mirror/php-htmlpurifier
1
0
Fork 0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2025-07-31 19:30:21 +02:00
Code Issues Releases Wiki Activity

Fix infinite loop in Lexer.

Browse Source 
Signed-off-by: Edward Z. Yang <ezyang@mit.edu>
This commit is contained in:
Edward Z. Yang
2013-10-27 21:41:08 -07:00
parent e52d1fe310
commit 54477c172b
4 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
library/HTMLPurifier/Lexer/DirectLex.php
View File

@@ -441,11 +441,12 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
// space, so let's guarantee that there's always a terminating space.
$string .= ' ';
while (true) {
if ($cursor >= $size) {
break;
$old_cursor = -1;
while ($cursor < $size) {
if ($old_cursor >= $cursor) {
throw new Exception("Infinite loop detected");
}
$old_cursor = $cursor;
$cursor += ($value = strspn($string, $this->_whitespace, $cursor));
// grab the key
@@ -463,7 +464,7 @@ class HTMLPurifier_Lexer_DirectLex extends HTMLPurifier_Lexer
if ($e) {
$e->send(E_ERROR, 'Lexer: Missing attribute key');
}
$cursor += strcspn($string, $this->_whitespace, $cursor + 1); // prevent infinite loop
$cursor += 1 + strcspn($string, $this->_whitespace, $cursor + 1); // prevent infinite loop
continue; // empty key
}