Edit report at https://bugs.php.net/bug.php?id=62032&edit=1
ID: 62032
Comment by: reeze dot xia at gmail dot com
Reported by: iamcraigcampbell at gmail dot com
Summary: filter_var incorrectly strips characters from
strings after "<"
Status: Open
Type: Bug
Package: Filter related
Operating System: Mac OS X
PHP Version: 5.4.3
Block user comment: N
Private report: N
New Comment:
strip_tags will strip it even without the ending '>' if '<' followed by a
non-space char.
If we need to check whether is a closed tag it is a feature request to change
it's
behavior. it will break BC.
Previous Comments:
------------------------------------------------------------------------
[2012-05-15 14:26:52] iamcraigcampbell at gmail dot com
Well I can understand stripping it if there is a closing > somewhere, but if it
is
a < that is not followed by a matching > then it should be allowed in the
string
and not stripped. I think strip_tags works as expected.
------------------------------------------------------------------------
[2012-05-15 14:24:14] reeze dot xia at gmail dot com
Hi,
I think it's a document problem. you could refer this commit:
http://svn.php.net/viewvc?view=revision&revision=225196
strip_tags() didn't allow space after < so strip_tags didn't trait it as a
invalid
tag so it didn't get striped.
filter_var allow space after < so, it striped everything after <.
I think we could add an extra paramater to strip_tags() allow space after <
and document it eg:
string strip_tags(string str [, string allowable_tags = null [, bool
allow_tag_spaces = false]])
------------------------------------------------------------------------
[2012-05-14 17:19:48] iamcraigcampbell at gmail dot com
Description:
------------
Noticed that for strings with < in them outside of html tags, filter_var will
strip out all characters that come after the <.
Test script:
---------------
<?php
$string = 'i want to say that 5 < 10, but it won\'t let me!';
$filtered_string = filter_var($string, FILTER_SANITIZE_STRING);
var_dump($filtered_string);
$filtered_string_strip_tags = strip_tags($string);
var_dump($filtered_string_strip_tags);
Expected result:
----------------
string(47) "i want to say that 5 < 10, but it won't let me!"
string(47) "i want to say that 5 < 10, but it won't let me!"
Actual result:
--------------
string(21) "i want to say that 5 "
string(47) "i want to say that 5 < 10, but it won't let me!"
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=62032&edit=1
