php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #7472 problem with strip_tags() function
Submitted: 2000-10-25 23:06 UTC Modified: 2002-09-21 12:39 UTC
Votes:2
Avg. Score:4.5 ± 0.5
Reproduced:0 of 0 (0.0%)
From: kjackson at gpu dot srv dot ualberta dot ca Assigned:
Status: Closed Package: Strings related
PHP Version: 4.3.0-dev OS: linux
Private report: No CVE-ID:
 [2000-10-25 23:06 UTC] kjackson at gpu dot srv dot ualberta dot ca
This bug causes strip_tags to stop stripping php tags, if your string contains the following in a <?php?> delimiter.

"title = \"([^\"]+)\""

Example:
echo strip_tags("
aghh1
<?PHP
		if (eregi(\"title = \\\"([^\\\"]+)\", $x, $y))
			echo \"foobar\";
?>
aghh2
");

will result in only aghh1 being reported when aghh2 should clearly be as well

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-10-25 23:09 UTC] kjackson at gpu dot srv dot ualberta dot ca
oops, did not escape dollar signs. Doing so does not effect results.
 [2001-02-10 15:14 UTC] jimw@php.net
it is the unbalanced quotes that causes this. smaller example:

<?php
echo strip_tags("first <?echo \"\\\"\"?> second");
?>

refiling against 4.0, although it would be nice if any fix were backported.

(or the behavior could be documented.)
 [2002-01-22 07:34 UTC] martin at humany dot com
Bug still exists in PHP 4.1.1, tested under Linux 2.4 and Windows XP with:

echo strip_tags("first <?echo \"\\\"\"?> second");
 [2002-01-22 07:54 UTC] yohgaki@php.net
Version updated
 [2002-07-29 09:16 UTC] nohn@php.net
Verified on Compaq Tru64/Alpha
 [2002-07-29 17:12 UTC] rodif_bl@php.net
looked at php_strip_tags, The state machine is tracking "'s, )'s and ('s. I don't know if this is necessary. Can fix by simply removing that code. Emailed dev list asking for any further info.
 [2002-09-19 20:54 UTC] iliaa@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-latest.zip

Cannot replicate the bug with latest CVS, using test case in the original report or subsequent reports.
 [2002-09-21 04:44 UTC] nohn@php.net
  $result_strip_tags = strip_tags("first <?echo \"\\\"\"?> second");
  echo "\n$result_strip_tags\n";

still results in

sebastian@linux:~> /usr/local/bin/php strip_tags.php

first
sebastian@linux:~>
 [2002-09-21 12:39 UTC] iliaa@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sat Apr 19 19:02:15 2014 UTC