|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #7472 problem with strip_tags() function
Submitted: 2000-10-25 23:06 UTC Modified: 2002-09-21 12:39 UTC
Avg. Score:4.5 ± 0.5
Reproduced:0 of 0 (0.0%)
From: kjackson at gpu dot srv dot ualberta dot ca Assigned:
Status: Closed Package: Strings related
PHP Version: 4.3.0-dev OS: linux
Private report: No CVE-ID:
 [2000-10-25 23:06 UTC] kjackson at gpu dot srv dot ualberta dot ca
This bug causes strip_tags to stop stripping php tags, if your string contains the following in a <?php?> delimiter.

"title = \"([^\"]+)\""

echo strip_tags("
		if (eregi(\"title = \\\"([^\\\"]+)\", $x, $y))
			echo \"foobar\";

will result in only aghh1 being reported when aghh2 should clearly be as well


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2000-10-25 23:09 UTC] kjackson at gpu dot srv dot ualberta dot ca
oops, did not escape dollar signs. Doing so does not effect results.
 [2001-02-10 15:14 UTC]
it is the unbalanced quotes that causes this. smaller example:

echo strip_tags("first <?echo \"\\\"\"?> second");

refiling against 4.0, although it would be nice if any fix were backported.

(or the behavior could be documented.)
 [2002-01-22 07:34 UTC] martin at humany dot com
Bug still exists in PHP 4.1.1, tested under Linux 2.4 and Windows XP with:

echo strip_tags("first <?echo \"\\\"\"?> second");
 [2002-01-22 07:54 UTC]
Version updated
 [2002-07-29 09:16 UTC]
Verified on Compaq Tru64/Alpha
 [2002-07-29 17:12 UTC]
looked at php_strip_tags, The state machine is tracking "'s, )'s and ('s. I don't know if this is necessary. Can fix by simply removing that code. Emailed dev list asking for any further info.
 [2002-09-19 20:54 UTC]
Please try using this CVS snapshot:
For Windows:

Cannot replicate the bug with latest CVS, using test case in the original report or subsequent reports.
 [2002-09-21 04:44 UTC]
  $result_strip_tags = strip_tags("first <?echo \"\\\"\"?> second");
  echo "\n$result_strip_tags\n";

still results in

sebastian@linux:~> /usr/local/bin/php strip_tags.php

 [2002-09-21 12:39 UTC]
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at
In case this was a documentation problem, the fix will show up soon at

In case this was a website problem, the change will show
up on the site and on the mirror sites in short time.
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sun Oct 04 19:01:34 2015 UTC