Fixed infinite loop (DoS) remotely triggerable state change issue.

cubiclesoft · Nov 4, 2017 · 52a8e9d · 52a8e9d
1 parent 4baa62c
commit 52a8e9d
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/support/tag_filter.php b/support/tag_filter.php
@@ -302,6 +302,13 @@ public function Process($content)
 									}
 								}
 							}
+
+							if ($state === "key")
+							{
+								$cx = $cy;
+
+								$state = "exit";
+							}
 						}
 						else if ($state === "equals")
 						{
@@ -351,6 +358,15 @@ public function Process($content)
 									}
 								}
 							}
+
+							if ($state === "equals")
+							{
+								$cx = $cy;
+
+								$attrs[$keyname] = true;
+
+								$state = "exit";
+							}
 						}
 						else if ($state === "value")
 						{
@@ -400,6 +416,15 @@ public function Process($content)
 								}
 							}
 
+							if ($state === "value")
+							{
+								$cx = $cy;
+
+								$attrs[$keyname] = true;
+
+								$state = "exit";
+							}
+
 							if ($state === "key")
 							{
 								$value = html_entity_decode($value, ENT_QUOTES | ENT_HTML5, $this->options["charset"]);