From 2e4c5817aef1a242a7a67bbe3771bda52c822b31 Mon Sep 17 00:00:00 2001 From: BruceGitHub Date: Mon, 7 Dec 2020 00:13:57 +0100 Subject: [PATCH 01/15] Adds test and fix --- ext/standard/string.c | 51 ++++++++++++++++++++++++++ ext/standard/tests/strings/bugXXX.phpt | 13 +++++++ 2 files changed, 64 insertions(+) create mode 100644 ext/standard/tests/strings/bugXXX.phpt diff --git a/ext/standard/string.c b/ext/standard/string.c index 8d0754347a0ac..c9b797207eb7a 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -4778,6 +4778,22 @@ PHPAPI size_t php_strip_tags(char *rbuf, size_t len, const char *allow, size_t a } /* }}} */ +//in tag && in quote ... +#define _PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR(CHAR) \ + (state == 1 && in_q>1 && allow && c == CHAR) + + //resize for the encode char > or < +#define _PHP_STRIP_TAGS_ENCODE_CHAR(ENCODE_CHAR) \ + if (((tp - tbuf) + 4) >= PHP_TAG_BUF_SIZE) { \ + pos = tp - tbuf; \ + tbuf = erealloc(tbuf, pos + PHP_TAG_BUF_SIZE + 4 ); \ + tp = tbuf + pos; \ + } \ + \ + memcpy(tp, ENCODE_CHAR, (tp-tbuf)+4); \ + tp+=4; + + /* {{{ php_strip_tags A simple little state-machine to strip out html and php tags @@ -4832,6 +4848,12 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, const char *allow, size_ case '\0': break; case '<': + + if (_PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR('<')) { + _PHP_STRIP_TAGS_ENCODE_CHAR("<") + break; + } + if (in_q) { break; } @@ -4857,6 +4879,11 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, const char *allow, size_ break; } + if (_PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR('>')) { + _PHP_STRIP_TAGS_ENCODE_CHAR(">") + break; + } + if (in_q) { break; } @@ -4879,6 +4906,12 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, const char *allow, size_ case '\0': break; case '<': + + if (_PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR('<')) { + _PHP_STRIP_TAGS_ENCODE_CHAR("<") + break; + } + if (in_q) { break; } @@ -4892,6 +4925,12 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, const char *allow, size_ depth--; break; } + + if (_PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR('>')) { + _PHP_STRIP_TAGS_ENCODE_CHAR(">") + break; + } + if (in_q) { break; } @@ -4986,6 +5025,12 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, const char *allow, size_ depth--; break; } + + if (_PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR('>')) { + _PHP_STRIP_TAGS_ENCODE_CHAR(">") + break; + } + if (in_q) { break; } @@ -5046,6 +5091,12 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, const char *allow, size_ depth--; break; } + + if (_PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR('>')) { + _PHP_STRIP_TAGS_ENCODE_CHAR(">") + break; + } + if (in_q) { break; } diff --git a/ext/standard/tests/strings/bugXXX.phpt b/ext/standard/tests/strings/bugXXX.phpt new file mode 100644 index 0000000000000..97a1cdc59c250 --- /dev/null +++ b/ext/standard/tests/strings/bugXXX.phpt @@ -0,0 +1,13 @@ +--TEST-- +Bug #XXXXX: strip_tags strip >< in attributes with allow tag +Bug #74371: strip_tags strip >< in attributes with allow tag +--FILE-- +', '').PHP_EOL; +echo strip_tags('', '').PHP_EOL; + +?> +--EXPECT-- + + From 80e7b4074ed5343d87c6b14970abf5c63c9bf7eb Mon Sep 17 00:00:00 2001 From: BruceGitHub Date: Mon, 7 Dec 2020 15:15:02 +0100 Subject: [PATCH 02/15] Clean test section --- ext/standard/tests/strings/bugXXX.phpt | 1 - 1 file changed, 1 deletion(-) diff --git a/ext/standard/tests/strings/bugXXX.phpt b/ext/standard/tests/strings/bugXXX.phpt index 97a1cdc59c250..d26bcdf8f417e 100644 --- a/ext/standard/tests/strings/bugXXX.phpt +++ b/ext/standard/tests/strings/bugXXX.phpt @@ -1,6 +1,5 @@ --TEST-- Bug #XXXXX: strip_tags strip >< in attributes with allow tag -Bug #74371: strip_tags strip >< in attributes with allow tag --FILE-- Date: Mon, 7 Dec 2020 20:44:28 +0100 Subject: [PATCH 03/15] Uses root namespace with PHP_EOL --- ext/standard/tests/strings/bugXXX.phpt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ext/standard/tests/strings/bugXXX.phpt b/ext/standard/tests/strings/bugXXX.phpt index d26bcdf8f417e..66dc4ecd19793 100644 --- a/ext/standard/tests/strings/bugXXX.phpt +++ b/ext/standard/tests/strings/bugXXX.phpt @@ -3,10 +3,10 @@ Bug #XXXXX: strip_tags strip >< in attributes with allow tag --FILE-- ', '').PHP_EOL; -echo strip_tags('', '').PHP_EOL; +echo strip_tags('', '').\PHP_EOL; +echo strip_tags('', '').\PHP_EOL; ?