|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2005-12-01 10:38 UTC] ramsey@php.net
Description: ------------ I think this is a known issue, but I'm placing it here for reference. Passing a value of only HTML tags to input_get() crashes when using the default FS_STRING sanitizing filter. Reproduce code: --------------- URL: http://example.org/test.php?foo=<p></p> CODE: <?php var_dump(input_get(INPUT_GET, 'foo', FS_STRING)); ?> Expected result: ---------------- string(0) "" -or- NULL Actual result: -------------- From Apache's log: [Thu Dec 01 15:37:04 2005] [notice] child pid 24775 exit signal Segmentation fault (11) PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Oct 25 02:00:01 2025 UTC |
Here's a patch that corrects this issue: Index: sanitizing_filters.c =================================================================== RCS file: /repository/pecl/filter/sanitizing_filters.c,v retrieving revision 1.5 diff -u -r1.5 sanitizing_filters.c --- sanitizing_filters.c 15 Nov 2005 11:55:28 -0000 1.5 +++ sanitizing_filters.c 1 Dec 2005 15:45:19 -0000 @@ -178,6 +178,11 @@ /* strip tags, implicitly also removes \0 chars */ new_len = php_strip_tags(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NUL L, 0); Z_STRLEN_P(value) = new_len; + + if (new_len == 0) { + Z_TYPE_P(value) = IS_NULL; + return; + } if (! (flags & FILTER_FLAG_NO_ENCODE_QUOTES)) { /* encode ' and " to numerical entity */