http://pear.php.net/bugs/search.php?cmd=display&package_name%5B0%5D=HTML_Safe Search Results en-us pear-webmaster@lists.php.net pear-webmaster@lists.php.net hourly 1 2000-01-01T12:00+00:00 http://pear.php.net/gifs/pearsmall.gif http://pear.php.net/bugs http://pear.php.net/bugs/21059 HTML_Safe Feature/Change Request Reported by wackowiki 2016-04-29T12:24:13+00:00 PHP: 5.6.10 OS: Package Version: 0.10.1 Description: ------------ added new HTML5 Block-level elements diff --git a/wacko/lib/safehtml/safehtml.php b/wacko/lib/safehtml/safehtml.php --- a/wacko/lib/safehtml/safehtml.php +++ b/wacko/lib/safehtml/safehtml.php @@ -222,11 +222,13 @@ * @var array */ public $closeParagraph = array( - 'address', 'blockquote', 'center', 'dd', 'dir', 'div', - 'dl', 'dt', 'h1', 'h2', 'h3', 'h4', - 'h5', 'h6', 'hr', 'isindex', 'listing', 'marquee', - 'menu', 'multicol', 'ol', 'p', 'plaintext', 'pre', - 'table', 'ul', 'xmp', + 'address', 'article', 'aside', 'audio', 'blockquote', 'canvas', + 'center', 'dd', 'dir', 'div', 'dl', 'dt', + 'figure', 'figcaption', 'footer', 'h1', 'h2', 'h3', + 'h4', 'h5', 'h6', 'header', 'hr', 'isindex', + 'listing', 'marquee', 'menu', 'multicol', 'ol', 'output', + 'p', 'plaintext', 'pre', 'section', 'table', 'ul', + 'video', 'xmp', ); /**]]> HTML_Safe Feature/Change Request Reported by wackowiki 2016-04-29T12:24:13+00:00 PHP: 5.6.10 OS: Package Version: 0.10.1 Description: ------------ added new HTML5 Block-level elements diff --git a/wacko/lib/safehtml/safehtml.php b/wacko/lib/safehtml/safehtml.php --- a/wacko/lib/safehtml/safehtml.php +++ b/wacko/lib/safehtml/safehtml.php @@ -222,11 +222,13 @@ * @var array */ public $closeParagraph = array( - 'address', 'blockquote', 'center', 'dd', 'dir', 'div', - 'dl', 'dt', 'h1', 'h2', 'h3', 'h4', - 'h5', 'h6', 'hr', 'isindex', 'listing', 'marquee', - 'menu', 'multicol', 'ol', 'p', 'plaintext', 'pre', - 'table', 'ul', 'xmp', + 'address', 'article', 'aside', 'audio', 'blockquote', 'canvas', + 'center', 'dd', 'dir', 'div', 'dl', 'dt', + 'figure', 'figcaption', 'footer', 'h1', 'h2', 'h3', + 'h4', 'h5', 'h6', 'header', 'hr', 'isindex', + 'listing', 'marquee', 'menu', 'multicol', 'ol', 'output', + 'p', 'plaintext', 'pre', 'section', 'table', 'ul', + 'video', 'xmp', ); /**]]> 2016-04-29T12:24:13+00:00 webmaster &#x61;&#116; wackowiki &#x64;&#111;&#x74; org HTML_Safe Feature/Change Request http://pear.php.net/bugs/20219 HTML_Safe Bug Reported by wackowiki 2014-03-15T18:45:53+00:00 PHP: 5.5.8 OS: Package Version: Description: ------------ http://www.php.net/manual/en/migration55.deprecated.php Replace preg_replace() e modifier with preg_replace_callback diff --git a/lib/safehtml/safehtml.php b/lib/safehtml/safehtml.php --- a/lib/safehtml/safehtml.php +++ b/lib/safehtml/safehtml.php @@ -350,10 +350,10 @@ } } - $tempval = preg_replace('/&#(\d+);?/me', "chr('\\1')", $value); //"' - $tempval = preg_replace( - '/&#x([0-9a-f]+);?/mei', - "chr(hexdec('\\1'))", + $tempval = preg_replace_callback('/&#(\d+);?/m', function ($matches) { return chr($matches[1]); }, $value); //"' + $tempval = preg_replace_callback( + '/&#x([0-9a-f]+);?/mi', + function ($matches) { return chr(hexdec($matches[1])); }, $tempval );]]> HTML_Safe Bug Reported by wackowiki 2014-03-15T18:45:53+00:00 PHP: 5.5.8 OS: Package Version: Description: ------------ http://www.php.net/manual/en/migration55.deprecated.php Replace preg_replace() e modifier with preg_replace_callback diff --git a/lib/safehtml/safehtml.php b/lib/safehtml/safehtml.php --- a/lib/safehtml/safehtml.php +++ b/lib/safehtml/safehtml.php @@ -350,10 +350,10 @@ } } - $tempval = preg_replace('/&#(\d+);?/me', "chr('\\1')", $value); //"' - $tempval = preg_replace( - '/&#x([0-9a-f]+);?/mei', - "chr(hexdec('\\1'))", + $tempval = preg_replace_callback('/&#(\d+);?/m', function ($matches) { return chr($matches[1]); }, $value); //"' + $tempval = preg_replace_callback( + '/&#x([0-9a-f]+);?