Issues

ZF-3315: [Zend_Filter_StripTags]: validate parameter before filtering to avoid exceptions

Description

In Zend_Filter_StripTags, if the filter is applied only for strings, returns the original value if the parameter is not a string.



    /**
     * Defined by Zend_Filter_Interface
     *
     * @todo improve docblock descriptions
     *
     * @param  string $value
     * @return string
     */
    public function filter($value)
    {
        // If the param is not a string, return the original value
        if (!is_string($value)) {
            return $value;
        }
        
        $valueCopy = (string) $value;

        // If comments are allowed, then replace them with unique identifiers
        if ($this->commentsAllowed) {
            preg_match_all('/<\!--.*?--\s*>/s' , (string) $valueCopy, $matches);
            $comments = array_unique($matches[0]);
            foreach ($comments as $k => $v) {
                $valueCopy = str_replace($v, self::UNIQUE_ID_PREFIX . $k, $valueCopy);
            }
        }

        // Initialize accumulator for filtered data
        $dataFiltered = '';
        // Parse the input data iteratively as regular pre-tag text followed by a
        // tag; either may be empty strings
        preg_match_all('/([^<]*)(<?[^>]*>?)/', (string) $valueCopy, $matches);
        // Iterate over each set of matches
        foreach ($matches[1] as $index => $preTag) {
            // If the pre-tag text is non-empty, strip any ">" characters from it
            if (strlen($preTag)) {
                $preTag = str_replace('>', '', $preTag);
            }
            // If a tag exists in this match, then filter the tag
            $tag = $matches[2][$index];
            if (strlen($tag)) {
                $tagFiltered = $this->_filterTag($tag);
            } else {
                $tagFiltered = '';
            }
            // Add the filtered pre-tag text and filtered tag to the data buffer
            $dataFiltered .= $preTag . $tagFiltered;
        }

        // If comments are allowed, then replace the unique identifiers with the corresponding comments
        if ($this->commentsAllowed) {
            foreach ($comments as $k => $v) {
                $dataFiltered = str_replace(self::UNIQUE_ID_PREFIX . $k, $v, $dataFiltered);
            }
        }

        // Return the filtered data
        return $dataFiltered;
    }

Comments

Please evaluate and fix/categorize as necessary.

I solved this task. Now, it's just needed to commit to SVN repository. I don't have write access to the repository, so, anyone can help me? Thanks

I've solved this issue. Now, it's needed to commit it, but I don't have write privilege on SVN server to do it. Anybody can help me? Thanks

This is the patch to accomplish this task. Please, review the patch and contribute with your comments.

Must be commited to SVN.

Changing issues in preparation for the 1.7.0 release.