diff options
author | Gavin Sherry <swm@php.net> | 2001-08-22 05:47:11 +0000 |
---|---|---|
committer | Gavin Sherry <swm@php.net> | 2001-08-22 05:47:11 +0000 |
commit | bd4150ed806a2aebd8bdbd90c97459681c0b485c (patch) | |
tree | d9eb7eb0e71564e8c6f76d9827b21f09273b2f6c | |
parent | 766de1569401131e869e312da26839a3d0ca7d3a (diff) | |
download | php-git-bd4150ed806a2aebd8bdbd90c97459681c0b485c.tar.gz |
Fixed buffer overflow issue.
-rw-r--r-- | ext/standard/string.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/ext/standard/string.c b/ext/standard/string.c index 9656b116ca..058ab85dfa 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -3289,16 +3289,23 @@ PHPAPI void php_strip_tags(char *rbuf, int len, int state, char *allow, int allo break; case '?': - if (state==1 && *(p-1)=='<' && *(p+1) != 'x' - && *(p+2) != 'm' && *(p+3) != 'l') { + if (state==1 && *(p-1)=='<') { br=0; state=2; break; } - /* else, it is xml, since state == 1, lets just fall through - * to '>' - */ + + case 'l': + + /* swm: If we encounter '<?xml' then we shouldn't be in + * state == 2 (PHP). Switch back to HTML. + */ + + if(state == 2 && *(p-1) == 'm' && *(p-2) == 'x') { + state = 1; + break; + } /* fall-through */ default: |