Package: Strings related
PHP Version: 5.*, 6 OS: *
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: grayson at levy dot org dot il
New email:
PHP Version: OS:

 

 [2010-01-26 15:06 UTC] grayson at levy dot org dot il 
Description:
------------
strip_tags() removes long param tags even when param is in the exclude list.

Reproduce code:
---------------
$var = "<param value=\"file=http://www.whitehouse.gov/videos/2010/January/011910_FallsChurchVA.m4v&path_to_plugins=http://www.whitehouse.gov/sites/default/modules/wh_multimedia/wh_jwplayer/plugins&path_to_player=http://www.whitehouse.gov/sites/all/modules/swftools/shared/flash_media_player&skin=http://www.whitehouse.gov/sites/all/modules/swftools/shared/flash_media_player/skins/EOP_skin.swf&captions_url=http://www.whitehouse.gov/sites/default/files/av_closedcaption/011910_Race_to_the_Top_for_Education_Reform.srtI=http://www.whitehouse.gov/sites/default/files/audio-video/video_thumbnail/P011910LJ-0100-3_0.jpg&controlbar=bottom&frontcolor=AAAAAA&plugins=http://www.whitehouse.gov/sites/default/modules/wh_multimedia/wh_jwplayer/plugins/privacy/privacy,http://www.whitehouse.gov/sites/default/modules/wh_multimedia/wh_jwplayer/plugins/hat/hat,http://www.whitehouse.gov/sites/default/modules/wh_multimedia/wh_jwplayer/plugins/share/share,http://www.whitehouse.gov/sites/default/modules/wh_multimedia/wh_jwplayer/plugins/captions/captions&captions.file=http://www.whitehouse.gov/sites/default/files/av_closedcaption/011910_Race_to_the_Top_for_Education_Reform.srt\" name=\"flashvars\" />";

$var = strip_tags($var, "<param>");



Expected result:
----------------
$var should be unchanged.

Actual result:
--------------
$var is empty.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-01-26 17:18 UTC] jani@php.net 
It doesn't matter what the tag is. Or what it contains. Single char repeated enough times will make a mess..
 [2010-02-01 12:59 UTC] svn@php.net 
Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&revision=294303
Log: Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long)
 [2010-02-01 12:59 UTC] iliaa@php.net 
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.
 [2010-04-17 05:53 UTC] sarun37823 at bigfoot dot com 
http://th.php.net/ChangeLog-5.php#5.2.13
 
greater then 1023 bytes
should change to
greater than 1023 bytes
 
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Nov 23 08:01:28 2024 UTC