paulyg

<?xml version="1.0" encoding="UTF-8"?>
<!ELEMENT project (file+,package+,namespace+,marker*)>
	<!ATTLIST project version CDATA #REQUIRED>
	<!ATTLIST project title CDATA #REQUIRED>
<!ELEMENT file (docblock?,markers?,namespace-alias*,include*,constant*,function*,interface*,class*)>
	<!ATTLIST file path CDATA #REQUIRED>
	<!ATTLIST file hash CDATA #REQUIRED>
<!ELEMENT package (subpackage*)>
	<!ATTLIST package name CDATA #REQUIRED>
<!ELEMENT subpackage CDATA>

paulyg

--- sanitizing_filters.orig.c	2010-03-31 18:59:09.000000000 -0400
+++ sanitizing_filters.c	2011-01-14 17:36:32.000000000 -0500
@@ -200,7 +200,7 @@
 	php_filter_encode_html(value, enc);
 
 	/* strip tags, implicitly also removes \0 chars */
-	new_len = php_strip_tags_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NULL, 0, 1);
+	new_len = php_strip_tags_ex(Z_STRVAL_P(value), Z_STRLEN_P(value), NULL, NULL, 0, 0);
 	Z_STRLEN_P(value) = new_len;
 

paulyg

--TEST--
bug XXXXX FILTER_SANITIZE_STRING truncates string with single < in it.
--SKIPIF--
<?php if (!extension_loaded("filter")) die("skip"); ?>
--FILE--
<?php 
echo filter_var('four is < 6', FILTER_SANITIZE_STRING);
echo "\n";

echo filter_var("four is < 6 <script>alert('XSS');</script> yes it is", FILTER_SANITIZE_STRING);