diff options
Diffstat (limited to 'ext/standard/string.c')
| -rw-r--r-- | ext/standard/string.c | 46 |
1 files changed, 37 insertions, 9 deletions
diff --git a/ext/standard/string.c b/ext/standard/string.c index 1f9577157e..694c0a5fb0 100644 --- a/ext/standard/string.c +++ b/ext/standard/string.c @@ -4335,7 +4335,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, { char *tbuf, *buf, *p, *tp, *rp, c, lc; int br, i=0, depth=0, in_q = 0; - int state = 0; + int state = 0, pos; if (stateptr) state = *stateptr; @@ -4348,7 +4348,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, br = 0; if (allow) { php_strtolower(allow, allow_len); - tbuf = emalloc(PHP_TAG_BUF_SIZE+1); + tbuf = emalloc(PHP_TAG_BUF_SIZE + 1); tp = tbuf; } else { tbuf = tp = NULL; @@ -4369,7 +4369,11 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, lc = '<'; state = 1; if (allow) { - tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); + if (tp - tbuf >= PHP_TAG_BUF_SIZE) { + pos = tp - tbuf; + tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); + tp = tbuf + pos; + } *(tp++) = '<'; } } else if (state == 1) { @@ -4384,7 +4388,11 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, br++; } } else if (allow && state == 1) { - tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); + if (tp - tbuf >= PHP_TAG_BUF_SIZE) { + pos = tp - tbuf; + tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); + tp = tbuf + pos; + } *(tp++) = c; } else if (state == 0) { *(rp++) = c; @@ -4398,7 +4406,11 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, br--; } } else if (allow && state == 1) { - tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); + if (tp - tbuf >= PHP_TAG_BUF_SIZE) { + pos = tp - tbuf; + tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); + tp = tbuf + pos; + } *(tp++) = c; } else if (state == 0) { *(rp++) = c; @@ -4420,7 +4432,11 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, lc = '>'; in_q = state = 0; if (allow) { - tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); + if (tp - tbuf >= PHP_TAG_BUF_SIZE) { + pos = tp - tbuf; + tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); + tp = tbuf + pos; + } *(tp++) = '>'; *tp='\0'; if (php_tag_find(tbuf, tp-tbuf, allow)) { @@ -4467,7 +4483,11 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, } else if (state == 0) { *(rp++) = c; } else if (allow && state == 1) { - tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); + if (tp - tbuf >= PHP_TAG_BUF_SIZE) { + pos = tp - tbuf; + tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); + tp = tbuf + pos; + } *(tp++) = c; } if (state && p != buf && (state == 1 || *(p-1) != '\\') && (!in_q || *p == in_q)) { @@ -4488,7 +4508,11 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow, if (state == 0) { *(rp++) = c; } else if (allow && state == 1) { - tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); + if (tp - tbuf >= PHP_TAG_BUF_SIZE) { + pos = tp - tbuf; + tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); + tp = tbuf + pos; + } *(tp++) = c; } } @@ -4543,7 +4567,11 @@ reg_char: if (state == 0) { *(rp++) = c; } else if (allow && state == 1) { - tp = ((tp-tbuf) >= PHP_TAG_BUF_SIZE ? tbuf: tp); + if (tp - tbuf >= PHP_TAG_BUF_SIZE) { + pos = tp - tbuf; + tbuf = erealloc(tbuf, (tp - tbuf) + PHP_TAG_BUF_SIZE + 1); + tp = tbuf + pos; + } *(tp++) = c; } break; |