/mi', + function ($matches) { return chr(hexdec($matches[1])); }, $tempval );]]> 2014-03-22T13:33:39+00:00 webmaster &#x61;&#116; wackowiki &#x64;&#111;&#x74; org HTML_Safe Bug http://pear.php.net/bugs/20195 HTML_Safe Bug Reported by taffit 2014-02-10T01:18:46+00:00 PHP: 5.5.9 OS: Debian GNU/Linux Package Version: 0.10.1 Description: ------------ Hi, The testHTML_Safe::testSpecialChars test introduced in 1.10.0 fails with the current 0.10.1 version: $ phpunit tests/testHTML_Safe.php PHPUnit 3.7.28 by Sebastian Bergmann. .F Time: 24 ms, Memory: 2.50Mb There was 1 failure: 1) testHTML_Safe::testSpecialChars Failed asserting that two strings are identical. --- Expected +++ Actual @@ @@ -a+b-c +ac …/php-html-safe/HTML_Safe-0.10.1/tests/testHTML_Safe.php:26 FAILURES! Tests: 2, Assertions: 2, Failures: 1.]]> HTML_Safe Bug Reported by taffit 2014-02-10T01:18:46+00:00 PHP: 5.5.9 OS: Debian GNU/Linux Package Version: 0.10.1 Description: ------------ Hi, The testHTML_Safe::testSpecialChars test introduced in 1.10.0 fails with the current 0.10.1 version: $ phpunit tests/testHTML_Safe.php PHPUnit 3.7.28 by Sebastian Bergmann. .F Time: 24 ms, Memory: 2.50Mb There was 1 failure: 1) testHTML_Safe::testSpecialChars Failed asserting that two strings are identical. --- Expected +++ Actual @@ @@ -a+b-c +ac …/php-html-safe/HTML_Safe-0.10.1/tests/testHTML_Safe.php:26 FAILURES! Tests: 2, Assertions: 2, Failures: 1.]]> 2014-03-22T13:35:51+00:00 david &#x61;&#116; tilapin &#x64;&#111;&#x74; org HTML_Safe Bug http://pear.php.net/bugs/18027 HTML_Safe Feature/Change Request Reported by cbaxter 2010-11-05T22:56:11+00:00 PHP: Irrelevant OS: Package Version: 0.10.1 Description: ------------ The script is open to XSS attacks when done using the svg/animate tags as not included in deleteTags array. Test script: --------------- <html><head></head><body> <?php $doc = '"><svg><animate attributeName=onunload to=alert(document.location) /></svg><'; require_once('HTML/Safe.php'); $parser = new HTML_Safe; $parser->clear(); $result = $parser->parse($doc); print "<br> $result"; ?></body></html> Expected result: ---------------- <html><head></head><body> <br> "></body></html> Actual result: -------------- <html><head></head><body> <br> "><svg><animate attributename="onunload" to="alert(document.location)"></animate></svg></body> </html>]]> HTML_Safe Feature/Change Request Reported by cbaxter 2010-11-05T22:56:11+00:00 PHP: Irrelevant OS: Package Version: 0.10.1 Description: ------------ The script is open to XSS attacks when done using the svg/animate tags as not included in deleteTags array. Test script: --------------- <html><head></head><body> <?php $doc = '"><svg><animate attributeName=onunload to=alert(document.location) /></svg><'; require_once('HTML/Safe.php'); $parser = new HTML_Safe; $parser->clear(); $result = $parser->parse($doc); print "<br> $result"; ?></body></html> Expected result: ---------------- <html><head></head><body> <br> "></body></html> Actual result: -------------- <html><head></head><body> <br> "><svg><animate attributename="onunload" to="alert(document.location)"></animate></svg></body> </html>]]> 2010-11-05T23:28:42+00:00 cbaxter &#x61;&#116; tnsi &#x64;&#111;&#x74; com HTML_Safe Feature/Change Request http://pear.php.net/bugs/6900 HTML_Safe Bug Reported by thomas@... 2006-02-23T08:29:07+00:00 PHP: 5.1.2 OS: Fedora Core 3 Package Version: 0.9.9beta Description: ------------ Hi. We have started using HTML_Safe in our framework and notices some bugs: <ol> <li></li> <li>/li> <li></li> </ol> Which is valid code - is changed to: <ol> <li></li> <li> <li> </li></li> </ol> Which does not look good. The same for font tags around text <font> Text1 </font Text2 Is changed to <font> Text1 Text2 </font This destroys the layout, in fact and is critical.]]> HTML_Safe Bug Reported by thomas@... 2006-02-23T08:29:07+00:00 PHP: 5.1.2 OS: Fedora Core 3 Package Version: 0.9.9beta Description: ------------ Hi. We have started using HTML_Safe in our framework and notices some bugs: <ol> <li></li> <li>/li> <li></li> </ol> Which is valid code - is changed to: <ol> <li></li> <li> <li> </li></li> </ol> Which does not look good. The same for font tags around text <font> Text1 </font Text2 Is changed to <font> Text1 Text2 </font This destroys the layout, in fact and is critical.]]> 2011-02-03T20:46:21+00:00 thomas &#x61;&#116; ekdahl &#x64;&#111;&#x74; no HTML_Safe Bug