Add infinite loop protection.

git-svn-id: http://htmlpurifier.org/svnroot/html_purifier/trunk@26 48356398-32a2-884e-a903-53898d9a118a
2024-09-20 03:05:18 +00:00 · 2006-04-16 00:30:11 +00:00 · 2006-04-16 00:30:11 +00:00 · 9f1d145322
commit 9f1d145322
parent 6372a16926
1 changed files with 17 additions and 1 deletions
--- a/HTML_Lexer.php
+++ b/HTML_Lexer.php
@ -54,11 +54,18 @@ class HTML_Lexer
        $inside_tag = false; // whether or not we're parsing the inside of a tag
        $array = array(); // result array
        
+        // infinite loop protection
+        // has to be pretty big, since html docs can be big
+        $loops = 0;
+        
        while(true) {
+            
+            // infinite loop protection
+            if ($loops > 1000000000) return array();
+            
            $position_next_lt = strpos($string, '<', $cursor);
            $position_next_gt = strpos($string, '>', $cursor);
            
-            
            // triggers on "<b>asdf</b>" but not "asdf <b></b>"
            if ($position_next_lt === $cursor) {
                $inside_tag = true;
@ -157,7 +164,16 @@ class HTML_Lexer
        // space, so let's guarantee that there's always a terminating space.
        $string .= ' ';
        
+        // infinite loop protection
+        $loops = 0;
+        
        while(true) {
+            
+            // infinite loop protection
+            // if we've looped 1000 times, abort. Nothing good can come of this 
+            $loops++;
+            if ($loops > 1000) return array();
+            
            if ($cursor >= $size) {
                break;
            }