|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2011-01-15 01:50 UTC] pgarvin76 at gmail dot com
[2011-01-17 14:39 UTC] iliaa@php.net
[2011-01-18 14:02 UTC] iliaa@php.net
-Status: Open
+Status: Bogus
[2011-01-18 14:02 UTC] iliaa@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Tue Oct 28 11:00:01 2025 UTC |
Description: ------------ If a string containing an unmatched "<" character is run through the FILTER_SANITIZE_STRING filter the string is truncated at the <. The problem seems to stem from the last parameter in the call to php_strip_tags_ex(). That parameter tells php_strip_tags_ex() ignore spaces trailing "<" characters. I checked how php_strip_tags_ex() is called in the PHP function strip_tags() and it tells php_strip_tags_ex to allow spaced after a "<". See ext/filter/santitizing_filters.c line 203 and ext/standard/string.c line 4023 in PHP 5.3.5. Test script: --------------- echo filter_var('four is < 6', FILTER_SANITIZE_STRING); Expected result: ---------------- four is < 6 Actual result: -------------- four is