2006-12-18 04:22:05 +00:00
|
|
|
--TEST--
|
|
|
|
Combination of strip & sanitize filters
|
2006-12-19 14:16:23 +00:00
|
|
|
--SKIPIF--
|
|
|
|
<?php if (!extension_loaded("filter")) die("skip"); ?>
|
2006-12-18 04:22:05 +00:00
|
|
|
--FILE--
|
|
|
|
<?php
|
|
|
|
$var = 'XYZ< script>alert(/ext/filter+bypass/);< /script>ABC';
|
|
|
|
$a = filter_var($var, FILTER_SANITIZE_STRING, array("flags" => FILTER_FLAG_STRIP_LOW));
|
|
|
|
echo $a . "\n";
|
2006-12-18 14:56:40 +00:00
|
|
|
|
|
|
|
$var = 'XYZ<
|
|
|
|
script>alert(/ext/filter+bypass/);<
|
|
|
|
/script>ABC';
|
|
|
|
$a = filter_var($var, FILTER_SANITIZE_STRING, array("flags" => FILTER_FLAG_STRIP_LOW));
|
|
|
|
echo $a . "\n";
|
2006-12-18 04:22:05 +00:00
|
|
|
?>
|
|
|
|
--EXPECT--
|
|
|
|
XYZalert(/ext/filter+bypass/);ABC
|
2006-12-18 14:56:40 +00:00
|
|
|
XYZalert(/ext/filter+bypass/);ABC
|