ZF-8894: StripTags PREG_BACKTRACK_LIMIT_ERROR when stripping html comments

Issue Type: Bug Created: 2010-01-21T12:17:50.000+0000 Last Updated: 2010-01-22T12:58:32.000+0000 Status: Resolved Fix version(s): Reporter: Emmanuel Espina (espinaemmanuel) Assignee: Matthew Weier O'Phinney (matthew) Tags: - Zend_Filter

Related issues: Attachments:


The new implementation of Zend_Filter_StripTags fails on the next code

<pre class="highlight">
require_once 'Zend/Filter.php';
require_once 'Zend/Filter/StripTags.php';

$html = '


$chain = new Zend_Filter ( );
$chain->addFilter ( new Zend_Filter_StripTags());
$html = $chain->filter ( $html );

The expected result is TEXT but an empty string is returned.

The error generates on this line of the Zend_Filter_StripTags implementation:

<pre class="highlight">
public function filter($value)
        // Strip HTML comments first
        $valueCopy = preg_replace('#


Posted by Matthew Weier O'Phinney (matthew) on 2010-01-21T12:20:28.000+0000

Can you please test against trunk and/or the release-1.10 branch? some minor changes were made to that regexp that might affect your scenario.

Posted by Emmanuel Espina (espinaemmanuel) on 2010-01-21T12:39:04.000+0000

I tried with this versions……

Both have the same regular expression, and it still doesn't work.

Posted by Matthew Weier O'Phinney (matthew) on 2010-01-21T13:02:21.000+0000

I can't reproduce the issue -- it runs without error for me, and correctly strips all tags and comments.

What OS and PHP version (and 32 or 64 bit) are you using? I've tested on 5.2.10 and 5.3.1, both on linux 32bit.

Posted by Emmanuel Espina (espinaemmanuel) on 2010-01-21T13:32:23.000+0000

I've tested in PHP Version 5.2.10-2ubuntu6.4 (64 bits)

Posted by Thomas Weidner (thomas) on 2010-01-21T13:44:46.000+0000

@Emmanuel: Can you please also give the exact revision number you have tested against? (r20500 or above?)

Posted by Matthew Weier O'Phinney (matthew) on 2010-01-21T14:00:26.000+0000

I've had a colleague test under 64bit linux, with no issues. My inclination is that you are either (a) not providing the full HTML snippet that fails, or (b) the PCRE lib your PHP install was compiled against is really old (not unlikely, if you're really on ubuntu 6.4).

Posted by Emmanuel Espina (espinaemmanuel) on 2010-01-21T18:27:02.000+0000

I dont know where to find the revision number.

If i rise the pcre.backtrack_limit to a huge number (like 10000000) the script works

The version of php is the one that is downloaded from the repository in the last version of ubuntu (9.10). However the version is "PHP Version 5.2.10-2ubuntu6.4"

The version of PCRE is 7.8 2008-09-05

I have tested this on 3 machines:

AMD Turion X2 64 - Ubuntu 9.10 AMD Phenom X3 64 - Ubuntu 9.10 AMD Duron - Debian (i didn't write down the version)

All the versions of PHP are from the repository, i didn't compile them

Posted by Thomas Weidner (thomas) on 2010-01-22T00:07:56.000+0000

You can find the revision directly from SVN when you're on trunk.

Or go to the file Zend_Filter_StripTags and simply look at the header. This is the revision number which is in interest for us.

Note: This issue was fixed some days ago for 1.10, and yesterday for trunk. Try the new 1.10RC to see if you still have this issue. When it persists in the new revision I would ask to reopen this issue.

Note2: As the new version does no longer unicode transisions the amount of backtracks should now be very low.

Posted by Thomas Weidner (thomas) on 2010-01-22T00:12:35.000+0000

Note3: The line you gave as result of the error shows me that you have used an outdated version which must be at last one or two weeks old.

On release 1.10 this line has been changed on 15.01. and on trunk with 21.01. as we had to test it more deeply.

Posted by Emmanuel Espina (espinaemmanuel) on 2010-01-22T05:05:13.000+0000

I downloaded revision 20514 from…

And it doesnt work. I made a simpler test case of the part with the problem

<pre class="highlight">
$html = preg_replace('#

Posted by Thomas Weidner (thomas) on 2010-01-22T12:58:32.000+0000

Seems to me like an PHP internal bug.

In my eyes there is no way for ZF to prevent running into preg_replace problems when they are dependend on the given input.

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.