PHP :: Bug #53755 :: FILTER_SANITIZE_STRING truncates string with unmatched <

Bug #53755	FILTER_SANITIZE_STRING truncates string with unmatched <
Submitted:	2011-01-15 01:40 UTC	Modified:	2011-01-18 14:02 UTC
From:	pgarvin76 at gmail dot com	Assigned:
Status:	Not a bug	Package:	Filter related
PHP Version:	5.3.5	OS:	Ubuntu/Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	pgarvin76 at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2011-01-15 01:40 UTC] pgarvin76 at gmail dot com

Description:
------------
If a string containing an unmatched "<" character is run through the FILTER_SANITIZE_STRING filter the string is truncated at the <.

The problem seems to stem from the last parameter in the call to php_strip_tags_ex(). That parameter tells php_strip_tags_ex() ignore spaces trailing "<" characters. I checked how php_strip_tags_ex() is called in the PHP function strip_tags() and it tells php_strip_tags_ex to allow spaced after a "<".

See ext/filter/santitizing_filters.c line 203 and ext/standard/string.c line 4023 in PHP 5.3.5.

Test script:
---------------
echo filter_var('four is < 6', FILTER_SANITIZE_STRING);

Expected result:
----------------
four is < 6

Actual result:
--------------
four is

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-01-15 01:50 UTC] pgarvin76 at gmail dot com

The bugtracker would let me upload my diff so I created a Gist for it on Github.
https://gist.github.com/780577
I tested this solves the problem on 5.3.5.

Also here is a PHPT test for the bug.
https://gist.github.com/780574

[2011-01-17 14:39 UTC] iliaa@php.net

The fix is not correct, since it would not change the fact that "four is <6" would 
return "four is "

[2011-01-18 14:02 UTC] iliaa@php.net

-Status: Open +Status: Bogus

[2011-01-18 14:02 UTC] iliaa@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Feb 16 09:01:28 2025 UTC