0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-12-23 00:41:52 +00:00

Add infinite loop protection.

git-svn-id: http://htmlpurifier.org/svnroot/html_purifier/trunk@26 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2006-04-16 00:30:11 +00:00
parent 6372a16926
commit 9f1d145322

View File

@ -54,11 +54,18 @@ class HTML_Lexer
$inside_tag = false; // whether or not we're parsing the inside of a tag $inside_tag = false; // whether or not we're parsing the inside of a tag
$array = array(); // result array $array = array(); // result array
// infinite loop protection
// has to be pretty big, since html docs can be big
$loops = 0;
while(true) { while(true) {
// infinite loop protection
if ($loops > 1000000000) return array();
$position_next_lt = strpos($string, '<', $cursor); $position_next_lt = strpos($string, '<', $cursor);
$position_next_gt = strpos($string, '>', $cursor); $position_next_gt = strpos($string, '>', $cursor);
// triggers on "<b>asdf</b>" but not "asdf <b></b>" // triggers on "<b>asdf</b>" but not "asdf <b></b>"
if ($position_next_lt === $cursor) { if ($position_next_lt === $cursor) {
$inside_tag = true; $inside_tag = true;
@ -157,7 +164,16 @@ class HTML_Lexer
// space, so let's guarantee that there's always a terminating space. // space, so let's guarantee that there's always a terminating space.
$string .= ' '; $string .= ' ';
// infinite loop protection
$loops = 0;
while(true) { while(true) {
// infinite loop protection
// if we've looped 1000 times, abort. Nothing good can come of this
$loops++;
if ($loops > 1000) return array();
if ($cursor >= $size) { if ($cursor >= $size) {
break; break;
} }