[ZF-10256] Zend_Filter_StripTags:

- prevent endless loop on broken comments
(Thanks to Piotr for this patch)

git-svn-id: http://framework.zend.com/svn/framework/standard/trunk@22806 44c647ce-9c0f-0410-b52a-842ac1e357ba

library/Zend/Filter/StripTags.php

@@ -244,7 +244,14 @@ class Zend_Filter_StripTags implements Zend_Filter_Interface
             $pos   = strrpos($value, '<!--');
             $start = substr($value, 0, $pos);
             $value = substr($value, $pos);
-            $value = preg_replace('/<(?:!(?:--[\s\S]*?--\s*)?(>))/s', '',  $value);
+
+            // If there is no comment closing tag, strip whole text
+            if (!preg_match('/--\s*>/s', $value)) {
+                $value = '';
+            } else {
+                $value = preg_replace('/<(?:!(?:--[\s\S]*?--\s*)?(>))/s', '',  $value);
+            }
+
             $value = $start . $value;
         }
 

tests/Zend/Filter/StripTagsTest.php

@@ -602,6 +602,16 @@ class Zend_Filter_StripTagsTest extends PHPUnit_Framework_TestCase
         $expected = '<img width="10" height="10" src=\'wont_be_matched.jpg\'>';
         $this->assertEquals($expected, $filter->filter($input));
     }
+
+    /**
+     * @group ZF-10256
+     */
+    public function testNotClosedHtmlCommentAtEndOfString()
+    {
+        $input    = 'text<!-- not closed comment at the end';
+        $expected = 'text';
+        $this->assertEquals($expected, $this->_filter->filter($input));
+    }
 }
 
 // Call Zend_Filter_StripTagsTest::main() if this source file is executed directly.