diff options
| author | Moriyoshi Koizumi <moriyoshi@php.net> | 2003-07-12 09:33:31 +0000 |
|---|---|---|
| committer | Moriyoshi Koizumi <moriyoshi@php.net> | 2003-07-12 09:33:31 +0000 |
| commit | 4b07cb98b1c44a2b9c25b5eb823bb56fcd8a746c (patch) | |
| tree | 94939a7da491327f29fb24b25c03227c197b48bb /ext | |
| parent | 4c8230696cc3e637063349d74b6890f4917e3421 (diff) | |
| download | php-git-4b07cb98b1c44a2b9c25b5eb823bb56fcd8a746c.tar.gz | |
Fixed bug #24556
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/standard/string.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/ext/standard/string.c b/ext/standard/string.c index 3203675120..da254e5ccf 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -3800,6 +3800,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in lc = '<'; state = 1; if (allow) { + tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); *(tp++) = '<'; } } else if (state == 1) { @@ -3814,6 +3815,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in br++; } } else if (allow && state == 1) { + tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); *(tp++) = c; } else if (state == 0) { *(rp++) = c; @@ -3827,6 +3829,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in br--; } } else if (allow && state == 1) { + tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); *(tp++) = c; } else if (state == 0) { *(rp++) = c; @@ -3844,6 +3847,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in lc = '>'; state = 0; if (allow) { + tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); *(tp++) = '>'; *tp='\0'; if (php_tag_find(tbuf, tp-tbuf, allow)) { @@ -3890,6 +3894,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in } else if (state == 0) { *(rp++) = c; } else if (allow && state == 1) { + tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); *(tp++) = c; } break; @@ -3903,11 +3908,8 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in if (state == 0) { *(rp++) = c; } else if (allow && state == 1) { + tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); *(tp++) = c; - if ( (tp-tbuf) >= PHP_TAG_BUF_SIZE ) { - /* prevent buffer overflows */ - tp = tbuf; - } } } break; @@ -3922,7 +3924,7 @@ PHPAPI size_t php_strip_tags(char *rbuf, int len, int *stateptr, char *allow, in case '?': - if (state == 1 && *(p-1)=='<') { + if (state == 1 && *(p-1) == '<') { br=0; state=2; break; @@ -3960,10 +3962,8 @@ reg_char: if (state == 0) { *(rp++) = c; } else if (allow && state == 1) { + tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); *(tp++) = c; - if ( (tp-tbuf) >= PHP_TAG_BUF_SIZE ) { /* no buffer overflows */ - tp = tbuf; - } } break; } |