php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #67554 FILTER_SANITIZE_STRING documentation should state that it strips the null byte
Submitted: 2014-07-02 15:33 UTC Modified: 2018-03-17 18:23 UTC
From: malaimo923 at gmail dot com Assigned:
Status: Open Package: Filter related
PHP Version: 5.5.14 OS: CentOS 6.5
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: malaimo923 at gmail dot com
New email:
PHP Version: OS:

 

 [2014-07-02 15:33 UTC] malaimo923 at gmail dot com 
Description:
------------
When using the FILTER_SANITIZE_STRING filter on a string with a null byte, the null byte character will be removed.

Could this be added to the documentation?

http://php.net/manual/en/filter.filters.sanitize.php



Test script:
---------------
<?php

$a = array_map('chr', range(0,32));

for($i = 0; $i < 32; $i++) {
        if (strlen($a[$i]) != strlen(filter_var($a[$i], FILTER_SANITIZE_STRING))) {
                echo 'ASCII character '.$i." has been removed from the string\n";
        }
}


Expected result:
----------------
The function removes the null byte, this could be the intended functionality.

The PHP function strip_tags also removes the null byte and it is listed in the documentation.

Additionally when using the filter flag FILTER_FLAG_ENCODE_LOW the return value is instead the encoded version of the null byte &#0;

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-03-17 18:23 UTC] cmb@php.net
-Type: Feature/Change Request +Type: Documentation Problem -Package: filter +Package: Filter related
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Wed Dec 04 18:01:31 2024 UTC