PHP :: Bug #56687 :: Crash on HTML tags when using FS

Bug #56687	Crash on HTML tags when using FS_STRING
Submitted:	2005-12-01 10:38 UTC	Modified:	2005-12-01 11:24 UTC
From:	ramsey@php.net	Assigned:	derick (profile)
Status:	Closed	Package:	filter (PECL)
PHP Version:	Irrelevant	OS:	Debian sarge
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	ramsey@php.net
New email:
PHP Version:		OS:

New Comment:

[2005-12-01 10:38 UTC] ramsey@php.net

Description:
------------
I think this is a known issue, but I'm placing it here for reference.

Passing a value of only HTML tags to input_get() crashes when using the default FS_STRING sanitizing filter.

Reproduce code:
---------------
URL:
http://example.org/test.php?foo=<p></p>

CODE:
<?php
var_dump(input_get(INPUT_GET, 'foo', FS_STRING));
?>

Expected result:
----------------
string(0) ""

-or-

NULL

Actual result:
--------------
From Apache's log:
[Thu Dec 01 15:37:04 2005] [notice] child pid 24775 exit signal Segmentation fault (11)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2005-12-01 10:46 UTC] ramsey@php.net

Here's a patch that corrects this issue:


Index: sanitizing_filters.c
===================================================================
RCS file: /repository/pecl/filter/sanitizing_filters.c,v
retrieving revision 1.5
diff -u -r1.5 sanitizing_filters.c
--- sanitizing_filters.c        15 Nov 2005 11:55:28 -0000      1.5
+++ sanitizing_filters.c        1 Dec 2005 15:45:19 -0000
@@ -178,6 +178,11 @@
        /* strip tags, implicitly also removes \0 chars */
        new_len = php_strip_tags(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NUL
L, 0);
        Z_STRLEN_P(value) = new_len;
+
+       if (new_len == 0) {
+               Z_TYPE_P(value) = IS_NULL;
+               return;
+       }
 
        if (! (flags & FILTER_FLAG_NO_ENCODE_QUOTES)) {
                /* encode ' and " to numerical entity */

[2005-12-01 11:24 UTC] sniper@php.net

This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 18:01:29 2024 UTC