ZF-3315: [Zend_Filter_StripTags]: validate parameter before filtering to avoid exceptions

Issue Type: Improvement Created: 2008-05-23T00:35:59.000+0000 Last Updated: 2008-11-13T14:10:00.000+0000 Status: Resolved Fix version(s): - 1.7.0 (17/Nov/08)

Reporter: Ramses Paiva (rpaiva) Assignee: Ramses Paiva (rpaiva) Tags: - Zend_Filter

Related issues: Attachments: - StripTags.php


In Zend_Filter_StripTags, if the filter is applied only for strings, returns the original value if the parameter is not a string.

<pre class="highlight">

     * Defined by Zend_Filter_Interface
     * @todo improve docblock descriptions
     * @param  string $value
     * @return string
    public function filter($value)
        // If the param is not a string, return the original value
        if (!is_string($value)) {
            return $value;
        $valueCopy = (string) $value;

        // If comments are allowed, then replace them with unique identifiers
        if ($this->commentsAllowed) {
            preg_match_all('/<\!--.*?--\s*>/s' , (string) $valueCopy, $matches);
            $comments = array_unique($matches[0]);
            foreach ($comments as $k => $v) {
                $valueCopy = str_replace($v, self::UNIQUE_ID_PREFIX . $k, $valueCopy);

        // Initialize accumulator for filtered data
        $dataFiltered = '';
        // Parse the input data iteratively as regular pre-tag text followed by a
        // tag; either may be empty strings
        preg_match_all('/([^<]*)(<?[^>]*>?)/', (string) $valueCopy, $matches);
        // Iterate over each set of matches
        foreach ($matches[1] as $index => $preTag) {
            // If the pre-tag text is non-empty, strip any ">" characters from it
            if (strlen($preTag)) {
                $preTag = str_replace('>', '', $preTag);
            // If a tag exists in this match, then filter the tag
            $tag = $matches[2][$index];
            if (strlen($tag)) {
                $tagFiltered = $this->_filterTag($tag);
            } else {
                $tagFiltered = '';
            // Add the filtered pre-tag text and filtered tag to the data buffer
            $dataFiltered .= $preTag . $tagFiltered;

        // If comments are allowed, then replace the unique identifiers with the corresponding comments
        if ($this->commentsAllowed) {
            foreach ($comments as $k => $v) {
                $dataFiltered = str_replace(self::UNIQUE_ID_PREFIX . $k, $v, $dataFiltered);

        // Return the filtered data
        return $dataFiltered;


Posted by Wil Sinclair (wil) on 2008-06-09T16:34:39.000+0000

Please evaluate and fix/categorize as necessary.

Posted by Ramses Paiva (rpaiva) on 2008-08-12T09:13:51.000+0000

I solved this task. Now, it's just needed to commit to SVN repository. I don't have write access to the repository, so, anyone can help me? Thanks

Posted by Ramses Paiva (rpaiva) on 2008-08-12T20:40:46.000+0000

I've solved this issue. Now, it's needed to commit it, but I don't have write privilege on SVN server to do it. Anybody can help me? Thanks

Posted by Ramses Paiva (rpaiva) on 2008-08-15T07:30:30.000+0000

This is the patch to accomplish this task. Please, review the patch and contribute with your comments.

Posted by Ramses Paiva (rpaiva) on 2008-09-03T03:10:24.000+0000

Must be commited to SVN.

Posted by Wil Sinclair (wil) on 2008-11-13T14:10:00.000+0000

Changing issues in preparation for the 1.7.0 release.

Have you found an issue?

See the Overview section for more details.


© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.