Skip to content

Commit 2eff19e

Browse files
alexdowadalexdowad
committed
Fix legacy conversion filter for HTML entities
1 parent 87b7159 commit 2eff19e

File tree

1 file changed

+26
-7
lines changed

1 file changed

+26
-7
lines changed

‎ext/mbstring/libmbfl/filters/mbfilter_htmlent.c‎

Lines changed: 26 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -177,7 +177,8 @@ void mbfl_filt_conv_html_dec_dtor(mbfl_convert_filter *filter)
177177

178178
int mbfl_filt_conv_html_dec(int c, mbfl_convert_filter *filter)
179179
{
180-
int pos, ent = 0;
180+
int pos;
181+
unsigned int ent = 0;
181182
mbfl_html_entity_entry *entity;
182183
char *buffer = (char*)filter->opaque;
183184

@@ -215,6 +216,10 @@ int mbfl_filt_conv_html_dec(int c, mbfl_convert_filter *filter)
215216
/* numeric entity */
216217
if (filter->status > 2) {
217218
for (pos=2; pos<filter->status; pos++) {
219+
if (ent > 0x19999999) {
220+
ent = -1;
221+
break;
222+
}
218223
int v = buffer[pos];
219224
if (v >= '0' && v <= '9') {
220225
v = v - '0';
@@ -228,7 +233,7 @@ int mbfl_filt_conv_html_dec(int c, mbfl_convert_filter *filter)
228233
ent = -1;
229234
}
230235
}
231-
if (ent >= 0 && ent < 0x110000) {
236+
if (ent < 0x110000) {
232237
CK((*filter->output_function)(ent, filter->data));
233238
} else {
234239
for (pos = 0; pos < filter->status; pos++) {
@@ -253,13 +258,20 @@ int mbfl_filt_conv_html_dec(int c, mbfl_convert_filter *filter)
253258
/* decoded */
254259
CK((*filter->output_function)(ent, filter->data));
255260
filter->status = 0;
256-
/*php_error_docref("ref.mbstring", E_NOTICE,"mbstring decoded '%s'=%d", buffer, ent);*/
261+
257262
} else {
258263
/* failure */
259264
buffer[filter->status++] = ';';
260265
buffer[filter->status] = 0;
261-
/* php_error_docref("ref.mbstring", E_WARNING, "mbstring cannot decode '%s'", buffer); */
262-
mbfl_filt_conv_html_dec_flush(filter);
266+
267+
/* flush fragments */
268+
pos = 0;
269+
while (filter->status--) {
270+
int e = (*filter->output_function)(buffer[pos++], filter->data);
271+
if (e != 0)
272+
return e;
273+
}
274+
filter->status = 0;
263275
}
264276
}
265277
} else {
@@ -272,8 +284,15 @@ int mbfl_filt_conv_html_dec(int c, mbfl_convert_filter *filter)
272284
if (c=='&')
273285
filter->status--;
274286
buffer[filter->status] = 0;
275-
/* php_error_docref("ref.mbstring", E_WARNING, "mbstring cannot decode '%s'", buffer)l */
276-
mbfl_filt_conv_html_dec_flush(filter);
287+
288+
pos = 0;
289+
while (filter->status--) {
290+
int e = (*filter->output_function)(buffer[pos++], filter->data);
291+
if (e != 0)
292+
return e;
293+
}
294+
filter->status = 0;
295+
277296
if (c=='&')
278297
{
279298
buffer[filter->status++] = '&';

0 commit comments

Comments
 (0)