Created
January 15, 2011 00:45
-
-
Save paulyg/780574 to your computer and use it in GitHub Desktop.
A test for PHP bug 53755, FILTER_SANITIZE_STRING truncates strings with unmatched "<" character
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--TEST-- | |
bug XXXXX FILTER_SANITIZE_STRING truncates string with single < in it. | |
--SKIPIF-- | |
<?php if (!extension_loaded("filter")) die("skip"); ?> | |
--FILE-- | |
<?php | |
echo filter_var('four is < 6', FILTER_SANITIZE_STRING); | |
echo "\n"; | |
echo filter_var("four is < 6 <script>alert('XSS');</script> yes it is", FILTER_SANITIZE_STRING); | |
echo "\n"; | |
echo filter_var("four is < 6 < script >alert('XSS');< /script > yes it is", FILTER_SANITIZE_STRING); | |
echo "\n"; | |
?> | |
--EXPECT-- | |
four is < 6 | |
four is < 6 alert('XSS'); yes it is | |
four is < 6 < script >alert('XSS');< /script > yes it is |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment