Uninitialized string offset: 0 on specific input Hi folks, while using HTMLPurifier (4.2.0), I got some E_NOTICES, which seem to be caused by having a <font size=""2""> tag in my input (i.e., empty size attribute). I don't know who created this silly HTML, but I have a database full of junk (and other that this, HTMLPurifier is holding its ground!). I haven't tried minimizing the test case yet, but a quick glance at the code suggests that the length of the attribute is not checked before accessing the first character. Anyway, here's a full backtrace. Notice: Uninitialized string offset: 0 (Non-fatal) Error occured at /libs/htmlpurifier-standalone/HTMLPurifier.standalone.php:15370 BackTrace: #0 HTMLPurifier_TagTransform_Font::transform(object(HTMLPurifier_Token_Start), object(HTMLPurifier_Config), object(HTMLPurifier_Context)) called by /libs/htmlpurifier-standalone/HTMLPurifier.standalone.php:15161 #1 HTMLPurifier_Strategy_RemoveForeignElements::execute(array(0 => object(HTMLPurifier_Token_Text), 1 => object(HTMLPurifier_Token_Start), 2 => object(HTMLPurifier_Token_Text), 3 => object(HTMLPurifier_Token_Start), 4 => object(HTMLPurifier_Token_Text), 5 => object(HTMLPurifier_Token_Empty), 6 => object(HTMLPurifier_Token_Text), 7 => object(HTMLPurifier_Token_Empty), 8 => object(HTMLPurifier_Token_Empty), 9 => object(HTMLPurifier_Token_Text), 10 => object(HTMLPurifier_Token_Empty), 11 => object(HTMLPurifier_Token_Empty), 12 => object(HTMLPurifier_Token_Text), 13 => object(HTMLPurifier_Token_Empty), 14 => object(HTMLPurifier_Token_Start), 15 => object(HTMLPurifier_Token_Text), 16 => object(HTMLPurifier_Token_Empty), 17 => object(HTMLPurifier_Token_End), 18 => object(HTMLPurifier_Token_Empty), 19 => object(HTMLPurifier_Token_End), 20 => object(HTMLPurifier_Token_End), 21 => object(HTMLPurifier_Token_Start), 22 => object(HTMLPurifier_Token_Start), 23 => object(HTMLPurifier_T! oken_Empty), 24 => object(HTMLPurifier_Token_End), 25 => object(HTMLPurifier_Token_End)), object(HTMLPurifier_Config), object(HTMLPurifier_Context)) called by /libs/htmlpurifier-standalone/HTMLPurifier.standalone.php:14260 #2 HTMLPurifier_Strategy_Composite::execute(array(0 => object(HTMLPurifier_Token_Text), 1 => object(HTMLPurifier_Token_Start), 2 => object(HTMLPurifier_Token_Text), 3 => object(HTMLPurifier_Token_Start), 4 => object(HTMLPurifier_Token_Text), 5 => object(HTMLPurifier_Token_Empty), 6 => object(HTMLPurifier_Token_Text), 7 => object(HTMLPurifier_Token_Empty), 8 => object(HTMLPurifier_Token_Empty), 9 => object(HTMLPurifier_Token_Text), 10 => object(HTMLPurifier_Token_Empty), 11 => object(HTMLPurifier_Token_Empty), 12 => object(HTMLPurifier_Token_Text), 13 => object(HTMLPurifier_Token_Empty), 14 => object(HTMLPurifier_Token_Start), 15 => object(HTMLPurifier_Token_Text), 16 => object(HTMLPurifier_Token_Empty), 17 => object(HTMLPurifier_Token_End), 18 => object(HTMLPurifier_Token_Empty), 19 => object(HTMLPurifier_Token_End), 20 => object(HTMLPurifier_Token_End), 21 => object(HTMLPurifier_Token_Start), 22 => object(HTMLPurifier_Token_Start), 23 => object(HTMLPurifier_Token_Empty),! 24 => object(HTMLPurifier_Token_End), 25 => object(HTMLPurifier_Token_End)), object(HTMLPurifier_Config), object(HTMLPurifier_Context)) called by /libs/htmlpurifier-standalone/HTMLPurifier.standalone.php:201 #3 HTMLPurifier::purify(" <span lang=""N""><p>Het Rabo EK Hockey wordt dit jaar gehouden in het Wagener Stadion in Amsterdam. Zowel de dames als de heren strijden om de Europese titel. Het is de eerste keer dat een dubbel EK in Nederland gehouden wordt. <br>De heren verdedigen hun titel van twee jaar geleden. De dames gaan weer voor goud na hun tweede plek in 2007. Beide teams kunnen zich op het EK kwalificeren voor het WK van 2010. <br><br>Tickets zijn te verkrijgen via www.topticketline.nl (0900 300 1000, 40cpm). <br><br>Let op; Leden van de Rabobank krijgen 25% korting. Meer info hierover is te vinden op<br><a class="new-window" href="http://www.rabobank.nl/particulieren/servicemenu/leden/sport_en_ontspanning_aanbiedingen/kaarten_ek_hockey/default">http://www.rabobank.nl/particulieren/servicemenu/leden/sport_en_ontspanning_aanbiedingen/kaarten_ek_hockey/default<br></a><br></p></span><font face=""Arial"" size=""2""><font face=""Arial"" size=""2""><span lang=""EN""></spa! n></font></font>") called by /tools/import_news.php:100 Is this the right place to report a bug like this? http://htmlpurifier.org/phorum/read.php?3,5442,5442#msg-5442 Sat, 18 May 2013 21:10:25 -0400 Phorum 5.2.18 http://htmlpurifier.org/phorum/read.php?3,5442,5453#msg-5453 Re: Uninitialized string offset: 0 on specific input http://htmlpurifier.org/phorum/read.php?3,5442,5453#msg-5453 Awesome, thanks!

