php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #37898 strip_tags selectively strips allowed_tags
Submitted: 2006-06-23 02:53 UTC Modified: 2006-07-30 01:00 UTC
Votes:2
Avg. Score:3.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: admin at rcczone dot com Assigned:
Status: No Feedback Package: Strings related
PHP Version: 4.4.2 OS: Linux / Apache
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: admin at rcczone dot com
New email:
PHP Version: OS:

 

 [2006-06-23 02:53 UTC] admin at rcczone dot com 
Description:
------------
For some reason beyond my knowledge, the strip_tags function is selectively stripping allowed_tags. I have tested it against three relatively similar strings (all <embed> tags) and it passing on only one out of the three. The string and xhtml tags themselves are perfectly valid, and I have no clue why strip_tags is behaving in such a way.

Reproduce code:
---------------
echo strip_tags('<embed allowScriptAccess="never"   src="http://www.picturetrail.com/photoFlick/l_bookhorizontal.swf" name="photoFlick" FlashVars="img1=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756363.jpg&img2=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756370.jpg&img3=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756373.jpg&img4=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756375.jpg&img5=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756377.jpg&img6=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756379.jpg&img7=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756381.jpg&img8=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756384.jpg&img9=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756386.jpg&img10=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756388.jpg&img11=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756391.jpg&img12=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756394.jpg&img13=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756395.jpg&img14=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756397.jpg" loop="false" menu="false" quality="high" bgcolor="..ffffff" width="600" height="410" align="middle" allowScriptAccess="never" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer"></embed>','<embed>');

Expected result:
----------------
<embed allowScriptAccess="never"   src="http://www.picturetrail.com/photoFlick/l_bookhorizontal.swf" name="photoFlick" FlashVars="img1=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756363.jpg&img2=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756370.jpg&img3=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756373.jpg&img4=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756375.jpg&img5=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756377.jpg&img6=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756379.jpg&img7=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756381.jpg&img8=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756384.jpg&img9=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756386.jpg&img10=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756388.jpg&img11=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756391.jpg&img12=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756394.jpg&img13=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756395.jpg&img14=http://pic20.picturetrail.com:80/VOL1204/4617287/9809076/139756397.jpg" loop="false" menu="false" quality="high" bgcolor="..ffffff" width="600" height="410" align="middle" allowScriptAccess="never" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer"></embed>

Actual result:
--------------
</embed>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2006-07-22 12:15 UTC] sniper@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip
 [2006-07-30 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2007-06-20 14:10 UTC] vorandrew+php at gmail dot com 
Code:
=================
<?php
var_dump($data['Value']);
$text = trim(strip_tags($data['Value'],'<br><a><b><strong><i><em><u>'));
var_dump($text);
?>

Result:
=================
string(218) "Cliquez &quot;TELECHARGEZ MAINTENANT&quot; pour commencer l'instalation du logiciel de Casino Las Vegas<br />
<br />
<strong>Cliquez &agrave; nouveau sur &quot;Ouvrir (Run)&quot; (ou &quot;Ouvrir- Open&quot;).</strong>"
string(103) "Cliquez &quot;TELECHARGEZ MAINTENANT&quot; pour commencer l'instalation du logiciel de Casino Las Vegas"
 [2007-06-20 14:12 UTC] vorandrew+php at gmail dot com 
Linux IGMAPPSERV 2.6.18-4-686 #1 SMP Mon Mar 26 17:17:36 UTC 2007 i686 GNU/Linux

Packages
======================
ii  libapache2-mod-php5               5.2.0-8+etch4                   server-side, HTML-embedded scripting languag
ii  php-pear                          5.2.0-8+etch4                   PEAR - PHP Extension and Application Reposit
ii  php5                              5.2.0-8+etch4                   server-side, HTML-embedded scripting languag
ii  php5-cli                          5.2.0-8+etch4                   command-line interpreter for the php5 script
ii  php5-common                       5.2.0-8+etch4                   Common files for packages built from the php
ii  php5-dev                          5.2.0-8+etch4                   Files for PHP5 module development
ii  php5-gd                           5.2.0-8+etch4                   GD module for php5
ii  php5-imagick                      0.9.11+1-4.1                    ImageMagick module for php5
ii  php5-mysql                        5.2.0-8+etch4                   MySQL module for php5
ii  php5-sqlite                       5.2.0-8+etch4                   SQLite module for php5
ii  phpmyadmin                        2.9.1.1-3                       Administrate MySQL over the WWW
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 22:01:28 2024 UTC