php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login | |
Patch striptags.diff for Strings related Bug #23723Patch version 2011-01-09 20:41 UTC Return to Bug #23723 | Download this patchThis patch is obsolete Obsoleted by patches: Patch Revisions:Developer: jthijssen@noxlogic.nlIndex: ext/standard/string.c =================================================================== --- ext/standard/string.c (revision 307135) +++ ext/standard/string.c (working copy) @@ -3996,7 +3996,7 @@ } /* }}} */ -/* {{{ proto string strip_tags(string str [, string allowable_tags]) +/* {{{ proto string strip_tags(string str [, string allowable_tags] [, bool whitelist]) Strips HTML and PHP tags from a string */ PHP_FUNCTION(strip_tags) { @@ -4004,11 +4004,12 @@ char *str; zval **allow=NULL; char *allowed_tags=NULL; + zend_bool whitelist=1; int allowed_tags_len=0; int str_len; size_t retval_len; - if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|Z", &str, &str_len, &allow) == FAILURE) { + if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|Zb", &str, &str_len, &allow, &whitelist) == FAILURE) { return; } @@ -4020,7 +4021,7 @@ } buf = estrndup(str, str_len); - retval_len = php_strip_tags_ex(buf, str_len, NULL, allowed_tags, allowed_tags_len, 0); + retval_len = php_strip_tags_ex(buf, str_len, NULL, allowed_tags, allowed_tags_len, 0, whitelist); RETURN_STRINGL(buf, retval_len, 0); } /* }}} */ @@ -4235,9 +4236,9 @@ } /* }}} */ -PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, int allow_len) /* {{{ */ +PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, int allow_len, int whitelist) /* {{{ */ { - return php_strip_tags_ex(rbuf, len, stateptr, allow, allow_len, 0); + return php_strip_tags_ex(rbuf, len, stateptr, allow, allow_len, 0, whitelist); } /* }}} */ @@ -4258,10 +4259,17 @@ in state 1 and when the tag is closed check it against the allow string to see if we should allow it. + When whitelist is true (default value), it will allow only the + tags stated in the allow string. + + When whitelist is false, it will leave all tags alone EXCEPT the + tags that that are inside the allow-list in effect making the + 'allow' parameter a blacklist + swm: Added ability to strip <?xml tags without assuming it PHP code. */ -PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, int allow_len, zend_bool allow_tag_spaces) +PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, int allow_len, zend_bool allow_tag_spaces, zend_bool whitelist) { char *tbuf, *buf, *p, *tp, *rp, c, lc; int br, i=0, depth=0, in_q = 0; @@ -4369,7 +4377,7 @@ } *(tp++) = '>'; *tp='\0'; - if (php_tag_find(tbuf, tp-tbuf, allow)) { + if (! (php_tag_find(tbuf, tp-tbuf, allow) ^ whitelist) ) { memcpy(rp, tbuf, tp-tbuf); rp += tp-tbuf; } Index: ext/standard/tests/strings/strip_tags_variation4.phpt =================================================================== --- ext/standard/tests/strings/strip_tags_variation4.phpt (revision 307135) +++ ext/standard/tests/strings/strip_tags_variation4.phpt (working copy) @@ -4,7 +4,7 @@ short_open_tag = on --FILE-- <?php -/* Prototype : string strip_tags(string $str [, string $allowable_tags]) +/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist]) * Description: Strips HTML and PHP tags from a string * Source code: ext/standard/string.c */ @@ -33,6 +33,7 @@ //valid html and php tags $quotes = "<p><a><?php<html>"; +$quotes2 = "<p><a>"; //loop through the various elements of strings array to test strip_tags() functionality $iterator = 1; @@ -40,6 +41,7 @@ { echo "-- Iteration $iterator --\n"; var_dump( strip_tags($string_value, $quotes) ); + var_dump( strip_tags($string_value, $quotes2, false) ); $iterator++; } @@ -49,26 +51,38 @@ *** Testing strip_tags() : usage variations *** -- Iteration 1 -- string(32) "hello world... strip_tags_test" +string(54) "<abc>hello</abc> world... <ppp>strip_tags_test</ppp>" -- Iteration 2 -- string(34) "hello \t\tworld... strip_tags_test" +string(56) "<abc>hello</abc> \t\tworld... <ppp>strip_tags_test</ppp>" -- Iteration 3 -- string(0) "" +string(22) "<%?php hello world?%>" -- Iteration 4 -- string(0) "" +string(23) "<%?php hello\t world?%>" -- Iteration 5 -- string(18) "<htmL>hello</htmL>" +string(18) "<htmL>hello</htmL>" -- Iteration 6 -- string(18) "<htmL>hello</htmL>" +string(18) "<htmL>hello</htmL>" -- Iteration 7 -- string(9) "HtMl text" +string(18) "<a.>HtMl text</.a>" -- Iteration 8 -- string(9) "HtMl text" +string(18) "<a.