|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
Patch striptags.diff for Strings related Bug #23723Patch version 2011-01-09 20:41 UTC Return to Bug #23723 | Download this patchThis patch is obsolete Obsoleted by patches: Patch Revisions:Developer: jthijssen@noxlogic.nl
Index: ext/standard/string.c
===================================================================
--- ext/standard/string.c (revision 307135)
+++ ext/standard/string.c (working copy)
@@ -3996,7 +3996,7 @@
}
/* }}} */
-/* {{{ proto string strip_tags(string str [, string allowable_tags])
+/* {{{ proto string strip_tags(string str [, string allowable_tags] [, bool whitelist])
Strips HTML and PHP tags from a string */
PHP_FUNCTION(strip_tags)
{
@@ -4004,11 +4004,12 @@
char *str;
zval **allow=NULL;
char *allowed_tags=NULL;
+ zend_bool whitelist=1;
int allowed_tags_len=0;
int str_len;
size_t retval_len;
- if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|Z", &str, &str_len, &allow) == FAILURE) {
+ if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|Zb", &str, &str_len, &allow, &whitelist) == FAILURE) {
return;
}
@@ -4020,7 +4021,7 @@
}
buf = estrndup(str, str_len);
- retval_len = php_strip_tags_ex(buf, str_len, NULL, allowed_tags, allowed_tags_len, 0);
+ retval_len = php_strip_tags_ex(buf, str_len, NULL, allowed_tags, allowed_tags_len, 0, whitelist);
RETURN_STRINGL(buf, retval_len, 0);
}
/* }}} */
@@ -4235,9 +4236,9 @@
}
/* }}} */
-PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, int allow_len) /* {{{ */
+PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, int allow_len, int whitelist) /* {{{ */
{
- return php_strip_tags_ex(rbuf, len, stateptr, allow, allow_len, 0);
+ return php_strip_tags_ex(rbuf, len, stateptr, allow, allow_len, 0, whitelist);
}
/* }}} */
@@ -4258,10 +4259,17 @@
in state 1 and when the tag is closed check it against the
allow string to see if we should allow it.
+ When whitelist is true (default value), it will allow only the
+ tags stated in the allow string.
+
+ When whitelist is false, it will leave all tags alone EXCEPT the
+ tags that that are inside the allow-list in effect making the
+ 'allow' parameter a blacklist
+
swm: Added ability to strip <?xml tags without assuming it PHP
code.
*/
-PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, int allow_len, zend_bool allow_tag_spaces)
+PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, int allow_len, zend_bool allow_tag_spaces, zend_bool whitelist)
{
char *tbuf, *buf, *p, *tp, *rp, c, lc;
int br, i=0, depth=0, in_q = 0;
@@ -4369,7 +4377,7 @@
}
*(tp++) = '>';
*tp='\0';
- if (php_tag_find(tbuf, tp-tbuf, allow)) {
+ if (! (php_tag_find(tbuf, tp-tbuf, allow) ^ whitelist) ) {
memcpy(rp, tbuf, tp-tbuf);
rp += tp-tbuf;
}
Index: ext/standard/tests/strings/strip_tags_variation4.phpt
===================================================================
--- ext/standard/tests/strings/strip_tags_variation4.phpt (revision 307135)
+++ ext/standard/tests/strings/strip_tags_variation4.phpt (working copy)
@@ -4,7 +4,7 @@
short_open_tag = on
--FILE--
<?php
-/* Prototype : string strip_tags(string $str [, string $allowable_tags])
+/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist])
* Description: Strips HTML and PHP tags from a string
* Source code: ext/standard/string.c
*/
@@ -33,6 +33,7 @@
//valid html and php tags
$quotes = "<p><a><?php<html>";
+$quotes2 = "<p><a>";
//loop through the various elements of strings array to test strip_tags() functionality
$iterator = 1;
@@ -40,6 +41,7 @@
{
echo "-- Iteration $iterator --\n";
