php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #56687 Crash on HTML tags when using FS_STRING
Submitted: 2005-12-01 10:38 UTC Modified: 2005-12-01 11:24 UTC
From: ramsey@php.net Assigned: derick (profile)
Status: Closed Package: filter (PECL)
PHP Version: Irrelevant OS: Debian sarge
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: ramsey@php.net
New email:
PHP Version: OS:

 

 [2005-12-01 10:38 UTC] ramsey@php.net
Description:
------------
I think this is a known issue, but I'm placing it here for reference.

Passing a value of only HTML tags to input_get() crashes when using the default FS_STRING sanitizing filter.

Reproduce code:
---------------
URL:
http://example.org/test.php?foo=<p></p>

CODE:
<?php
var_dump(input_get(INPUT_GET, 'foo', FS_STRING));
?>

Expected result:
----------------
string(0) ""

-or-

NULL

Actual result:
--------------
From Apache's log:
[Thu Dec 01 15:37:04 2005] [notice] child pid 24775 exit signal Segmentation fault (11)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-12-01 10:46 UTC] ramsey@php.net
Here's a patch that corrects this issue:


Index: sanitizing_filters.c
===================================================================
RCS file: /repository/pecl/filter/sanitizing_filters.c,v
retrieving revision 1.5
diff -u -r1.5 sanitizing_filters.c
--- sanitizing_filters.c        15 Nov 2005 11:55:28 -0000      1.5
+++ sanitizing_filters.c        1 Dec 2005 15:45:19 -0000
@@ -178,6 +178,11 @@
        /* strip tags, implicitly also removes \0 chars */
        new_len = php_strip_tags(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NUL
L, 0);
        Z_STRLEN_P(value) = new_len;
+
+       if (new_len == 0) {
+               Z_TYPE_P(value) = IS_NULL;
+               return;
+       }
 
        if (! (flags & FILTER_FLAG_NO_ENCODE_QUOTES)) {
                /* encode ' and " to numerical entity */
 [2005-12-01 11:24 UTC] sniper@php.net
This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 20:01:28 2024 UTC