php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #53755 FILTER_SANITIZE_STRING truncates string with unmatched <
Submitted: 2011-01-15 01:40 UTC Modified: 2011-01-18 14:02 UTC
From: pgarvin76 at gmail dot com Assigned:
Status: Not a bug Package: Filter related
PHP Version: 5.3.5 OS: Ubuntu/Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: pgarvin76 at gmail dot com
New email:
PHP Version: OS:

 

 [2011-01-15 01:40 UTC] pgarvin76 at gmail dot com
Description:
------------
If a string containing an unmatched "<" character is run through the FILTER_SANITIZE_STRING filter the string is truncated at the <.

The problem seems to stem from the last parameter in the call to php_strip_tags_ex(). That parameter tells php_strip_tags_ex() ignore spaces trailing "<" characters. I checked how php_strip_tags_ex() is called in the PHP function strip_tags() and it tells php_strip_tags_ex to allow spaced after a "<".

See ext/filter/santitizing_filters.c line 203 and ext/standard/string.c line 4023 in PHP 5.3.5.

Test script:
---------------
echo filter_var('four is < 6', FILTER_SANITIZE_STRING);

Expected result:
----------------
four is < 6

Actual result:
--------------
four is 

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-01-15 01:50 UTC] pgarvin76 at gmail dot com
The bugtracker would let me upload my diff so I created a Gist for it on Github.
https://gist.github.com/780577
I tested this solves the problem on 5.3.5.

Also here is a PHPT test for the bug.
https://gist.github.com/780574
 [2011-01-17 14:39 UTC] iliaa@php.net
The fix is not correct, since it would not change the fact that "four is <6" would 
return "four is "
 [2011-01-18 14:02 UTC] iliaa@php.net
-Status: Open +Status: Bogus
 [2011-01-18 14:02 UTC] iliaa@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Oct 06 01:01:27 2024 UTC