MFH: Fix bug when < is used within attribute.

2 files changed, 44 insertions, 0 deletions

diff --git a/ext/standard/string.c b/ext/standard/string.c
index 54f680a00d..e038bc7ba7 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -4355,6 +4355,9 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow,
 			case '\0':
 				break;
 			case '<':
+				if (in_q) {
+					break;
+				}
 				if (isspace(*(p + 1)) && !allow_tag_spaces) {
 					goto reg_char;
 				}
diff --git a/ext/standard/tests/strings/strip_tags_variation11.phpt b/ext/standard/tests/strings/strip_tags_variation11.phpt
new file mode 100644
index 0000000000..3b47b5c6b1
--- /dev/null
+++ b/ext/standard/tests/strings/strip_tags_variation11.phpt
@@ -0,0 +1,41 @@
+--TEST--
+Test strip_tags() function : obscure values within attributes
+--INI--
+short_open_tag = on
+--FILE--
+<?php
+
+echo "*** Testing strip_tags() : obscure functionality ***\n";
+
+// array of arguments 
+$string_array = array (
+  'hello <img title="<"> world',
+  'hello <img title=">"> world',
+  'hello <img title=">_<"> world',
+  "hello <img title='>_<'> world"
+);
+  
+  		
+// Calling strip_tags() with default arguments
+// loop through the $string_array to test strip_tags on various inputs
+$iteration = 1;
+foreach($string_array as $string)
+{
+  echo "-- Iteration $iteration --\n";
+  var_dump( strip_tags($string) );
+  $iteration++;
+}
+
+echo "Done";
+?>
+--EXPECTF--
+*** Testing strip_tags() : obscure functionality ***
+-- Iteration 1 --
+string(12) "hello  world"
+-- Iteration 2 --
+string(12) "hello  world"
+-- Iteration 3 --
+string(12) "hello  world"
+-- Iteration 4 --
+string(12) "hello  world"
+Done