PHP :: Bug #70042 :: FILTER_SANITIZE_STRING stripping out portion of string

Bug #70042	FILTER_SANITIZE_STRING stripping out portion of string
Submitted:	2015-07-10 14:17 UTC	Modified:	2015-07-10 15:36 UTC
From:	tom dot noel at lgh-usa dot com	Assigned:	cmb (profile)
Status:	Not a bug	Package:	*General Issues
PHP Version:	5.6.11	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	tom dot noel at lgh-usa dot com
New email:
PHP Version:		OS:

New Comment:

[2015-07-10 14:17 UTC] tom dot noel at lgh-usa dot com

Description:
------------
When running a basic query through the filter_var function using FILTER_SANITIZE_STRING and FILER_FLAG_NO_ENCODE_QUOTES a portion of my string is being stripped out that shouldn't be.

Test script:
---------------
$sql = "SELECT customer, kdaccount, expDateMonth, expDateYear, nameid FROM creditcard_main WHERE ((expDateYear = '2016' AND expDateMonth <= '01') OR (expDateYear >= '2015' AND expDateMonth >= '07')) AND cardStatus = '1' AND cardAuthorized = '1' ORDER BY kdaccount ASC LIMIT 0, 25";

$query = filter_var ($sql, FILTER_SANITIZE_STRING,
    FILTER_FLAG_NO_ENCODE_QUOTES);die;

Expected result:
----------------
Should be identical to original string:

$query = "SELECT customer, kdaccount, expDateMonth, expDateYear, nameid FROM creditcard_main WHERE ((expDateYear = '2016' AND expDateMonth <= '01') OR (expDateYear >= '2015' AND expDateMonth >= '07')) AND cardStatus = '1' AND cardAuthorized = '1' ORDER BY kdaccount ASC LIMIT 0, 25"

Actual result:
--------------
$query = "SELECT customer, kdaccount, expDateMonth, expDateYear, nameid FROM creditcard_main WHERE ((expDateYear = '2016' AND expDateMonth = '2015' AND expDateMonth >= '07')) AND cardStatus = '1' AND cardAuthorized = '1' ORDER BY kdaccount ASC LIMIT 0, 25"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-07-10 15:01 UTC] cmb@php.net

-Status: Open +Status: Verified -Operating System: Ubuntu +Operating System: *

[2015-07-10 15:01 UTC] cmb@php.net

Confirmed: <http://3v4l.org/KbRre>. Happens also on Windows.

[2015-07-10 15:36 UTC] cmb@php.net

-Status: Verified +Status: Not a bug -Assigned To: +Assigned To: cmb

[2015-07-10 15:36 UTC] cmb@php.net

Actually, this is not a bug. FILTER_SANITIZE_STRING strips all
potential tags, and the input string contains the following tag:

  <= '01') OR (expDateYear >

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Dec 26 18:01:31 2024 UTC