> --EXPECT-- - - + + From ca283ae3b26828f3331b075a5fafd4f71fed7a85 Mon Sep 17 00:00:00 2001 From: BruceGitHub Date: Fri, 11 Dec 2020 22:42:54 +0100 Subject: [PATCH 04/15] Adds more tests. Changes the approach --- ext/standard/php_string.h | 6 +-- ext/standard/string.c | 68 +++++++++++++++----------- ext/standard/tests/strings/bugXXX.phpt | 17 +++++++ 3 files changed, 60 insertions(+), 31 deletions(-) diff --git a/ext/standard/php_string.h b/ext/standard/php_string.h index 43e50dffc1835..3013f4d799c30 100644 --- a/ext/standard/php_string.h +++ b/ext/standard/php_string.h @@ -50,9 +50,9 @@ PHPAPI size_t php_dirname(char *str, size_t len); PHPAPI char *php_stristr(char *s, char *t, size_t s_len, size_t t_len); PHPAPI zend_string *php_str_to_str(const char *haystack, size_t length, const char *needle, size_t needle_len, const char *str, size_t str_len); -PHPAPI zend_string *php_trim(zend_string *str, const char *what, size_t what_len, int mode); -PHPAPI size_t php_strip_tags(char *rbuf, size_t len, const char *allow, size_t allow_len); -PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, const char *allow, size_t allow_len, zend_bool allow_tag_spaces); +PHPAPI zend_string *php_trim(zend_string *zend_string_r, const char *what, size_t what_len, int mode); +PHPAPI zend_string *php_strip_tags(zend_string *zend_string_r, size_t len, const char *allow, size_t allow_len); +PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_r, size_t len, const char *allow, size_t allow_len, zend_bool allow_tag_spaces); PHPAPI void php_implode(const zend_string *delim, HashTable *arr, zval *return_value); PHPAPI void php_explode(const zend_string *delim, zend_string *str, zval *return_value, zend_long limit); diff --git a/ext/standard/string.c b/ext/standard/string.c index c9b797207eb7a..0e5d061556073 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -4535,6 +4535,7 @@ PHP_FUNCTION(strip_tags) const char *allowed_tags=NULL; size_t allowed_tags_len=0; smart_str tags_ss = {0}; + zend_string *stripped_tag_buf; ZEND_PARSE_PARAMETERS_START(1, 2) Z_PARAM_STR(str) @@ -4564,9 +4565,11 @@ PHP_FUNCTION(strip_tags) } buf = zend_string_init(ZSTR_VAL(str), ZSTR_LEN(str), 0); - ZSTR_LEN(buf) = php_strip_tags_ex(ZSTR_VAL(buf), ZSTR_LEN(str), allowed_tags, allowed_tags_len, 0); + stripped_tag_buf = php_strip_tags_ex(buf, ZSTR_LEN(buf), allowed_tags, allowed_tags_len, 0); + + zend_string_release(buf); smart_str_free(&tags_ss); - RETURN_NEW_STR(buf); + RETURN_STR(stripped_tag_buf); } /* }}} */ @@ -4772,7 +4775,7 @@ int php_tag_find(char *tag, size_t len, const char *set) { } /* }}} */ -PHPAPI size_t php_strip_tags(char *rbuf, size_t len, const char *allow, size_t allow_len) /* {{{ */ +PHPAPI zend_string* php_strip_tags(zend_string *rbuf, size_t len, const char *allow, size_t allow_len) /* {{{ */ { return php_strip_tags_ex(rbuf, len, allow, allow_len, 0); } @@ -4780,19 +4783,19 @@ PHPAPI size_t php_strip_tags(char *rbuf, size_t len, const char *allow, size_t a //in tag && in quote ... #define _PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR(CHAR) \ - (state == 1 && in_q>1 && allow && c == CHAR) + (state == 1 && in_q>1 && allow && c == CHAR) //resize for the encode char > or < -#define _PHP_STRIP_TAGS_ENCODE_CHAR(ENCODE_CHAR) \ - if (((tp - tbuf) + 4) >= PHP_TAG_BUF_SIZE) { \ - pos = tp - tbuf; \ - tbuf = erealloc(tbuf, pos + PHP_TAG_BUF_SIZE + 4 ); \ - tp = tbuf + pos; \ - } \ - \ - memcpy(tp, ENCODE_CHAR, (tp-tbuf)+4); \ - tp+=4; - +#define _PHP_STRIP_TAGS_ENCODE_CHAR(ENCODE_CHAR,LEN_CHAR) \ + if (((tp - tbuf) + LEN_CHAR) >= PHP_TAG_BUF_SIZE) { \ + pos = tp - tbuf; \ + tbuf = erealloc(tbuf, pos + PHP_TAG_BUF_SIZE + LEN_CHAR ); \ + tp = tbuf + pos; \ + } \ + \ + memcpy(tp, ENCODE_CHAR, (tp-tbuf)+LEN_CHAR); \ + tp+=LEN_CHAR; + /* {{{ php_strip_tags @@ -4814,22 +4817,28 @@ PHPAPI size_t php_strip_tags(char *rbuf, size_t len, const char *allow, size_t a swm: Added ability to strip ')) { - _PHP_STRIP_TAGS_ENCODE_CHAR(">") + _PHP_STRIP_TAGS_ENCODE_CHAR(">",len_gt) break; } @@ -4906,9 +4915,8 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, const char *allow, size_ case '\0': break; case '<': - if (_PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR('<')) { - _PHP_STRIP_TAGS_ENCODE_CHAR("<") + _PHP_STRIP_TAGS_ENCODE_CHAR("<",len_lt) break; } @@ -4927,7 +4935,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, const char *allow, size_ } if (_PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR('>')) { - _PHP_STRIP_TAGS_ENCODE_CHAR(">") + _PHP_STRIP_TAGS_ENCODE_CHAR(">",len_gt) break; } @@ -5027,7 +5035,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, const