ZF-3315: [Zend_Filter_StripTags]: validate parameter before filtering to avoid exceptions

Issue Type:
Improvement
Created:
2008-05-23T00:35:59.000+0000
Last Updated:
2008-11-13T14:10:00.000+0000
Status:
Resolved
Fix version(s):
  • 1.7.0 (17/Nov/08)
Reporter:
Ramses Paiva (rpaiva)
Assignee:
Ramses Paiva (rpaiva)
Tags:
  • Zend_Filter
Related issues:
Attachments:

Description

In Zend_Filter_StripTags, if the filter is applied only for strings, returns the original value if the parameter is not a string.



    /**
     * Defined by Zend_Filter_Interface
     *
     * @todo improve docblock descriptions
     *
     * @param  string $value
     * @return string
     */
    public function filter($value)
    {
        // If the param is not a string, return the original value
        if (!is_string($value)) {
            return $value;
        }
        
        $valueCopy = (string) $value;

        // If comments are allowed, then replace them with unique identifiers
        if ($this->commentsAllowed) {
            preg_match_all('/<\!--.*?--\s*>/s' , (string) $valueCopy, $matches);
            $comments = array_unique($matches[0]);
            foreach ($comments as $k => $v) {
                $valueCopy = str_replace($v, self::UNIQUE_ID_PREFIX . $k, $valueCopy);
            }
        }

        // Initialize accumulator for filtered data
        $dataFiltered = '';
        // Parse the input data iteratively as regular pre-tag text followed by a
        // tag; either may be empty strings
        preg_match_all('/([^<]*)(<?[^>]*>?)/', (string) $valueCopy, $matches);
        // Iterate over each set of matches
        foreach ($matches[1] as $index => $preTag) {
            // If the pre-tag text is non-empty, strip any ">" characters from it
            if (strlen($preTag)) {
                $preTag = str_replace('>', '', $preTag);
            }
            // If a tag exists in this match, then filter the tag
            $tag = $matches[2][$index];
            if (strlen($tag)) {
                $tagFiltered = $this->_filterTag($tag);
            } else {
                $tagFiltered = '';
            }
            // Add the filtered pre-tag text and filtered tag to the data buffer
            $dataFiltered .= $preTag . $tagFiltered;
        }

        // If comments are allowed, then replace the unique identifiers with the corresponding comments
        if ($this->commentsAllowed) {
            foreach ($comments as $k => $v) {
                $dataFiltered = str_replace(self::UNIQUE_ID_PREFIX . $k, $v, $dataFiltered);
            }
        }

        // Return the filtered data
        return $dataFiltered;
    }

Comments

Posted by Wil Sinclair (wil) on 2008-06-09T16:34:39.000+0000

Please evaluate and fix/categorize as necessary.

Posted by Ramses Paiva (rpaiva) on 2008-08-12T09:13:51.000+0000

I solved this task. Now, it's just needed to commit to SVN repository. I don't have write access to the repository, so, anyone can help me? Thanks

Posted by Ramses Paiva (rpaiva) on 2008-08-12T20:40:46.000+0000

I've solved this issue. Now, it's needed to commit it, but I don't have write privilege on SVN server to do it. Anybody can help me? Thanks

Posted by Ramses Paiva (rpaiva) on 2008-08-15T07:30:30.000+0000

This is the patch to accomplish this task. Please, review the patch and contribute with your comments.

Posted by Ramses Paiva (rpaiva) on 2008-09-03T03:10:24.000+0000

Must be commited to SVN.

Posted by Wil Sinclair (wil) on 2008-11-13T14:10:00.000+0000

Changing issues in preparation for the 1.7.0 release.