var_dump( strip_tags($string_value, $quotes) );
+ var_dump( strip_tags($string_value, $quotes2, false) );
$iterator++;
}
@@ -49,26 +51,38 @@
*** Testing strip_tags() : usage variations ***
-- Iteration 1 --
string(32) "hello world... strip_tags_test"
+string(54) "<abc>hello</abc> world... <ppp>strip_tags_test</ppp>"
-- Iteration 2 --
string(34) "hello \t\tworld... strip_tags_test"
+string(56) "<abc>hello</abc> \t\tworld... <ppp>strip_tags_test</ppp>"
-- Iteration 3 --
string(0) ""
+string(22) "<%?php hello world?%>"
-- Iteration 4 --
string(0) ""
+string(23) "<%?php hello\t world?%>"
-- Iteration 5 --
string(18) "<htmL>hello</htmL>"
+string(18) "<htmL>hello</htmL>"
-- Iteration 6 --
string(18) "<htmL>hello</htmL>"
+string(18) "<htmL>hello</htmL>"
-- Iteration 7 --
string(9) "HtMl text"
+string(18) "<a.>HtMl text</.a>"
-- Iteration 8 --
string(9) "HtMl text"
+string(18) "<a.>HtMl text</.a>"
-- Iteration 9 --
string(26) "I am not a valid html text"
+string(37) "<nnn>I am not a valid html text</nnn>"
-- Iteration 10 --
string(26) "I am not a valid html text"
+string(37) "<nnn>I am not a valid html text</nnn>"
-- Iteration 11 --
string(62) "I am a quoted (") string with special chars like $,\!,\@,\%,\&"
+string(73) "<nnn>I am a quoted (") string with special chars like $,\!,\@,\%,\&</nnn>"
-- Iteration 12 --
string(64) "I am a quoted (\") string with special chars like \$,\!,\@,\%,\&"
+string(75) "<nnn>I am a quoted (\") string with special chars like \$,\!,\@,\%,\&</nnn>"
Done
Index: ext/standard/tests/strings/strip_tags_error.phpt
===================================================================
--- ext/standard/tests/strings/strip_tags_error.phpt (revision 307135)
+++ ext/standard/tests/strings/strip_tags_error.phpt (working copy)
@@ -4,7 +4,7 @@
short_open_tag = on
--FILE--
<?php
-/* Prototype : string strip_tags(string $str [, string $allowable_tags])
+/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist])
* Description: Strips HTML and PHP tags from a string
* Source code: ext/standard/string.c
*/
@@ -20,8 +20,9 @@
echo "\n-- Testing strip_tags() function with more than expected no. of arguments --\n";
$str = "<html>hello</html>";
$allowable_tags = "<html>";
+$keep_mode = true;
$extra_arg = 10;
-var_dump( strip_tags($str, $allowable_tags, $extra_arg) );
+var_dump( strip_tags($str, $allowable_tags, $keep_mode, $extra_arg) );
echo "Done";
?>
@@ -35,6 +36,6 @@
-- Testing strip_tags() function with more than expected no. of arguments --
-Warning: strip_tags() expects at most 2 parameters, 3 given in %s on line %d
+Warning: strip_tags() expects at most 3 parameters, 4 given in %s on line %d
NULL
Done
Index: ext/standard/tests/strings/strip_tags_variation6.phpt
===================================================================
--- ext/standard/tests/strings/strip_tags_variation6.phpt (revision 307135)
+++ ext/standard/tests/strings/strip_tags_variation6.phpt (working copy)
@@ -4,7 +4,7 @@
short_open_tag = on
--FILE--
<?php
-/* Prototype : string strip_tags(string $str [, string $allowable_tags])
+/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist])
* Description: Strips HTML and PHP tags from a string
* Source code: ext/standard/string.c
*/
@@ -29,6 +29,8 @@
{
echo "-- Iteration $iterator --\n";
var_dump( strip_tags($value) );
+ var_dump( strip_tags($value, '<html>', false) );
+ var_dump( strip_tags($value, '<html>', true) );
$iterator++;
}
@@ -38,10 +40,18 @@
*** Testing strip_tags() : usage variations ***
-- Iteration 1 --
string(18) " I am html string "
+string(18) " I am html string "