]]> Matthijs Kooijman Support Mon, 21 Mar 2011 13:56:00 -0400 http://htmlpurifier.org/phorum/read.php?3,5442,5444#msg-5444 Re: Uninitialized string offset: 0 on specific input http://htmlpurifier.org/phorum/read.php?3,5442,5444#msg-5444 http://repo.or.cz/w/htmlpurifier.git/commit/ee9c70ab7f59f1c035aa9ea1982bf9c999d2e57e

]]> Ambush Commander Support Thu, 17 Mar 2011 13:35:02 -0400 http://htmlpurifier.org/phorum/read.php?3,5442,5443#msg-5443 Re: Uninitialized string offset: 0 on specific input http://htmlpurifier.org/phorum/read.php?3,5442,5443#msg-5443 Looks like a bug (a harmless one, but a bug nonetheless). Thanks for reporting!

]]> Ambush Commander Support Thu, 17 Mar 2011 13:28:39 -0400 http://htmlpurifier.org/phorum/read.php?3,5442,5442#msg-5442 Uninitialized string offset: 0 on specific input http://htmlpurifier.org/phorum/read.php?3,5442,5442#msg-5442 Hi folks,

while using HTMLPurifier (4.2.0), I got some E_NOTICES, which seem to be caused by having a <font size=""2""> tag in my input (i.e., empty size attribute). I don't know who created this silly HTML, but I have a database full of junk (and other that this, HTMLPurifier is holding its ground!). I haven't tried minimizing the test case yet, but a quick glance at the code suggests that the length of the attribute is not checked before accessing the first character.

Anyway, here's a full backtrace. 

Notice: Uninitialized string offset:  0 (Non-fatal)