>HtMl text</.a>" -- Iteration 9 -- string(26) "I am not a valid html text" +string(37) "<nnn>I am not a valid html text</nnn>" -- Iteration 10 -- string(26) "I am not a valid html text" +string(37) "<nnn>I am not a valid html text</nnn>" -- Iteration 11 -- string(62) "I am a quoted (") string with special chars like $,\!,\@,\%,\&" +string(73) "<nnn>I am a quoted (") string with special chars like $,\!,\@,\%,\&</nnn>" -- Iteration 12 -- string(64) "I am a quoted (\") string with special chars like \$,\!,\@,\%,\&" +string(75) "<nnn>I am a quoted (\") string with special chars like \$,\!,\@,\%,\&</nnn>" Done Index: ext/standard/tests/strings/strip_tags_error.phpt =================================================================== --- ext/standard/tests/strings/strip_tags_error.phpt (revision 307135) +++ ext/standard/tests/strings/strip_tags_error.phpt (working copy) @@ -4,7 +4,7 @@ short_open_tag = on --FILE-- <?php -/* Prototype : string strip_tags(string $str [, string $allowable_tags]) +/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist]) * Description: Strips HTML and PHP tags from a string * Source code: ext/standard/string.c */ @@ -20,8 +20,9 @@ echo "\n-- Testing strip_tags() function with more than expected no. of arguments --\n"; $str = "<html>hello</html>"; $allowable_tags = "<html>"; +$keep_mode = true; $extra_arg = 10; -var_dump( strip_tags($str, $allowable_tags, $extra_arg) ); +var_dump( strip_tags($str, $allowable_tags, $keep_mode, $extra_arg) ); echo "Done"; ?> @@ -35,6 +36,6 @@ -- Testing strip_tags() function with more than expected no. of arguments -- -Warning: strip_tags() expects at most 2 parameters, 3 given in %s on line %d +Warning: strip_tags() expects at most 3 parameters, 4 given in %s on line %d NULL Done Index: ext/standard/tests/strings/strip_tags_variation6.phpt =================================================================== --- ext/standard/tests/strings/strip_tags_variation6.phpt (revision 307135) +++ ext/standard/tests/strings/strip_tags_variation6.phpt (working copy) @@ -4,7 +4,7 @@ short_open_tag = on --FILE-- <?php -/* Prototype : string strip_tags(string $str [, string $allowable_tags]) +/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist]) * Description: Strips HTML and PHP tags from a string * Source code: ext/standard/string.c */ @@ -29,6 +29,8 @@ { echo "-- Iteration $iterator --\n"; var_dump( strip_tags($value) ); + var_dump( strip_tags($value, '<html>', false) ); + var_dump( strip_tags($value, '<html>', true) ); $iterator++; } @@ -38,10 +40,18 @@ *** Testing strip_tags() : usage variations *** -- Iteration 1 -- string(18) " I am html string " +string(18) " I am html string " +string(31) "<html> I am html string </html>" -- Iteration 2 -- string(18) " I am html string " +string(18) " I am html string " +string(31) "<html> I am html string </html>" -- Iteration 3 -- string(16) "I am html string" +string(23) "<a>I am html string</a>" +string(16) "I am html string" -- Iteration 4 -- string(23) "I am html string1000001" +string(23) "I am html string1000001" +string(36) "<html>I am html string</html>1000001" Done Index: ext/standard/tests/strings/strip_tags_basic1.phpt =================================================================== --- ext/standard/tests/strings/strip_tags_basic1.phpt (revision 307135) +++ ext/standard/tests/strings/strip_tags_basic1.phpt (working copy) @@ -4,7 +4,7 @@ short_open_tag = on --FILE-- <?php -/* Prototype : string strip_tags(string $str [, string $allowable_tags]) +/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist]) * Description: Strips HTML and PHP tags from a string * Source code: ext/standard/string.c */ Index: ext/standard/tests/strings/strip_tags_variation7.phpt =================================================================== --- ext/standard/tests/strings/strip_tags_variation7.phpt (revision 307135) +++ ext/standard/tests/strings/strip_tags_variation7.phpt (working copy) @@ -4,7 +4,7 @@ short_open_tag = on --FILE-- <?php -/* Prototype : string strip_tags(string $str [, string $allowable_tags]) +/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist]) * Description: Strips HTML and PHP tags from a string * Source code: ext/standard/string.c */ @@ -38,6 +38,7 @@ { echo "-- Iteration $iterator --\n"; var_dump( strip_tags($string_value, $quotes) ); + var_dump( strip_tags($string_value, $quotes, false) ); $iterator++; } @@ -47,26 +48,38 @@ *** Testing strip_tags() : usage variations *** -- Iteration 1 -- string(43) "<abc>hello</abc> world... strip_tags_test" +string(43) "hello world... <ppp>strip_tags_test</ppp>" -- Iteration 2 -- string(45) "<abc>hello</abc> \t\tworld... strip_tags_test" +string(45) "hello \t\tworld... <ppp>strip_tags_test</ppp>" -- Iteration 3 -- string(0) "" +string(22) "<%?php hello world?