HTML API: Truncated funky comments should cause the Tag Processor to pause.

dmsnell · dmsnell · commit 534b830b3716 · 2024-08-06T20:41:58.000Z
A state change was missing in the Tag Processor when the input is too short to find a comment closer after an opened funky comment. This patch fixes a issue where `</#` does not correctly report incomplete input, but `</# ` does. Developed in #7146 Discussed in https://core.trac.wordpress.org/ticket/61831 Props: jonsurrell. Fixes #61831. git-svn-id: https://develop.svn.wordpress.org/trunk@58858 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/src/wp-includes/html-api/class-wp-html-tag-processor.php b/src/wp-includes/html-api/class-wp-html-tag-processor.php
@@ -1909,6 +1909,8 @@ private function parse_next_tag(): bool {
 			if ( $this->is_closing_tag ) {
 				// No chance of finding a closer.
 				if ( $at + 3 > $doc_length ) {
+					$this->parser_state = self::STATE_INCOMPLETE_INPUT;
+
 					return false;
 				}
 
diff --git a/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php b/tests/phpunit/tests/html-api/wpHtmlTagProcessor.php
@@ -2903,4 +2903,15 @@ public function test_script_tag_processing_no_infinite_loop_final_left_angle_bra
 		$this->assertFalse( $processor->next_tag() );
 		$this->assertTrue( $processor->paused_at_incomplete_token() );
 	}
+
+	/**
+	 * Test a bugfix where the input ends abruptly with a funky comment started.
+	 *
+	 * @ticket 61831
+	 */
+	public function test_unclosed_funky_comment_input_too_short() {
+		$processor = new WP_HTML_Tag_Processor( '</#' );
+		$this->assertFalse( $processor->next_tag() );
+		$this->assertTrue( $processor->paused_at_incomplete_token() );
+	}
 }

Original file line number	Diff line number	Diff line change
`@@ -1909,6 +1909,8 @@ private function parse_next_tag(): bool {`
`1909`	`1909`	`if ( $this->is_closing_tag ) {`
`1910`	`1910`	`// No chance of finding a closer.`
`1911`	`1911`	`if ( $at + 3 > $doc_length ) {`
	`1912`	`+ $this->parser_state = self::STATE_INCOMPLETE_INPUT;`
	`1913`	`+`
`1912`	`1914`	`return false;`
`1913`	`1915`	`}`
`1914`	`1916`