Error occured at /libs/htmlpurifier-standalone/HTMLPurifier.standalone.php:15370

BackTrace:
#0    HTMLPurifier_TagTransform_Font::transform(object(HTMLPurifier_Token_Start), object(HTMLPurifier_Config), object(HTMLPurifier_Context))
                                                              called by /libs/htmlpurifier-standalone/HTMLPurifier.standalone.php:15161
#1    HTMLPurifier_Strategy_RemoveForeignElements::execute(array(0 => object(HTMLPurifier_Token_Text), 1 => object(HTMLPurifier_Token_Start), 2 => object(HTMLPurifier_Token_Text), 3 => object(HTMLPurifier_Token_Start), 4 => object(HTMLPurifier_Token_Text), 5 => object(HTMLPurifier_Token_Empty), 6 => object(HTMLPurifier_Token_Text), 7 => object(HTMLPurifier_Token_Empty), 8 => object(HTMLPurifier_Token_Empty), 9 => object(HTMLPurifier_Token_Text), 10 => object(HTMLPurifier_Token_Empty), 11 => object(HTMLPurifier_Token_Empty), 12 => object(HTMLPurifier_Token_Text), 13 => object(HTMLPurifier_Token_Empty), 14 => object(HTMLPurifier_Token_Start), 15 => object(HTMLPurifier_Token_Text), 16 => object(HTMLPurifier_Token_Empty), 17 => object(HTMLPurifier_Token_End), 18 => object(HTMLPurifier_Token_Empty), 19 => object(HTMLPurifier_Token_End), 20 => object(HTMLPurifier_Token_End), 21 => object(HTMLPurifier_Token_Start), 22 => object(HTMLPurifier_Token_Start), 23 => object(HTMLPurifier_T!
 oken_Empty), 24 => object(HTMLPurifier_Token_End), 25 => object(HTMLPurifier_Token_End)), object(HTMLPurifier_Config), object(HTMLPurifier_Context))
                                                              called by /libs/htmlpurifier-standalone/HTMLPurifier.standalone.php:14260
#2    HTMLPurifier_Strategy_Composite::execute(array(0 => object(HTMLPurifier_Token_Text), 1 => object(HTMLPurifier_Token_Start), 2 => object(HTMLPurifier_Token_Text), 3 => object(HTMLPurifier_Token_Start), 4 => object(HTMLPurifier_Token_Text), 5 => object(HTMLPurifier_Token_Empty), 6 => object(HTMLPurifier_Token_Text), 7 => object(HTMLPurifier_Token_Empty), 8 => object(HTMLPurifier_Token_Empty), 9 => object(HTMLPurifier_Token_Text), 10 => object(HTMLPurifier_Token_Empty), 11 => object(HTMLPurifier_Token_Empty), 12 => object(HTMLPurifier_Token_Text), 13 => object(HTMLPurifier_Token_Empty), 14 => object(HTMLPurifier_Token_Start), 15 => object(HTMLPurifier_Token_Text), 16 => object(HTMLPurifier_Token_Empty), 17 => object(HTMLPurifier_Token_End), 18 => object(HTMLPurifier_Token_Empty), 19 => object(HTMLPurifier_Token_End), 20 => object(HTMLPurifier_Token_End), 21 => object(HTMLPurifier_Token_Start), 22 => object(HTMLPurifier_Token_Start), 23 => object(HTMLPurifier_Token_Empty),!
  24 => object(HTMLPurifier_Token_End), 25 => object(HTMLPurifier_Token_End)), object(HTMLPurifier_Config), object(HTMLPurifier_Context))
                                                              called by /libs/htmlpurifier-standalone/HTMLPurifier.standalone.php:201
#3    HTMLPurifier::purify(" <span lang=""N""><p>Het Rabo EK Hockey wordt dit jaar gehouden in het Wagener Stadion in Amsterdam. Zowel de dames als de heren strijden om de Europese titel. Het is de eerste keer dat een dubbel EK in Nederland gehouden wordt. <br>De heren verdedigen hun titel van twee jaar geleden. De dames gaan weer voor goud na hun tweede plek in 2007. Beide teams kunnen zich op het EK kwalificeren voor het WK van 2010. <br><br>Tickets zijn te verkrijgen via www.topticketline.nl (0900 300 1000, 40cpm). <br><br>Let op; Leden van de Rabobank krijgen 25% korting. Meer info hierover is te vinden op<br><a class="new-window" href="http://www.rabobank.nl/particulieren/servicemenu/leden/sport_en_ontspanning_aanbiedingen/kaarten_ek_hockey/default">http://www.rabobank.nl/particulieren/servicemenu/leden/sport_en_ontspanning_aanbiedingen/kaarten_ek_hockey/default<br></a><br></p></span><font face=""Arial"" size=""2""><font face=""Arial"" size=""2""><span lang=""EN""></spa!
 n></font></font>")
                                                              called by /tools/import_news.php:100

Is this the right place to report a bug like this?

]]> Matthijs Kooijman Support Thu, 17 Mar 2011 10:55:16 -0400