char *allow, size_ } if (_PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR('>')) { - _PHP_STRIP_TAGS_ENCODE_CHAR(">") + _PHP_STRIP_TAGS_ENCODE_CHAR(">",len_gt) break; } @@ -5093,7 +5101,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, const char *allow, size_ } if (_PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR('>')) { - _PHP_STRIP_TAGS_ENCODE_CHAR(">") + _PHP_STRIP_TAGS_ENCODE_CHAR(">",len_gt) break; } @@ -5157,7 +5165,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, const char *allow, size_ } finish: - if (rp < rbuf + len) { + if (rp < r_stripped_buffer + len) { *rp = '\0'; } efree((void *)buf); @@ -5168,7 +5176,11 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, size_t len, const char *allow, size_ efree(allow_free); } - return (size_t)(rp - rbuf); + size_t lenrbuf = rp-r_stripped_buffer; + zend_string *new_string = zend_string_init(r_stripped_buffer,lenrbuf,0); + efree(r_stripped_buffer); + + return new_string; } /* }}} */ diff --git a/ext/standard/tests/strings/bugXXX.phpt b/ext/standard/tests/strings/bugXXX.phpt index 66dc4ecd19793..6d111e1c5ef0d 100644 --- a/ext/standard/tests/strings/bugXXX.phpt +++ b/ext/standard/tests/strings/bugXXX.phpt @@ -6,7 +6,24 @@ Bug #XXXXX: strip_tags strip >< in attributes with allow tag echo strip_tags('', '').\PHP_EOL; echo strip_tags('', '').\PHP_EOL; +echo strip_tags('inside ta2', '').\PHP_EOL; + +$lts = str_repeat('<',40); +echo strip_tags('xxxhello', '').\PHP_EOL; +echo strip_tags('', '').\PHP_EOL; +echo strip_tags('', '').\PHP_EOL; +echo strip_tags('inside ta2', '').\PHP_EOL; +echo strip_tags('inside ta2', '').\PHP_EOL; +echo strip_tags('inside ta2', '').\PHP_EOL; + ?> --EXPECT-- +inside ta2 +xxxhello + + +inside ta2 +inside ta2 +inside ta2 From eb6a1f8c6d19f3641e14b65103b79773e74bff8d Mon Sep 17 00:00:00 2001 From: BruceGitHub Date: Fri, 11 Dec 2020 22:54:42 +0100 Subject: [PATCH 05/15] Fixes php_filter_string according to the changes --- ext/filter/sanitizing_filters.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c index cceb1270bbc77..27eed87c6e670 100644 --- a/ext/filter/sanitizing_filters.c +++ b/ext/filter/sanitizing_filters.c @@ -170,6 +170,8 @@ void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL) { size_t new_len; unsigned char enc[256] = {0}; + zend_string* new_string; + if (!Z_REFCOUNTED_P(value)) { ZVAL_STRINGL(value, Z_STRVAL_P(value), Z_STRLEN_P(value)); @@ -194,8 +196,8 @@ void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL) php_filter_encode_html(value, enc); /* strip tags, implicitly also removes \0 chars */ - new_len = php_strip_tags_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, 0, 1); - Z_STRLEN_P(value) = new_len; + new_string = php_strip_tags_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, 0, 1); + Z_STRLEN_P(value) = ZSTR_LEN(new_string); if (new_len == 0) { zval_ptr_dtor(value); From 99a7324a95185c7bbcbce16b0fee0cc026725214 Mon Sep 17 00:00:00 2001 From: BruceGitHub Date: Fri, 11 Dec 2020 23:30:32 +0100 Subject: [PATCH 06/15] Another fix of sanitizing_filter.c --- ext/filter/sanitizing_filters.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c index 27eed87c6e670..73af37dfd76bb 100644 --- a/ext/filter/sanitizing_filters.c +++ b/ext/filter/sanitizing_filters.c @@ -196,7 +196,7 @@ void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL) php_filter_encode_html(value, enc); /* strip tags, implicitly also removes \0 chars */ - new_string = php_strip_tags_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, 0, 1); + new_string = php_strip_tags_ex(Z_STR(value), Z_STRLEN_P(value), NULL, 0, 1); Z_STRLEN_P(value) = ZSTR_LEN(new_string); if (new_len == 0) { From 2c6af1824af42d897028897431d0d3a0b7d78718 Mon Sep 17 00:00:00 2001 From: BruceGitHub Date: Fri, 11 Dec 2020 23:32:11 +0100 Subject: [PATCH 07/15] Remove warning --- ext/filter/sanitizing_filters.