bug78814.phpt - OpenGrok history log for /PHP-7.3/ext/standard/tests/strings/bug78814.phpt

Revision (<<< Hide revision tags) (Show revision tags >>>)	Date	Author	Comments
Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12
# 600f1f89	17-Nov-2019	Christoph M. Becker	Fix #78814: strip_tags allows / in tag name => whitelist bypass When normalizing tags to check whether they are contained in the set of allowable tags, we must not strip slashes, unless Fix #78814: strip_tags allows / in tag name => whitelist bypass When normalizing tags to check whether they are contained in the set of allowable tags, we must not strip slashes, unless they come immediately after the opening `<`, or immediately before the closing `>`. show more ...

Revision (<<< Hide revision tags) (Show revision tags >>>)

Date

Author

Comments

Revision tags: php-7.3.13RC1, php-7.2.26RC1, php-7.4.0, php-7.2.25, php-7.3.12

# 600f1f89

17-Nov-2019

Christoph M. Becker

Fix #78814: strip_tags allows / in tag name => whitelist bypass

When normalizing tags to check whether they are contained in the set
of allowable tags, we must not strip slashes, unless

Fix #78814: strip_tags allows / in tag name => whitelist bypass

When normalizing tags to check whether they are contained in the set
of allowable tags, we must not strip slashes, unless they come
immediately after the opening `<`, or immediately before the closing
`>`.