Details
-
Type:
Bug
-
Status:
Resolved
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 1.10.7
-
Fix Version/s: 1.11.0
-
Component/s: Zend_Filter
-
Labels:None
Description
line[243]
// Strip HTML comments first while (strpos($value, '<!--') !== false) { $pos = strrpos($value, '<!--'); $start = substr($value, 0, $pos); $value = substr($value, $pos); $value = preg_replace('/<(?:!(?:--[\s\S]*?--\s*)?(>))/s', '', $value); $value = $start . $value; }
if you try to filter string "<!---" then filter falls into infinite loop
$filter = Zend_Filter_StripTags();
$filter->filter('<!------- text');
This is my proposition for patch for this bug.