php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70720 strip_tags improper php code parsing
Submitted: 2015-10-15 14:54 UTC Modified: 2016-02-02 09:42 UTC
From: admin at sinfocol dot org Assigned: jpauli (profile)
Status: Closed Package: Strings related
PHP Version: Irrelevant OS: Any
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: admin at sinfocol dot org
New email:
PHP Version: OS:

 

 [2015-10-15 14:54 UTC] admin at sinfocol dot org
Description:
------------
Hello,

The strip_tags function stop the processing of php code until the next ">" is found if the string "xml" is included within php tags.

Test script:
---------------
<?php

var_dump(strip_tags('<?php $dom->test(); ?> this is a test'));
var_dump(strip_tags('<?php $xml->test(); ?> this is a test'));

Expected result:
----------------
string(15) " this is a test"
string(15) " this is a test"

Actual result:
--------------
string(15) " this is a test"
string(25) "test(); ?> this is a test"

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-12-22 14:15 UTC] jpauli@php.net
-Type: Security +Type: Bug -Assigned To: +Assigned To: jpauli
 [2015-12-22 14:15 UTC] jpauli@php.net
Requalifying as non-security bug
 [2015-12-22 15:28 UTC] jpauli@php.net
Automatic comment on behalf of jpauli
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ff7ed9021cd72a7f82dd4301cdc266afdff458ad
Log: Fix #70720
 [2015-12-22 15:28 UTC] jpauli@php.net
-Status: Assigned +Status: Closed
 [2015-12-22 15:29 UTC] jpauli@php.net
Automatic comment on behalf of jpauli
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ff7ed9021cd72a7f82dd4301cdc266afdff458ad
Log: Fix #70720
 [2015-12-22 15:29 UTC] jpauli@php.net
Automatic comment on behalf of jpauli
Revision: http://git.php.net/?p=php-src.git;a=commit;h=ff7ed9021cd72a7f82dd4301cdc266afdff458ad
Log: Fix #70720
 [2015-12-22 15:35 UTC] jpauli@php.net
Thank you for your bug report. This issue has already been fixed
in the latest released version of PHP, which you can download at 
http://www.php.net/downloads.php

Fixed in next release , at ff7ed9021cd72a7f82dd4301cdc266afdff458ad
 [2016-01-06 14:35 UTC] tyrael@php.net
to clarify this fix will be in 5.6.18 as it was fixed after 5.6.17RC1 was tagged and released and as this isn't a security fix there is no reason to not let it go through a proper RC cycle.
 [2016-01-29 11:43 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=47af41b785f5b669b755a843ed081945f17989a3
Log: Revert &quot;Fix #70720&quot;
 [2016-02-02 04:46 UTC] stas@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=47af41b785f5b669b755a843ed081945f17989a3
Log: Revert &quot;Fix #70720&quot;
 [2016-02-02 09:42 UTC] jpauli@php.net
-Status: Closed +Status: Assigned
 [2016-02-02 17:17 UTC] jpauli@php.net
Automatic comment on behalf of jpauli
Revision: http://git.php.net/?p=php-src.git;a=commit;h=6b0b29edd6084699ae6690064c997b9bf44462d4
Log: Fix #70720
 [2016-02-02 17:17 UTC] jpauli@php.net
-Status: Assigned +Status: Closed
 [2016-02-02 17:23 UTC] jpauli@php.net
Will be part of 5.6.19, as we detected a BC in 5.6.18 about this patch, which then has been reworked.
 [2016-02-02 17:32 UTC] jpauli@php.net
Automatic comment on behalf of jpauli
Revision: http://git.php.net/?p=php-src.git;a=commit;h=15b1efeba88563a30978f7cafa15abd7cd85bc9e
Log: Revert &quot;Fix #70720&quot;
 [2016-03-28 08:33 UTC] samyabbas31 at gmail dot com
Hi, 
I still have a bug with the following code :

<?php 
[...]
scriptLog('   ->/view/main.php');
[...]
?>

parsing assumes php code stops with "->" in the scriptLog argument.

Regards,
Sam
 [2016-07-20 11:33 UTC] davey@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=47af41b785f5b669b755a843ed081945f17989a3
Log: Revert &quot;Fix #70720&quot;
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Oct 09 08:01:27 2024 UTC