ZF-9828: Zend_Filter_StripTags $attributeValue quoted by single quotes won't be matched
Description
from line 314 to line 323, in file Zend/Filter/StripTags.php {quote} preg_match_all('/(\w+)\s=\s(?:(")(.?)"|(\')(.?)\')/s', $tagAttributes, $matches);
// Initialize valid attribute accumulator $tagAttributes = '';
// Iterate over each matched attribute foreach ($matches[1] as $index => $attributeName) { $attributeName = strtolower($attributeName); $attributeDelimiter = $matches[2][$index]; $attributeValue = $matches[3][$index]; {quote}
(sorry for the sad emotion, i don't know how to escape it)
if the $attributeDelimiter is single quote('), it's value should be $matches[4][$index], and accordingly the $attributeValue 's value should be $matches[5][$index].
example: 
, if attributes in an element quoted by both double quotes and single quotes respectively, one of those won't be matched.
Here some changes i've made on my source code, just to show what i've meant above. {quote} $attributeDelimiter = empty($matches[2][$index]) ? $matches[4][$index] : $matches[2][$index]; $attributeValue = empty($matches[3][$index]) ? $matches[5][$index] : $matches[3][$index]; {quote}
By the way, the attibuteValue won't be quoted, like , it's valid in html doctype which won't be matched here.
Comments
Posted by Thomas Weidner (thomas) on 2010-05-12T11:14:35.000+0000
Please give an example instead of core code to reproduce your problem.
Posted by Moe Zhao (zamanewby) on 2010-05-12T19:44:49.000+0000
I've update the issue with an example. Hopefully make it more clear.
Posted by Thomas Weidner (thomas) on 2010-05-14T15:13:39.000+0000
Fixed with r22174