summaryrefslogtreecommitdiffstats
path: root/php-bug79099.patch
diff options
context:
space:
mode:
Diffstat (limited to 'php-bug79099.patch')
-rw-r--r--php-bug79099.patch32
1 files changed, 32 insertions, 0 deletions
diff --git a/php-bug79099.patch b/php-bug79099.patch
index 67660c3..4997c77 100644
--- a/php-bug79099.patch
+++ b/php-bug79099.patch
@@ -79,3 +79,35 @@ index 0000000000..7c842f4654
+string(0) ""
+string(0) ""
+string(0) ""
+From 0ec0b030131845d8d84f79151727a1b13a78166c Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Wed, 22 Jan 2020 22:36:53 -0800
+Subject: [PATCH] More checks for php_strip_tags_ex
+
+(cherry picked from commit 2dc170e25d86a725fefd4c08f2bd8378820b28f5)
+---
+ ext/standard/string.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ext/standard/string.c b/ext/standard/string.c
+index 9b75adc3b7..4687b20221 100644
+--- a/ext/standard/string.c
++++ b/ext/standard/string.c
+@@ -4720,7 +4720,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow,
+ switch (state) {
+ case 1: /* HTML/XML */
+ lc = '>';
+- if (is_xml && *(p -1) == '-') {
++ if (is_xml && p >= buf + 1 && *(p-1) == '-') {
+ break;
+ }
+ in_q = state = is_xml = 0;
+@@ -4741,7 +4741,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow,
+ break;
+
+ case 2: /* PHP */
+- if (!br && lc != '\"' && *(p-1) == '?') {
++ if (!br && lc != '\"' && p >= buf + 1 && *(p-1) == '?') {
+ in_q = state = 0;
+ tp = tbuf;
+ }