php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53755 FILTER_SANITIZE_STRING truncates string with unmatched <
Submitted: 2011-01-15 01:40 UTC Modified: 2011-01-18 14:02 UTC
From: pgarvin76 at gmail dot com Assigned:
Status: Not a bug Package: Filter related
PHP Version: 5.3.5 OS: Ubuntu/Linux
Private report: No CVE-ID: None
 [2011-01-15 01:40 UTC] pgarvin76 at gmail dot com
Description:
------------
If a string containing an unmatched "<" character is run through the FILTER_SANITIZE_STRING filter the string is truncated at the <.

The problem seems to stem from the last parameter in the call to php_strip_tags_ex(). That parameter tells php_strip_tags_ex() ignore spaces trailing "<" characters. I checked how php_strip_tags_ex() is called in the PHP function strip_tags() and it tells php_strip_tags_ex to allow spaced after a "<".

See ext/filter/santitizing_filters.c line 203 and ext/standard/string.c line 4023 in PHP 5.3.5.

Test script:
---------------
echo filter_var('four is < 6', FILTER_SANITIZE_STRING);

Expected result:
----------------
four is < 6

Actual result:
--------------
four is 

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-01-15 01:50 UTC] pgarvin76 at gmail dot com
The bugtracker would let me upload my diff so I created a Gist for it on Github.
https://gist.github.com/780577
I tested this solves the problem on 5.3.5.

Also here is a PHPT test for the bug.
https://gist.github.com/780574
 [2011-01-17 14:39 UTC] iliaa@php.net
The fix is not correct, since it would not change the fact that "four is <6" would 
return "four is "
 [2011-01-18 14:02 UTC] iliaa@php.net
-Status: Open +Status: Bogus
 [2011-01-18 14:02 UTC] iliaa@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 08:01:27 2024 UTC