diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2019-11-17 14:14:59 +0100 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2019-12-02 11:37:25 +0100 |
| commit | 600f1f898f9771d13880255e74ea1c10590f5fd5 (patch) | |
| tree | cb80033c98a04465e49d2ee91cdd67a29093ab6a /ext/standard/tests/strings/bug78814.phpt | |
| parent | db420cb6a141876b2f7d101051fb01934a28071a (diff) | |
| download | php-git-600f1f898f9771d13880255e74ea1c10590f5fd5.tar.gz | |
Fix #78814: strip_tags allows / in tag name => whitelist bypass
When normalizing tags to check whether they are contained in the set
of allowable tags, we must not strip slashes, unless they come
immediately after the opening `<`, or immediately before the closing
`>`.
Diffstat (limited to 'ext/standard/tests/strings/bug78814.phpt')
| -rw-r--r-- | ext/standard/tests/strings/bug78814.phpt | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/ext/standard/tests/strings/bug78814.phpt b/ext/standard/tests/strings/bug78814.phpt new file mode 100644 index 0000000000..c8ad8373e0 --- /dev/null +++ b/ext/standard/tests/strings/bug78814.phpt @@ -0,0 +1,8 @@ +--TEST-- +Bug #78814 (strip_tags allows / in tag name => whitelist bypass) +--FILE-- +<?php +echo strip_tags("<s/trong>b</strong>", "<strong>"); +?> +--EXPECT-- +b</strong> |