+string(31) "<html> I am html string </html>"
-- Iteration 2 --
string(18) " I am html string "
+string(18) " I am html string "
+string(31) "<html> I am html string </html>"
-- Iteration 3 --
string(16) "I am html string"
+string(23) "<a>I am html string</a>"
+string(16) "I am html string"
-- Iteration 4 --
string(23) "I am html string1000001"
+string(23) "I am html string1000001"
+string(36) "<html>I am html string</html>1000001"
Done
Index: ext/standard/tests/strings/strip_tags_basic1.phpt
===================================================================
--- ext/standard/tests/strings/strip_tags_basic1.phpt (revision 307135)
+++ ext/standard/tests/strings/strip_tags_basic1.phpt (working copy)
@@ -4,7 +4,7 @@
short_open_tag = on
--FILE--
<?php
-/* Prototype : string strip_tags(string $str [, string $allowable_tags])
+/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist])
* Description: Strips HTML and PHP tags from a string
* Source code: ext/standard/string.c
*/
Index: ext/standard/tests/strings/strip_tags_variation7.phpt
===================================================================
--- ext/standard/tests/strings/strip_tags_variation7.phpt (revision 307135)
+++ ext/standard/tests/strings/strip_tags_variation7.phpt (working copy)
@@ -4,7 +4,7 @@
short_open_tag = on
--FILE--
<?php
-/* Prototype : string strip_tags(string $str [, string $allowable_tags])
+/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist])
* Description: Strips HTML and PHP tags from a string
* Source code: ext/standard/string.c
*/
@@ -38,6 +38,7 @@
{
echo "-- Iteration $iterator --\n";
var_dump( strip_tags($string_value, $quotes) );
+ var_dump( strip_tags($string_value, $quotes, false) );
$iterator++;
}
@@ -47,26 +48,38 @@
*** Testing strip_tags() : usage variations ***
-- Iteration 1 --
string(43) "<abc>hello</abc> world... strip_tags_test"
+string(43) "hello world... <ppp>strip_tags_test</ppp>"
-- Iteration 2 --
string(45) "<abc>hello</abc> \t\tworld... strip_tags_test"
+string(45) "hello \t\tworld... <ppp>strip_tags_test</ppp>"
-- Iteration 3 --
string(0) ""
+string(22) "<%?php hello world?%>"
-- Iteration 4 --
string(0) ""
+string(23) "<%?php hello\t world?%>"
-- Iteration 5 --
string(18) "<htmL>hello</htmL>"
+string(5) "hello"
-- Iteration 6 --
string(18) "<htmL>hello</htmL>"
+string(5) "hello"
-- Iteration 7 --
string(9) "HtMl text"
+string(18) "<a.>HtMl text</.a>"
-- Iteration 8 --
string(9) "HtMl text"
+string(18) "<a.>HtMl text</.a>"
-- Iteration 9 --
string(37) "<nnn>I am not a valid html text</nnn>"
+string(26) "I am not a valid html text"
-- Iteration 10 --
string(37) "<nnn>I am not a valid html text</nnn>"
+string(26) "I am not a valid html text"
-- Iteration 11 --
string(73) "<nnn>I am a quoted (") string with special chars like $,\!,\@,\%,\&</nnn>"
+string(62) "I am a quoted (") string with special chars like $,\!,\@,\%,\&"
-- Iteration 12 --
string(75) "<nnn>I am a quoted (\") string with special chars like \$,\!,\@,\%,\&</nnn>"
+string(64) "I am a quoted (\") string with special chars like \$,\!,\@,\%,\&"
Done
Index: ext/standard/tests/strings/strip_tags_variation1.phpt
===================================================================
--- ext/standard/tests/strings/strip_tags_variation1.phpt (revision 307135)
+++ ext/standard/tests/strings/strip_tags_variation1.phpt (working copy)
@@ -4,7 +4,7 @@
set short_open_tag = on
--FILE--
<?php
-/* Prototype : string strip_tags(string $str [, string $allowable_tags])
+/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist])
* Description: Strips HTML and PHP tags from a string