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c index 73af37dfd76bb..360a9213f87b6 100644 --- a/ext/filter/sanitizing_filters.c +++ b/ext/filter/sanitizing_filters.c @@ -168,7 +168,6 @@ static void filter_map_apply(zval *value, filter_map *map) /* {{{ php_filter_string */ void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL) { - size_t new_len; unsigned char enc[256] = {0}; zend_string* new_string; @@ -196,10 +195,10 @@ void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL) php_filter_encode_html(value, enc); /* strip tags, implicitly also removes \0 chars */ - new_string = php_strip_tags_ex(Z_STR(value), Z_STRLEN_P(value), NULL, 0, 1); + new_string = php_strip_tags_ex(Z_STR_P(value), Z_STRLEN_P(value), NULL, 0, 1); Z_STRLEN_P(value) = ZSTR_LEN(new_string); - if (new_len == 0) { + if (ZSTR_LEN(new_string) == 0) { zval_ptr_dtor(value); if (flags & FILTER_FLAG_EMPTY_STRING_NULL) { ZVAL_NULL(value); From 71c48c2fbd170adc4fac1e836c20c9139c78bd1c Mon Sep 17 00:00:00 2001 From: BruceGitHub Date: Sun, 13 Dec 2020 10:49:06 +0100 Subject: [PATCH 08/15] I will hope that pipes now is green --- ext/filter/sanitizing_filters.c | 7 ++++--- ext/standard/string.c | 23 +++++++++++++++++++---- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c index 360a9213f87b6..27bb9bb0cd62c 100644 --- a/ext/filter/sanitizing_filters.c +++ b/ext/filter/sanitizing_filters.c @@ -170,6 +170,7 @@ void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL) { unsigned char enc[256] = {0}; zend_string* new_string; + size_t new_len; if (!Z_REFCOUNTED_P(value)) { @@ -195,10 +196,10 @@ void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL) php_filter_encode_html(value, enc); /* strip tags, implicitly also removes \0 chars */ - new_string = php_strip_tags_ex(Z_STR_P(value), Z_STRLEN_P(value), NULL, 0, 1); - Z_STRLEN_P(value) = ZSTR_LEN(new_string); + php_strip_tags_ex(Z_STR_P(value), Z_STRLEN_P(value), NULL, 0, 1); + // zend_string_release(new_string); - if (ZSTR_LEN(new_string) == 0) { + if (Z_STRLEN_P(value) == 0) { zval_ptr_dtor(value); if (flags & FILTER_FLAG_EMPTY_STRING_NULL) { ZVAL_NULL(value); diff --git a/ext/standard/string.c b/ext/standard/string.c index 0e5d061556073..584feae881ed3 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -4567,9 +4567,9 @@ PHP_FUNCTION(strip_tags) buf = zend_string_init(ZSTR_VAL(str), ZSTR_LEN(str), 0); stripped_tag_buf = php_strip_tags_ex(buf, ZSTR_LEN(buf), allowed_tags, allowed_tags_len, 0); - zend_string_release(buf); + // zend_string_release(buf); smart_str_free(&tags_ss); - RETURN_STR(stripped_tag_buf); + RETURN_STR(buf); } /* }}} */ @@ -5177,10 +5177,25 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, size_t len } size_t lenrbuf = rp-r_stripped_buffer; - zend_string *new_string = zend_string_init(r_stripped_buffer,lenrbuf,0); + zend_string *new_string; + + if (lenrbuf == 0 ) { + zend_string_input->val[0] = '\0'; + zend_string_input->len = 0; + new_string = zend_string_init('\0',lenrbuf,0); + } + + if (lenrbuf > 0 ) { + memcpy(zend_string_input->val, r_stripped_buffer, lenrbuf); + zend_string_input->len = lenrbuf; + zend_string_input->val[lenrbuf] = '\0'; + new_string = zend_string_init(r_stripped_buffer,lenrbuf+1,0); //fix buf69203 + } + efree(r_stripped_buffer); + efree(new_string); - return new_string; + return NULL; } /* }}} */ From 69a2b5aebaa5b0c6eb956ca6bb5f6da4d4e38b33 Mon Sep 17 00:00:00 2001 From: BruceGitHub Date: Tue, 15 Dec 2020 00:14:53 +0100 Subject: [PATCH 09/15] Fixes stage-one - pipe green in local env Mac - --- ext/filter/sanitizing_filters.c | 17 +++++++-- ext/standard/string.c | 18 +++------ ext/standard/tests/strings/bugXXX.phpt | 51 +++++++++++--------------- 3 files changed, 41 insertions(+), 45 deletions(-) diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c index 27bb9bb0cd62c..cabdeb3d898e5 100644 --- a/ext/filter/sanitizing_filters.c +++ b/ext/filter/sanitizing_filters.c @@ -172,7 +172,6 @@ void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL) zend_string* new_string; size_t new_len; - if (!Z_REFCOUNTED_P(value)) { ZVAL_STRINGL(value, Z_STRVAL_P(value), Z_STRLEN_P(value)); } @@ -196,10 +195,20 @@ void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL) php_filter_encode_html(value, enc); /* strip tags, implicitly also removes \0 chars */ - php_strip_tags_ex(Z_STR_P(value), Z_STRLEN_P(value), NULL, 0, 1); - // zend_string_release(new_string); + new_string = php_strip_tags_ex(Z_STR_P(value), Z_STRLEN_P(value), NULL, 0, 1); + new_len = ZSTR_LEN(new_string); - if (Z_STRLEN_P(value) == 0) { + memcpy(value->value.str->val,ZSTR_VAL(new_string),new_len); + value->value.str->val[new_len] = '\0'; + value->value.str->len = new_len; + + // value->value.str->val = '\0'; + // value->value.str->len = new_len; + + zend_string_release(new_string); + // php_printf("\n value: [%s] ",value->value.str->val); + + if (new_len == 0) { zval_ptr_dtor(value); if (flags & FILTER_FLAG_EMPTY_STRING_NULL) { ZVAL_NULL(value); diff --git a/ext/standard/string.c b/ext/standard/string.c index 584feae881ed3..a24497577da7c 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -4567,9 +4567,9 @@ PHP_FUNCTION(strip_tags) buf = zend_string_init(ZSTR_VAL(str), ZSTR_LEN(str), 0); stripped_tag_buf = php_strip_tags_ex(buf, ZSTR_LEN(buf), allowed_tags, allowed_tags_len, 0); - // zend_string_release(buf); + zend_string_release(buf); smart_str_free(&tags_ss); - RETURN_STR(buf); + RETURN_STR(stripped_tag_buf); } /* }}} */ @@ -4793,7 +4793,7 @@ PHPAPI zend_string* php_strip_tags(zend_string *rbuf, size_t len, const char *al tp = tbuf + pos; \ } \ \ - memcpy(tp, ENCODE_CHAR, (tp-tbuf)+LEN_CHAR); \ + memcpy(tp, ENCODE_CHAR, LEN_CHAR); \ tp+=LEN_CHAR; @@ -5180,22 +5180,16 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, size_t len zend_string *new_string; if (lenrbuf == 0 ) { - zend_string_input->val[0] = '\0'; - zend_string_input->len = 0; - new_string = zend_string_init('\0',lenrbuf,0); + new_string = zend_string_init("\0",lenrbuf,0); } if (lenrbuf > 0 ) { - memcpy(zend_string_input->val, r_stripped_buffer, lenrbuf); - zend_string_input->len = lenrbuf; - zend_string_input->val[lenrbuf] = '\0'; - new_string = zend_string_init(r_stripped_buffer,lenrbuf+1,0); //fix buf69203 + new_string = zend_string_init(r_stripped_buffer,lenrbuf,0); //fix buf69203 } efree(r_stripped_buffer); - efree(new_string); - return NULL; + return new_string; } /* }}} */ diff --git a/ext/standard/tests/strings/bugXXX.phpt b/ext/standard/tests/strings/bugXXX.phpt index 6d111e1c5ef0d..e860d0661d3e2 100644 --- a/ext/standard/tests/strings/bugXXX.phpt +++ b/ext/standard/tests/strings/bugXXX.phpt @@ -1,29 +1,22 @@ ---TEST-- -Bug #XXXXX: strip_tags strip >< in attributes with allow tag ---FILE-- -', '').\PHP_EOL; -echo strip_tags('', '').\PHP_EOL; - -echo strip_tags('inside ta2', '').\PHP_EOL; - -$lts = str_repeat('<',40); -echo strip_tags('xxxhello', '').\PHP_EOL; -echo strip_tags('', '').\PHP_EOL; -echo strip_tags('', '').\PHP_EOL; -echo strip_tags('inside ta2', '').\PHP_EOL; -echo strip_tags('inside ta2', '').\PHP_EOL; -echo strip_tags('inside ta2', '').\PHP_EOL; - -?> ---EXPECT-- - - -inside ta2 -xxxhello - - -inside ta2 -inside ta2 -inside ta2 +--TEST-- +Bug #XXXXX: strip_tags strip >< in attributes with allow tag +--FILE-- +', '').\PHP_EOL; +echo strip_tags('', '').\PHP_EOL; + +$lts = ''; +$gts = ''; +for ($i=0;$i<10;$i++) +{ + $lts.=" $i(<) "; + $gts.=" $i(>) "; +} +echo strip_tags(' xxx yyy hello!', '').\PHP_EOL; +echo strip_tags(' xxx yyy hello!', '').\PHP_EOL; +?> +--EXPECT-- + + + xxx yyy hello! + xxx yyy hello! From 16ed6cb6107926e438daff61dd1cbe1be2f7a74a Mon Sep 17 00:00:00 2001 From: BruceGitHub Date: Tue, 15 Dec 2020 22:23:18 +0100 Subject: [PATCH 10/15] Clean code --- ext/filter/sanitizing_filters.c | 6 +----- ext/standard/php_string.h | 4 ++-- ext/standard/string.c | 13 +++++++------ 3 files changed, 10 insertions(+), 13 deletions(-) diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c index cabdeb3d898e5..cbaf830dcbd85 100644 --- a/ext/filter/sanitizing_filters.c +++ b/ext/filter/sanitizing_filters.c @@ -195,18 +195,14 @@ void php_filter_string(PHP_INPUT_FILTER_PARAM_DECL) php_filter_encode_html(value, enc); /* strip tags, implicitly also removes \0 chars */ - new_string = php_strip_tags_ex(Z_STR_P(value), Z_STRLEN_P(value), NULL, 0, 1); + new_string = php_strip_tags_ex(Z_STR_P(value), NULL, 0, 1); new_len = ZSTR_LEN(new_string); memcpy(value->value.str->val,ZSTR_VAL(new_string),new_len); value->value.str->val[new_len] = '\0'; value->value.str->len = new_len; - // value->value.str->val = '\0'; - // value->value.str->len = new_len; - zend_string_release(new_string); - // php_printf("\n value: [%s] ",value->value.str->val); if (new_len == 0) { zval_ptr_dtor(value); diff --git a/ext/standard/php_string.h b/ext/standard/php_string.h index 3013f4d799c30..87b551e25180e 100644 --- a/ext/standard/php_string.h +++ b/ext/standard/php_string.h @@ -51,8 +51,8 @@ PHPAPI char *php_stristr(char *s, char *t, size_t s_len, size_t t_len); PHPAPI zend_string *php_str_to_str(const char *haystack, size_t length, const char *needle, size_t needle_len, const char *str, size_t str_len); PHPAPI zend_string *php_trim(zend_string *zend_string_r, const char *what, size_t what_len, int mode); -PHPAPI zend_string *php_strip_tags(zend_string *zend_string_r, size_t len, const char *allow, size_t allow_len); -PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_r, size_t len, const char *allow, size_t allow_len, zend_bool allow_tag_spaces); +PHPAPI zend_string *php_strip_tags(zend_string *zend_string_r, const char *allow, size_t allow_len); +PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_r, const char *allow, size_t allow_len, zend_bool allow_tag_spaces); PHPAPI void php_implode(const zend_string *delim, HashTable *arr, zval *return_value); PHPAPI void php_explode(const zend_string *delim, zend_string *str, zval *return_value, zend_long limit); diff --git a/ext/standard/string.c b/ext/standard/string.c index a24497577da7c..e1ef3df40efa2 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -4565,7 +4565,7 @@ PHP_FUNCTION(strip_tags) } buf = zend_string_init(ZSTR_VAL(str), ZSTR_LEN(str), 0); - stripped_tag_buf = php_strip_tags_ex(buf, ZSTR_LEN(buf), allowed_tags, allowed_tags_len, 0); + stripped_tag_buf = php_strip_tags_ex(buf, allowed_tags, allowed_tags_len, 0); zend_string_release(buf); smart_str_free(&tags_ss); @@ -4775,9 +4775,9 @@ int php_tag_find(char *tag, size_t len, const char *set) { } /* }}} */ -PHPAPI zend_string* php_strip_tags(zend_string *rbuf, size_t len, const char *allow, size_t allow_len) /* {{{ */ +PHPAPI zend_string* php_strip_tags(zend_string *rbuf, const char *allow, size_t allow_len) /* {{{ */ { - return php_strip_tags_ex(rbuf, len, allow, allow_len, 0); + return php_strip_tags_ex(rbuf, allow, allow_len, 0); } /* }}} */ @@ -4789,7 +4789,7 @@ PHPAPI zend_string* php_strip_tags(zend_string *rbuf, size_t len, const char *al #define _PHP_STRIP_TAGS_ENCODE_CHAR(ENCODE_CHAR,LEN_CHAR) \ if (((tp - tbuf) + LEN_CHAR) >= PHP_TAG_BUF_SIZE) { \ pos = tp - tbuf; \ - tbuf = erealloc(tbuf, pos + PHP_TAG_BUF_SIZE + LEN_CHAR ); \ + tbuf = erealloc(tbuf, pos + PHP_TAG_BUF_SIZE + LEN_CHAR+1 ); \ tp = tbuf + pos; \ } \ \ @@ -4817,7 +4817,7 @@ PHPAPI zend_string* php_strip_tags(zend_string *rbuf, size_t len, const char *al swm: Added ability to strip 0 ) { - new_string = zend_string_init(r_stripped_buffer,lenrbuf,0); //fix buf69203 + new_string = zend_string_init(r_stripped_buffer,lenrbuf,0); } efree(r_stripped_buffer); From 129e51d665740501f5f03ef3945e73023275a36f Mon Sep 17 00:00:00 2001 From: BruceGitHub Date: Wed, 16 Dec 2020 09:23:30 +0100 Subject: [PATCH 11/15] Fixes typo --- ext/standard/string.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/standard/string.c b/ext/standard/string.c index e1ef3df40efa2..7e597d2e3224f 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -4789,7 +4789,7 @@ PHPAPI zend_string* php_strip_tags(zend_string *rbuf, const char *allow, size_t #define _PHP_STRIP_TAGS_ENCODE_CHAR(ENCODE_CHAR,LEN_CHAR) \ if (((tp - tbuf) + LEN_CHAR) >= PHP_TAG_BUF_SIZE) { \ pos = tp - tbuf; \ - tbuf = erealloc(tbuf, pos + PHP_TAG_BUF_SIZE + LEN_CHAR+1 ); \ + tbuf = erealloc(tbuf, pos + LEN_CHAR+1 ); \ tp = tbuf + pos; \ } \ \ From 10b9d65534d01d918c49f1702c880f7a84aafbb8 Mon Sep 17 00:00:00 2001 From: BruceGitHub Date: Wed, 16 Dec 2020 23:28:03 +0100 Subject: [PATCH 12/15] Fixes other issues --- ext/standard/string.c | 55 +++++++++++++------------------------------ 1 file changed, 17 insertions(+), 38 deletions(-) diff --git a/ext/standard/string.c b/ext/standard/string.c index 7e597d2e3224f..8117cd8fe9328 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -4787,15 +4787,24 @@ PHPAPI zend_string* php_strip_tags(zend_string *rbuf, const char *allow, size_t //resize for the encode char > or < #define _PHP_STRIP_TAGS_ENCODE_CHAR(ENCODE_CHAR,LEN_CHAR) \ - if (((tp - tbuf) + LEN_CHAR) >= PHP_TAG_BUF_SIZE) { \ + if (( (tp+LEN_CHAR) - tbuf) >= tbuf_max_size) { \ pos = tp - tbuf; \ + tbuf_max_size+=LEN_CHAR; \ tbuf = erealloc(tbuf, pos + LEN_CHAR+1 ); \ tp = tbuf + pos; \ } \ \ memcpy(tp, ENCODE_CHAR, LEN_CHAR); \ tp+=LEN_CHAR; - + +//increase size tbuf if need more performace with tbuf_max_size approach +#define _PHP_STRIP_TAGS_INCREASE_TBUFF_IF_NEED() \ + if (tp - tbuf >= tbuf_max_size) { \ + tbuf_max_size+=PHP_TAG_BUF_SIZE; \ + pos = tp - tbuf; \ + tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); \ + tp = tbuf + pos; \ + } /* {{{ php_strip_tags @@ -4829,6 +4838,8 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char const int len_lt = 4; const int len_gt = 4; size_t len = ZSTR_LEN(zend_string_input); + int tbuf_max_size = PHP_TAG_BUF_SIZE; + buf = estrndup(ZSTR_VAL(zend_string_input), len); p = buf; @@ -4858,12 +4869,7 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char case '\0': break; case '<': - - if (_PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR('<')) { - _PHP_STRIP_TAGS_ENCODE_CHAR("<",len_lt) - break; - } - + if (in_q) { break; } @@ -4874,11 +4880,7 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char lc = '<'; state = 1; if (allow) { - if (tp - tbuf >= PHP_TAG_BUF_SIZE) { - pos = tp - tbuf; - tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); - tp = tbuf + pos; - } + _PHP_STRIP_TAGS_INCREASE_TBUFF_IF_NEED() *(tp++) = '<'; } p++; @@ -4889,11 +4891,6 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char break; } - if (_PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR('>')) { - _PHP_STRIP_TAGS_ENCODE_CHAR(">",len_gt) - break; - } - if (in_q) { break; } @@ -4950,11 +4947,7 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char } in_q = state = is_xml = 0; if (allow) { - if (tp - tbuf >= PHP_TAG_BUF_SIZE) { - pos = tp - tbuf; - tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); - tp = tbuf + pos; - } + _PHP_STRIP_TAGS_INCREASE_TBUFF_IF_NEED() *(tp++) = '>'; *tp='\0'; if (php_tag_find(tbuf, tp-tbuf, allow)) { @@ -4999,11 +4992,7 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char default: reg_char_1: if (allow) { - if (tp - tbuf >= PHP_TAG_BUF_SIZE) { - pos = tp - tbuf; - tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); - tp = tbuf + pos; - } + _PHP_STRIP_TAGS_INCREASE_TBUFF_IF_NEED() *(tp++) = c; } break; @@ -5035,11 +5024,6 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char break; } - if (_PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR('>')) { - _PHP_STRIP_TAGS_ENCODE_CHAR(">",len_gt) - break; - } - if (in_q) { break; } @@ -5101,11 +5085,6 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char break; } - if (_PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR('>')) { - _PHP_STRIP_TAGS_ENCODE_CHAR(">",len_gt) - break; - } - if (in_q) { break; } From 5a4cbd7bcf79b6c1f27b9799ff70a2c0ff4a5683 Mon Sep 17 00:00:00 2001 From: BruceGitHub Date: Sun, 20 Dec 2020 23:02:36 +0100 Subject: [PATCH 13/15] Use zend_string_xx --- ext/standard/string.c | 96 +++++++++++++++++++++++-------------------- 1 file changed, 51 insertions(+), 45 deletions(-) diff --git a/ext/standard/string.c b/ext/standard/string.c index 8117cd8fe9328..d86b3c5cd42f1 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -4781,30 +4781,22 @@ PHPAPI zend_string* php_strip_tags(zend_string *rbuf, const char *allow, size_t } /* }}} */ +#define _PHP_STRIP_TAGS_SIZE_TRIANGULAR_BRACKETS 4 + //in tag && in quote ... #define _PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR(CHAR) \ (state == 1 && in_q>1 && allow && c == CHAR) - //resize for the encode char > or < -#define _PHP_STRIP_TAGS_ENCODE_CHAR(ENCODE_CHAR,LEN_CHAR) \ - if (( (tp+LEN_CHAR) - tbuf) >= tbuf_max_size) { \ - pos = tp - tbuf; \ - tbuf_max_size+=LEN_CHAR; \ - tbuf = erealloc(tbuf, pos + LEN_CHAR+1 ); \ - tp = tbuf + pos; \ - } \ - \ - memcpy(tp, ENCODE_CHAR, LEN_CHAR); \ - tp+=LEN_CHAR; - -//increase size tbuf if need more performace with tbuf_max_size approach -#define _PHP_STRIP_TAGS_INCREASE_TBUFF_IF_NEED() \ - if (tp - tbuf >= tbuf_max_size) { \ + +#define _PHP_S_TAGS_EXTEND_BUFF(LEN) \ + pos = tp - ZSTR_VAL(tbuf); \ + if ((pos+LEN) >= ZSTR_LEN(tbuf)) { \ tbuf_max_size+=PHP_TAG_BUF_SIZE; \ - pos = tp - tbuf; \ - tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); \ - tp = tbuf + pos; \ - } + tbuf = zend_string_extend(tbuf,tbuf_max_size,0); \ + tp = ZSTR_VAL(tbuf); \ + tp+=pos; \ + } + /* {{{ php_strip_tags @@ -4828,25 +4820,24 @@ PHPAPI zend_string* php_strip_tags(zend_string *rbuf, const char *allow, size_t */ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char *allow, size_t allow_len, zend_bool allow_tag_spaces) { - char *tbuf, *tp, *rp, c, lc, *r_stripped_buffer; + char *rp, c, lc; const char *buf, *p, *end; int br, depth=0, in_q = 0; uint8_t state = 0; size_t pos; char *allow_free = NULL; char is_xml = 0; - const int len_lt = 4; - const int len_gt = 4; size_t len = ZSTR_LEN(zend_string_input); int tbuf_max_size = PHP_TAG_BUF_SIZE; - + char *tp; + zend_string *tbuf, *ret_stripped_buffer; buf = estrndup(ZSTR_VAL(zend_string_input), len); p = buf; end = buf + len; - r_stripped_buffer = estrndup(ZSTR_VAL(zend_string_input), len); - rp = r_stripped_buffer; + ret_stripped_buffer = zend_string_dup(zend_string_input,0); + rp = ZSTR_VAL(ret_stripped_buffer); lc = '\0'; br = 0; @@ -4854,10 +4845,11 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char if (allow) { allow_free = zend_str_tolower_dup_ex(allow, allow_len); allow = allow_free ? allow_free : allow; - tbuf = emalloc(PHP_TAG_BUF_SIZE + 1); - tp = tbuf; + tbuf = zend_string_alloc(PHP_TAG_BUF_SIZE+1,0); + tp = ZSTR_VAL(tbuf); } else { - tbuf = tp = NULL; + tbuf = NULL; + tp = NULL; } state_0: @@ -4880,7 +4872,7 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char