PHP :: Bug #70042 :: FILTER_SANITIZE_STRING stripping out portion of string

Bug #70042	FILTER_SANITIZE_STRING stripping out portion of string
Submitted:	2015-07-10 14:17 UTC	Modified:	2015-07-10 15:36 UTC
From:	tom dot noel at lgh-usa dot com	Assigned:	cmb (profile)
Status:	Not a bug	Package:	*General Issues
PHP Version:	5.6.11	OS:	*
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	tom dot noel at lgh-usa dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2015-07-10 14:17 UTC] tom dot noel at lgh-usa dot com

Description:
------------
When running a basic query through the filter_var function using FILTER_SANITIZE_STRING and FILER_FLAG_NO_ENCODE_QUOTES a portion of my string is being stripped out that shouldn't be.

Test script:
---------------
$sql = "SELECT customer, kdaccount, expDateMonth, expDateYear, nameid FROM creditcard_main WHERE ((expDateYear = '2016' AND expDateMonth <= '01') OR (expDateYear >= '2015' AND expDateMonth >= '07')) AND cardStatus = '1' AND cardAuthorized = '1' ORDER BY kdaccount ASC LIMIT 0, 25";

$query = filter_var ($sql, FILTER_SANITIZE_STRING,
    FILTER_FLAG_NO_ENCODE_QUOTES);die;

Expected result:
----------------
Should be identical to original string:

$query = "SELECT customer, kdaccount, expDateMonth, expDateYear, nameid FROM creditcard_main WHERE ((expDateYear = '2016' AND expDateMonth <= '01') OR (expDateYear >= '2015' AND expDateMonth >= '07')) AND cardStatus = '1' AND cardAuthorized = '1' ORDER BY kdaccount ASC LIMIT 0, 25"

Actual result:
--------------
$query = "SELECT customer, kdaccount, expDateMonth, expDateYear, nameid FROM creditcard_main WHERE ((expDateYear = '2016' AND expDateMonth = '2015' AND expDateMonth >= '07')) AND cardStatus = '1' AND cardAuthorized = '1' ORDER BY kdaccount ASC LIMIT 0, 25"

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-07-10 15:01 UTC] cmb@php.net

-Status: Open +Status: Verified -Operating System: Ubuntu +Operating System: *

[2015-07-10 15:01 UTC] cmb@php.net

Confirmed: <http://3v4l.org/KbRre>. Happens also on Windows.

[2015-07-10 15:36 UTC] cmb@php.net

-Status: Verified +Status: Not a bug -Assigned To: +Assigned To: cmb

[2015-07-10 15:36 UTC] cmb@php.net

Actually, this is not a bug. FILTER_SANITIZE_STRING strips all
potential tags, and the input string contains the following tag:

  <= '01') OR (expDateYear >

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun May 19 03:01:33 2024 UTC