php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80051 strip_tags clears string when starting with the lesser then or equal operator.
Submitted: 2020-09-03 17:10 UTC Modified: 2020-09-03 20:21 UTC
From: stefan at concera dot com Assigned:
Status: Not a bug Package: Strings related
PHP Version: 7.4.10 OS: Ubuntu 16.04.7 LTS x86_64
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: stefan at concera dot com
New email:
PHP Version: OS:

 

 [2020-09-03 17:10 UTC] stefan at concera dot com
Description:
------------
When executing the strip_tags function, using a string that starts with the lesser then or equal operator, it will be deleted...

I accidentally found this out when stripping tags of an array with values, used for a <select>-element. When I strip the string '<= (Less then or equal)', it will result into an empty string.

I also tried to add it to the $allowable_tags parameter, like this strip_tags('<= (Less then or equal)', '<=>'), but this doesn't seem to work either.

Test script:
---------------
<?php

    $array = [
        '= (Equal)',
        '!= (Not equal)',
        '> (Greater then)',
        '>= (Greater then or equal)',
        '< (Less then)',
        '<= (Less then or equal)',
    ];
              
    foreach( $array as $key => $value )
    {
        echo $key."\t=>\t".strip_tags($value)."\n";
    }

Expected result:
----------------
0	=>	= (Equal)
1	=>	!= (Not equal)
2	=>	> (Greater then)
3	=>	>= (Greater then or equal)
4	=>	< (Less then)
5	=>	<= (Less then or equal)


Actual result:
--------------
0	=>	= (Equal)
1	=>	!= (Not equal)
2	=>	> (Greater then)
3	=>	>= (Greater then or equal)
4	=>	< (Less then)
5	=>	


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2020-09-03 20:21 UTC] requinix@php.net
-Status: Open +Status: Not a bug
 [2020-09-03 20:21 UTC] requinix@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

https://www.php.net/manual/en/function.strip-tags.php
> Warning
> Because strip_tags() does not actually validate the HTML, partial or broken tags
> can result in the removal of more text/data than expected.

Don't use strip_tags() for HTML sanitization.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Mar 28 12:01:27 2024 UTC