* Source code: ext/standard/string.c
*/
@@ -156,4 +156,4 @@
Warning: strip_tags() expects parameter 1 to be string, resource given in %s on line %d
NULL
-===DONE===
\ No newline at end of file
+===DONE===
Index: ext/standard/tests/strings/strip_tags_basic2.phpt
===================================================================
--- ext/standard/tests/strings/strip_tags_basic2.phpt (revision 307135)
+++ ext/standard/tests/strings/strip_tags_basic2.phpt (working copy)
@@ -4,7 +4,7 @@
short_open_tag = on
--FILE--
<?php
-/* Prototype : string strip_tags(string $str [, string $allowable_tags])
+/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist])
* Description: Strips HTML and PHP tags from a string
* Source code: ext/standard/string.c
*/
Index: ext/standard/tests/strings/strip_tags_variation2.phpt
===================================================================
--- ext/standard/tests/strings/strip_tags_variation2.phpt (revision 307135)
+++ ext/standard/tests/strings/strip_tags_variation2.phpt (working copy)
@@ -4,7 +4,7 @@
short_open_tag = on
--FILE--
<?php
-/* Prototype : string strip_tags(string $str [, string $allowable_tags])
+/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist])
* Description: Strips HTML and PHP tags from a string
* Source code: ext/standard/string.c
*/
Index: ext/standard/tests/strings/strip_tags_variation3.phpt
===================================================================
--- ext/standard/tests/strings/strip_tags_variation3.phpt (revision 307135)
+++ ext/standard/tests/strings/strip_tags_variation3.phpt (working copy)
@@ -4,7 +4,7 @@
set short_open_tag = on
--FILE--
<?php
-/* Prototype : string strip_tags(string $str [, string $allowable_tags])
+/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist])
* Description: Strips HTML and PHP tags from a string
* Source code: ext/standard/string.c
*/
@@ -156,4 +156,4 @@
Warning: strip_tags() expects parameter 1 to be string, resource given in %s on line %d
NULL
-===DONE===
\ No newline at end of file
+===DONE===
Index: ext/standard/tests/strings/strip_tags_variation10.phpt
===================================================================
--- ext/standard/tests/strings/strip_tags_variation10.phpt (revision 307135)
+++ ext/standard/tests/strings/strip_tags_variation10.phpt (working copy)
@@ -4,7 +4,7 @@
short_open_tag = on
--FILE--
<?php
-/* Prototype : string strip_tags(string $str [, string $allowable_tags])
+/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist])
* Description: Strips HTML and PHP tags from a string
* Source code: ext/standard/string.c
*/
@@ -26,6 +26,7 @@
);
$quotes = "<html><a><p><b><?php";
+$quotes2 = "<a><b><?php";
//loop through the various elements of strings array to test strip_tags() functionality
$iterator = 1;
@@ -33,6 +34,7 @@
{
echo "-- Iteration $iterator --\n";
var_dump( strip_tags($string_value, $quotes) );
+ var_dump( strip_tags($string_value, $quotes2, false) );
$iterator++;
}
@@ -42,14 +44,20 @@
*** Testing strip_tags() : usage variations ***
-- Iteration 1 --
string(51) "<html> \$ -> This represents the dollar sign</html>"
+string(51) "<html> \$ -> This represents the dollar sign</html>"
-- Iteration 2 --
string(63) "<html>\t\r\v The quick brown fo\fx jumped over the lazy dog</p>"
+string(63) "<html>\t\r\v The quick brown fo\fx jumped over the lazy dog</p>"
-- Iteration 3 --
string(31) "<a>This is a hyper text tag</a>"
+string(24) "This is a hyper text tag"
-- Iteration 4 --
string(0) ""
+string(0) ""
-- Iteration 5 --
string(26) "<p>This is a paragraph</p>"
