Fix #70720

Julien Pauli · Julien Pauli · commit ff7ed9021cd7 · 2015-12-22T16:25:51.000+01:00
diff --git a/NEWS b/NEWS
@@ -17,6 +17,9 @@ PHP                                                                        NEWS
 - Session:
   . Fixed bug #71122 (Session GC may not remove obsolete session data). (Yasuo)
 
+- Standard:
+  . Fixed bug #70720 (strip_tags improper php code parsing). (Julien)
+    
 17 Dec 2015, PHP 5.6.17
 
 - Core:
diff --git a/ext/standard/string.c b/ext/standard/string.c
@@ -4689,6 +4689,9 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow,
 				switch (state) {
 					case 1: /* HTML/XML */
 						lc = '>';
+						if (*(p -1) == '-') {
+							break;
+						}
 						in_q = state = 0;
 						if (allow) {
 							if (tp - tbuf >= PHP_TAG_BUF_SIZE) {
@@ -4818,7 +4821,7 @@ PHPAPI size_t php_strip_tags_ex(char *rbuf, int len, int *stateptr, char *allow,
 				 * state == 2 (PHP). Switch back to HTML.
 				 */
 
-				if (state == 2 && p > buf+2 && strncasecmp(p-2, "xm", 2) == 0) {
+				if (state == 2 && p > buf+2 && strncasecmp(p-4, "<?xm", 4) == 0) {
 					state = 1;
 					break;
 				}
diff --git a/ext/standard/tests/strings/bug70720.phpt b/ext/standard/tests/strings/bug70720.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Bug #70720 (strip_tags() doesnt handle "xml" correctly)
+--FILE--
+<?php
+var_dump(strip_tags('<?php $dom->test(); ?> this is a test'));
+var_dump(strip_tags('<?php $xml->test(); ?> this is a test'));
+var_dump(strip_tags('<?xml $xml->test(); ?> this is a test'));
+?>
+--EXPECTF--
+string(15) " this is a test"
+string(15) " this is a test"
+string(15) " this is a test"
