PHP :: Doc Bug #67554 :: FILTER_SANITIZE_STRING documentation should state that it strips the null byte

Doc Bug #67554	FILTER_SANITIZE_STRING documentation should state that it strips the null byte
Submitted:	2014-07-02 15:33 UTC	Modified:	2018-03-17 18:23 UTC
From:	malaimo923 at gmail dot com	Assigned:
Status:	Open	Package:	Filter related
PHP Version:	5.5.14	OS:	CentOS 6.5
Private report:	No	CVE-ID:	None

View Developer Edit

[2014-07-02 15:33 UTC] malaimo923 at gmail dot com

Description:
------------
When using the FILTER_SANITIZE_STRING filter on a string with a null byte, the null byte character will be removed.

Could this be added to the documentation?

http://php.net/manual/en/filter.filters.sanitize.php



Test script:
---------------
<?php

$a = array_map('chr', range(0,32));

for($i = 0; $i < 32; $i++) {
        if (strlen($a[$i]) != strlen(filter_var($a[$i], FILTER_SANITIZE_STRING))) {
                echo 'ASCII character '.$i." has been removed from the string\n";
        }
}


Expected result:
----------------
The function removes the null byte, this could be the intended functionality.

The PHP function strip_tags also removes the null byte and it is listed in the documentation.

Additionally when using the filter flag FILTER_FLAG_ENCODE_LOW the return value is instead the encoded version of the null byte &#0;

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2018-03-17 18:23 UTC] cmb@php.net

-Type: Feature/Change Request +Type: Documentation Problem -Package: filter +Package: Filter related

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Oct 31 09:00:01 2025 UTC