+string(26) "<p>This is a paragraph</p>"
-- Iteration 6 --
string(65) "<b>This is \ta text in bold letters\r\s\malong with slashes\n</b>"
+string(58) "This is \ta text in bold letters\r\s\malong with slashes\n"
Done
Index: ext/standard/filters.c
===================================================================
--- ext/standard/filters.c (revision 307135)
+++ ext/standard/filters.c (working copy)
@@ -217,7 +217,7 @@
bucket = php_stream_bucket_make_writeable(buckets_in->head TSRMLS_CC);
consumed = bucket->buflen;
- bucket->buflen = php_strip_tags(bucket->buf, bucket->buflen, &(inst->state), (char *)inst->allowed_tags, inst->allowed_tags_len);
+ bucket->buflen = php_strip_tags(bucket->buf, bucket->buflen, &(inst->state), (char *)inst->allowed_tags, inst->allowed_tags_len, 1);
php_stream_bucket_append(buckets_out, bucket TSRMLS_CC);
}
Index: ext/standard/file.c
===================================================================
--- ext/standard/file.c (revision 307135)
+++ ext/standard/file.c (working copy)
@@ -1203,7 +1203,7 @@
RETURN_FALSE;
}
- retval_len = php_strip_tags(retval, actual_len, &stream->fgetss_state, allowed_tags, allowed_tags_len);
+ retval_len = php_strip_tags(retval, actual_len, &stream->fgetss_state, allowed_tags, allowed_tags_len, 1);
RETURN_STRINGL(retval, retval_len, 0);
}
Index: ext/standard/php_string.h
===================================================================
--- ext/standard/php_string.h (revision 307135)
+++ ext/standard/php_string.h (working copy)
@@ -133,8 +133,8 @@
PHPAPI char *php_str_to_str(char *haystack, int length, char *needle,
int needle_len, char *str, int str_len, int *_new_length);
PHPAPI char *php_trim(char *c, int len, char *what, int what_len, zval *return_value, int mode TSRMLS_DC);
-PHPAPI size_t php_strip_tags(char *rbuf, int len, int *state, char *allow, int allow_len);
-PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, int allow_len, zend_bool allow_tag_spaces);
+PHPAPI size_t php_strip_tags(char *rbuf, int len, int *state, char *allow, int allow_len, int whitelist);
+PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, int allow_len, zend_bool allow_tag_spaces, zend_bool whitelist);
PHPAPI int php_char_to_str_ex(char *str, uint len, char from, char *to, int to_len, zval *result, int case_sensitivity, int *replace_count);
PHPAPI int php_char_to_str(char *str, uint len, char from, char *to, int to_len, zval *result);
PHPAPI void php_implode(zval *delim, zval *arr, zval *return_value TSRMLS_DC);
Index: ext/filter/sanitizing_filters.c
===================================================================
--- ext/filter/sanitizing_filters.c (revision 307135)
+++ ext/filter/sanitizing_filters.c (working copy)
@@ -200,7 +200,7 @@
php_filter_encode_html(value, enc);
/* strip tags, implicitly also removes \0 chars */
- new_len = php_strip_tags_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NULL, 0, 1);
+ new_len = php_strip_tags_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NULL, 0, 1, 1);
Z_STRLEN_P(value) = new_len;
if (new_len == 0) {
Index: README.input_filter
===================================================================
--- README.input_filter (revision 307135)
+++ README.input_filter (working copy)
@@ -142,7 +142,7 @@
php_register_variable_ex(raw_var, &new_var, array_ptr TSRMLS_DC);
- php_strip_tags(*val, val_len, NULL, NULL, 0);
+ php_strip_tags(*val, val_len, NULL, NULL, 0, 1);
*new_val_len = strlen(*val);
return 1;
|
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Nov 15 06:00:01 2025 UTC |