ZF-9828: Zend_Filter_StripTags $attributeValue quoted by single quotes won't be matched

Issue Type: Bug Created: 2010-05-12T00:00:52.000+0000 Last Updated: 2010-05-14T15:13:44.000+0000 Status: Resolved Fix version(s): - 1.10.5 (26/May/10)

Reporter: Moe Zhao (zamanewby) Assignee: Thomas Weidner (thomas) Tags: - Zend_Filter

Related issues: Attachments:


from line 314 to line 323, in file Zend/Filter/StripTags.php {quote} preg_match_all('/(\w+)\s_=\s_(?:(")(.?)"|(\')(.?)\')/s', $tagAttributes, $matches);

// Initialize valid attribute accumulator $tagAttributes = '';

// Iterate over each matched attribute foreach ($matches[1] as $index => $attributeName) { $attributeName = strtolower($attributeName); $attributeDelimiter = $matches[2][$index]; $attributeValue = $matches[3][$index]; {quote}

(sorry for the sad emotion, i don't know how to escape it)

if the $attributeDelimiter is single quote('), it's value should be $matches[4][$index], and accordingly the $attributeValue 's value should be $matches[5][$index].

example: wont_be_matched.jpg, if attributes in an element quoted by both double quotes and single quotes respectively, one of those won't be matched.

Here some changes i've made on my source code, just to show what i've meant above. {quote} $attributeDelimiter = empty($matches[2][$index]) ? $matches[4][$index] : $matches[2][$index]; $attributeValue = empty($matches[3][$index]) ? $matches[5][$index] : $matches[3][$index]; {quote}

By the way, the attibuteValue won't be quoted, like , it's valid in html doctype which won't be matched here.


Posted by Thomas Weidner (thomas) on 2010-05-12T11:14:35.000+0000

Please give an example instead of core code to reproduce your problem.

Posted by Moe Zhao (zamanewby) on 2010-05-12T19:44:49.000+0000

I've update the issue with an example. Hopefully make it more clear.

Posted by Thomas Weidner (thomas) on 2010-05-14T15:13:39.000+0000

Fixed with r22174

Have you found an issue?

See the Overview section for more details.


© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.