lc = '<'; state = 1; if (allow) { - _PHP_STRIP_TAGS_INCREASE_TBUFF_IF_NEED() + _PHP_STRIP_TAGS_EXTEND_BUFF(0) *(tp++) = '<'; } p++; @@ -4914,7 +4906,9 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char break; case '<': if (_PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR('<')) { - _PHP_STRIP_TAGS_ENCODE_CHAR("<",len_lt) + _PHP_STRIP_TAGS_EXTEND_BUFF(_PHP_STRIP_TAGS_SIZE_TRIANGULAR_BRACKETS) + memcpy(tp, "<", _PHP_STRIP_TAGS_SIZE_TRIANGULAR_BRACKETS); + tp+=4; break; } @@ -4933,7 +4927,9 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char } if (_PHP_STRIP_TAGS_WE_ARE_IN_QUOTE_WITH_ALLOW_CHAR('>')) { - _PHP_STRIP_TAGS_ENCODE_CHAR(">",len_gt) + _PHP_STRIP_TAGS_EXTEND_BUFF(_PHP_STRIP_TAGS_SIZE_TRIANGULAR_BRACKETS) + memcpy(tp, ">", _PHP_STRIP_TAGS_SIZE_TRIANGULAR_BRACKETS); + tp+=4; break; } @@ -4947,14 +4943,24 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char } in_q = state = is_xml = 0; if (allow) { - _PHP_STRIP_TAGS_INCREASE_TBUFF_IF_NEED() + _PHP_STRIP_TAGS_EXTEND_BUFF(0) + *(tp++) = '>'; *tp='\0'; - if (php_tag_find(tbuf, tp-tbuf, allow)) { - memcpy(rp, tbuf, tp-tbuf); - rp += tp-tbuf; + size_t tpos = tp-ZSTR_VAL(tbuf); + size_t rpos = rp-ZSTR_VAL(ret_stripped_buffer); + if (php_tag_find(ZSTR_VAL(tbuf), tpos, allow)) { + + if ((rpos+tpos) >= ZSTR_LEN(ret_stripped_buffer)) { + ret_stripped_buffer = zend_string_extend(ret_stripped_buffer,rpos+tpos+10,0); + } + rp = ZSTR_VAL(ret_stripped_buffer); + rp+=rpos; + + memcpy(rp, ZSTR_VAL(tbuf), tpos); + rp+= tpos; } - tp = tbuf; + tp = ZSTR_VAL(tbuf); } p++; goto state_0; @@ -4992,7 +4998,7 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char default: reg_char_1: if (allow) { - _PHP_STRIP_TAGS_INCREASE_TBUFF_IF_NEED() + _PHP_STRIP_TAGS_EXTEND_BUFF(0) *(tp++) = c; } break; @@ -5030,7 +5036,7 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char if (!br && p >= buf + 1 && lc != '\"' && *(p-1) == '?') { in_q = state = 0; - tp = tbuf; + tp = ZSTR_VAL(tbuf); p++; goto state_0; } @@ -5089,7 +5095,7 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char break; } in_q = state = 0; - tp = tbuf; + tp = ZSTR_VAL(tbuf); p++; goto state_0; case '"': @@ -5136,7 +5142,7 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char if (c == '>' && !in_q) { if (p >= buf + 2 && *(p-1) == '-' && *(p-2) == '-') { in_q = state = 0; - tp = tbuf; + tp = ZSTR_VAL(tbuf); p++; goto state_0; } @@ -5145,18 +5151,18 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char } finish: - if (rp < r_stripped_buffer + len) { + if (rp < ZSTR_VAL(ret_stripped_buffer) + len) { *rp = '\0'; } efree((void *)buf); if (tbuf) { - efree(tbuf); + zend_string_release(tbuf); } if (allow_free) { efree(allow_free); } - size_t lenrbuf = rp-r_stripped_buffer; + size_t lenrbuf = rp-ZSTR_VAL(ret_stripped_buffer); zend_string *new_string; if (lenrbuf == 0 ) { @@ -5164,10 +5170,10 @@ PHPAPI zend_string *php_strip_tags_ex(zend_string *zend_string_input, const char } if (lenrbuf > 0 ) { - new_string = zend_string_init(r_stripped_buffer,lenrbuf,0); + new_string = zend_string_init(ZSTR_VAL(ret_stripped_buffer),lenrbuf,0); } - efree(r_stripped_buffer); + zend_string_release(ret_stripped_buffer); return new_string; } From e8604a95f00055fd1943a2a33216f05ec66413ce Mon Sep 17 00:00:00 2001 From: BruceGitHub Date: Sun, 20 Dec 2020 23:55:13 +0100 Subject: [PATCH 14/15] Fixes build --- ext/standard/string.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/standard/string.c b/ext/standard/string.c index d86b3c5cd42f1..53fee1870f9a4 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -4788,7 +4788,7 @@ PHPAPI zend_string* php_strip_tags(zend_string *rbuf, const char *allow, size_t (state == 1 && in_q>1 && allow && c == CHAR) -#define _PHP_S_TAGS_EXTEND_BUFF(LEN) \ +#define _PHP_STRIP_TAGS_EXTEND_BUFF(LEN) \ pos = tp - ZSTR_VAL(tbuf); \ if ((pos+LEN) >= ZSTR_LEN(tbuf)) { \ tbuf_max_size+=PHP_TAG_BUF_SIZE; \ From ffe0763d671694aeac9b413a9f8e878a394a123c Mon Sep 17 00:00:00 2001 From: BruceGitHub Date: Wed, 30 Dec 2020 22:42:29 +0100 Subject: [PATCH 15/15] Rename bugXXX.phpt to Fix bug #80565.phpt --- ext/standard/tests/strings/{bugXXX.phpt => Fix bug #80565.phpt} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ext/standard/tests/strings/{bugXXX.phpt => Fix bug #80565.phpt} (100%) diff --git a/ext/standard/tests/strings/bugXXX.phpt b/ext/standard/tests/strings/Fix bug #80565.phpt similarity index 100% rename from ext/standard/tests/strings/bugXXX.phpt rename to ext/standard/tests/strings/Fix bug #80565.phpt