%>" -- Iteration 4 -- string(0) "" +string(23) "<%?php hello\t world?%>" -- Iteration 5 -- string(18) "<htmL>hello</htmL>" +string(5) "hello" -- Iteration 6 -- string(18) "<htmL>hello</htmL>" +string(5) "hello" -- Iteration 7 -- string(9) "HtMl text" +string(18) "<a.>HtMl text</.a>" -- Iteration 8 -- string(9) "HtMl text" +string(18) "<a.>HtMl text</.a>" -- Iteration 9 -- string(37) "<nnn>I am not a valid html text</nnn>" +string(26) "I am not a valid html text" -- Iteration 10 -- string(37) "<nnn>I am not a valid html text</nnn>" +string(26) "I am not a valid html text" -- Iteration 11 -- string(73) "<nnn>I am a quoted (") string with special chars like $,\!,\@,\%,\&</nnn>" +string(62) "I am a quoted (") string with special chars like $,\!,\@,\%,\&" -- Iteration 12 -- string(75) "<nnn>I am a quoted (\") string with special chars like \$,\!,\@,\%,\&</nnn>" +string(64) "I am a quoted (\") string with special chars like \$,\!,\@,\%,\&" Done Index: ext/standard/tests/strings/strip_tags_variation1.phpt =================================================================== --- ext/standard/tests/strings/strip_tags_variation1.phpt (revision 307135) +++ ext/standard/tests/strings/strip_tags_variation1.phpt (working copy) @@ -4,7 +4,7 @@ set short_open_tag = on --FILE-- <?php -/* Prototype : string strip_tags(string $str [, string $allowable_tags]) +/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist]) * Description: Strips HTML and PHP tags from a string * Source code: ext/standard/string.c */ @@ -156,4 +156,4 @@ Warning: strip_tags() expects parameter 1 to be string, resource given in %s on line %d NULL -===DONE=== \ No newline at end of file +===DONE=== Index: ext/standard/tests/strings/strip_tags_basic2.phpt =================================================================== --- ext/standard/tests/strings/strip_tags_basic2.phpt (revision 307135) +++ ext/standard/tests/strings/strip_tags_basic2.phpt (working copy) @@ -4,7 +4,7 @@ short_open_tag = on --FILE-- <?php -/* Prototype : string strip_tags(string $str [, string $allowable_tags]) +/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist]) * Description: Strips HTML and PHP tags from a string * Source code: ext/standard/string.c */ Index: ext/standard/tests/strings/strip_tags_variation2.phpt =================================================================== --- ext/standard/tests/strings/strip_tags_variation2.phpt (revision 307135) +++ ext/standard/tests/strings/strip_tags_variation2.phpt (working copy) @@ -4,7 +4,7 @@ short_open_tag = on --FILE-- <?php -/* Prototype : string strip_tags(string $str [, string $allowable_tags]) +/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist]) * Description: Strips HTML and PHP tags from a string * Source code: ext/standard/string.c */ Index: ext/standard/tests/strings/strip_tags_variation3.phpt =================================================================== --- ext/standard/tests/strings/strip_tags_variation3.phpt (revision 307135) +++ ext/standard/tests/strings/strip_tags_variation3.phpt (working copy) @@ -4,7 +4,7 @@ set short_open_tag = on --FILE-- <?php -/* Prototype : string strip_tags(string $str [, string $allowable_tags]) +/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist]) * Description: Strips HTML and PHP tags from a string * Source code: ext/standard/string.c */ @@ -156,4 +156,4 @@ Warning: strip_tags() expects parameter 1 to be string, resource given in %s on line %d NULL -===DONE=== \ No newline at end of file +===DONE=== Index: ext/standard/tests/strings/strip_tags_variation10.phpt =================================================================== --- ext/standard/tests/strings/strip_tags_variation10.phpt (revision 307135) +++ ext/standard/tests/strings/strip_tags_variation10.phpt (working copy) @@ -4,7 +4,7 @@ short_open_tag = on --FILE-- <?php -/* Prototype : string strip_tags(string $str [, string $allowable_tags]) +/* Prototype : string strip_tags(string $str [, string $allowable_tags] [, bool $whitelist]) * Description: Strips HTML and PHP tags from a string * Source code: ext/standard/string.c */ @@ -26,6 +26,7 @@ ); $quotes = "<html><a><p><b><?php"; +$quotes2 = "<a><b><?php"; //loop through the various elements of strings array to test strip_tags() functionality $iterator = 1; @@ -33,6 +34,7 @@ { echo "-- Iteration $iterator --\n"; var_dump( strip_tags($string_value, $quotes) ); + var_dump( strip_tags($string_value, $quotes2, false) ); $iterator++; } @@ -42,14 +44,20 @@ *** Testing strip_tags() : usage variations *** -- Iteration 1 -- string(51) "<html> \$ -> This represents the dollar sign</html>" +string(51) "<html> \$ -> This represents the dollar sign</html>" -- Iteration 2 -- string(63) "<html>\t\r\v The quick brown fo\fx jumped over the lazy dog</p>" +string(63) "<html>\t\r\v The quick brown fo\fx jumped over the lazy dog</p>" -- Iteration 3 -- string(31) "<a>This is a hyper text tag</a>" +string(24) "This is a hyper text tag" -- Iteration 4 -- string(0) "" +string(0) "" -- Iteration 5 -- string(26) "<p>This is a paragraph</p>" +string(26) "<p>This is a paragraph</p>" -- Iteration 6 -- string(65) "<b>This is \ta text in bold letters\r\s\malong with slashes\n</b>" +string(58) "This is \ta text in bold letters\r\s\malong with slashes\n" Done Index: ext/standard/filters.c =================================================================== --- ext/standard/filters.c (revision 307135) +++ ext/standard/filters.c (working copy) @@ -217,7 +217,7 @@ bucket = php_stream_bucket_make_writeable(buckets_in->head TSRMLS_CC); consumed = bucket->buflen; - bucket->buflen = php_strip_tags(bucket->buf, bucket->buflen, &(inst->state), (char *)inst->allowed_tags, inst->allowed_tags_len); + bucket->buflen = php_strip_tags(bucket->buf, bucket->buflen, &(inst->state), (char *)inst->allowed_tags, inst->allowed_tags_len, 1); php_stream_bucket_append(buckets_out, bucket TSRMLS_CC); } Index: ext/standard/file.c =================================================================== --- ext/standard/file.c (revision 307135) +++ ext/standard/file.c (working copy) @@ -1203,7 +1203,7 @@ RETURN_FALSE; } - retval_len = php_strip_tags(retval, actual_len, &stream->fgetss_state, allowed_tags, allowed_tags_len); + retval_len = php_strip_tags(retval, actual_len, &stream->fgetss_state, allowed_tags, allowed_tags_len, 1); RETURN_STRINGL(retval, retval_len, 0); } Index: ext/standard/php_string.h =================================================================== --- ext/standard/php_string.h (revision 307135) +++ ext/standard/php_string.h (working copy) @@ -133,8 +133,8 @@ PHPAPI char *php_str_to_str(char *haystack, int length, char *needle, int needle_len, char *str, int str_len, int *_new_length); PHPAPI char *php_trim(char *c, int len, char *what, int what_len, zval *return_value, int mode TSRMLS_DC); -PHPAPI size_t php_strip_tags(char *rbuf, int len, int *state, char *allow, int allow_len); -PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, int allow_len, zend_bool allow_tag_spaces); +PHPAPI size_t php_strip_tags(char *rbuf, int len, int *state, char *allow, int allow_len, int whitelist); +PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, int allow_len, zend_bool allow_tag_spaces, zend_bool whitelist); PHPAPI int php_char_to_str_ex(char *str, uint len, char from, char *to, int to_len, zval *result, int case_sensitivity, int *replace_count); PHPAPI int php_char_to_str(char *str, uint len, char from, char *to, int to_len, zval *result); PHPAPI void php_implode(zval *delim, zval *arr, zval *return_value TSRMLS_DC); Index: ext/filter/sanitizing_filters.c =================================================================== --- ext/filter/sanitizing_filters.c (revision 307135) +++ ext/filter/sanitizing_filters.c (working copy) @@ -200,7 +200,7 @@ php_filter_encode_html(value, enc); /* strip tags, implicitly also removes \0 chars */ - new_len = php_strip_tags_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NULL, 0, 1); + new_len = php_strip_tags_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NULL, 0, 1, 1); Z_STRLEN_P(value) = new_len; if (new_len == 0) { Index: README.input_filter =================================================================== --- README.input_filter (revision 307135) +++ README.input_filter (working copy) @@ -142,7 +142,7 @@ php_register_variable_ex(raw_var, &new_var, array_ptr TSRMLS_DC); - php_strip_tags(*val, val_len, NULL, NULL, 0); + php_strip_tags(*val, val_len, NULL, NULL, 0, 1); *new_val_len = strlen(*val); return 1; |
Copyright © 2001-2024 The PHP Group All rights reserved. |
Last updated: Fri Oct 04 06:01:26 2024 UTC |