Deprecate FILTER_SANITIZE_STRING/STRIPPED

Deprecate the FILTER_SANITIZE_STRING and FILTER_SANITIZE_STRIPPED
filters.

This is part of https://wiki.php.net/rfc/deprecations_php_8_1.

Author: nikic

UPGRADING

@@ -337,6 +337,11 @@ PHP 8.1 UPGRADE NOTES
     favor of date_sun_info().
     RFC: https://wiki.php.net/rfc/deprecations_php_8_1
 
+- Filter:
+  . The FILTER_SANITIZE_STRING and FILTER_SANITIZE_STRIPPED filters have been
+    deprecated.
+    RFC: https://wiki.php.net/rfc/deprecations_php_8_1
+
 - Hash:
   . The mhash(), mhash_keygen_s2k(), mhash_count(), mhash_get_block_size() and
     mhash_get_hash_name() functions are deprecated. Use the hash_*() APIs

ext/filter/filter.c

@@ -187,8 +187,8 @@ PHP_MINIT_FUNCTION(filter)
 	REGISTER_LONG_CONSTANT("FILTER_DEFAULT", FILTER_DEFAULT, CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("FILTER_UNSAFE_RAW", FILTER_UNSAFE_RAW, CONST_CS | CONST_PERSISTENT);
 
-	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRING", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
-	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRIPPED", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT);
+	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRING", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT | CONST_DEPRECATED);
+	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_STRIPPED", FILTER_SANITIZE_STRING, CONST_CS | CONST_PERSISTENT | CONST_DEPRECATED);
 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_ENCODED", FILTER_SANITIZE_ENCODED, CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_SPECIAL_CHARS", FILTER_SANITIZE_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);
 	REGISTER_LONG_CONSTANT("FILTER_SANITIZE_FULL_SPECIAL_CHARS", FILTER_SANITIZE_FULL_SPECIAL_CHARS, CONST_CS | CONST_PERSISTENT);

ext/filter/tests/006.phpt

@@ -6,7 +6,7 @@ filter
 foo=<b>abc</b>
 --FILE--
 <?php
-echo filter_input(INPUT_POST, 'foo', FILTER_SANITIZE_STRIPPED);
+echo filter_input(INPUT_POST, 'foo', FILTER_SANITIZE_SPECIAL_CHARS);
 ?>
 --EXPECT--
-abc
+&#60;b&#62;abc&#60;/b&#62;

ext/filter/tests/010.phpt

@@ -9,9 +9,9 @@ filter
 
 var_dump(filter_var(array(1,"1","", "-23234", "text", "asdf234asdfgs", array()), FILTER_VALIDATE_INT, FILTER_REQUIRE_ARRAY));
 var_dump(filter_var(array(1.2,"1.7","", "-23234.123", "text", "asdf234.2asdfgs", array()), FILTER_VALIDATE_FLOAT, FILTER_REQUIRE_ARRAY));
-var_dump(filter_var(1, FILTER_SANITIZE_STRING, 1));
-var_dump(filter_var(1, FILTER_SANITIZE_STRING, 0));
-var_dump(filter_var(1, FILTER_SANITIZE_STRING, array()));
+var_dump(filter_var(1, FILTER_SANITIZE_SPECIAL_CHARS, 1));
+var_dump(filter_var(1, FILTER_SANITIZE_SPECIAL_CHARS, 0));
+var_dump(filter_var(1, FILTER_SANITIZE_SPECIAL_CHARS, array()));
 var_dump(filter_var(1, -1, array(123)));
 var_dump(filter_var(1, 0, array()));
 

ext/filter/tests/011.phpt

@@ -11,27 +11,23 @@ c=<p>string</p>&d=12345.7
 --FILE--
 <?php
 ini_set('html_errors', false);
-var_dump(filter_input(INPUT_GET, "a", FILTER_SANITIZE_STRIPPED));
 var_dump(filter_input(INPUT_GET, "b", FILTER_SANITIZE_URL));
 var_dump(filter_input(INPUT_GET, "a", FILTER_SANITIZE_SPECIAL_CHARS, array(1,2,3,4,5)));
 try {
     filter_input(INPUT_GET, "b", FILTER_VALIDATE_FLOAT, new stdClass);
 } catch (TypeError $exception) {
     echo $exception->getMessage() . "\n";
 }
-var_dump(filter_input(INPUT_POST, "c", FILTER_SANITIZE_STRIPPED, array(5,6,7,8)));
 var_dump(filter_input(INPUT_POST, "d", FILTER_VALIDATE_FLOAT));
 var_dump(filter_input(INPUT_POST, "c", FILTER_SANITIZE_SPECIAL_CHARS));
 var_dump(filter_input(INPUT_POST, "d", FILTER_VALIDATE_INT));
 
 echo "Done\n";
 ?>
 --EXPECT--
-string(4) "test"
 string(18) "http://example.com"
 string(27) "&#60;b&#62;test&#60;/b&#62;"
 filter_input(): Argument #4 ($options) must be of type array|int, stdClass given
-string(6) "string"
 float(12345.7)
 string(29) "&#60;p&#62;string&#60;/p&#62;"
 bool(false)

ext/filter/tests/025.phpt

@@ -15,12 +15,25 @@ var_dump(filter_var(".", FILTER_SANITIZE_STRING));
 
 echo "Done\n";
 ?>
---EXPECT--
+--EXPECTF--
+Deprecated: Constant FILTER_SANITIZE_STRING is deprecated in %s on line %d
 string(0) ""
+
+Deprecated: Constant FILTER_SANITIZE_STRING is deprecated in %s on line %d
 string(0) ""
+
+Deprecated: Constant FILTER_SANITIZE_STRING is deprecated in %s on line %d
 string(12) "!@#$%^&*()'""
+
+Deprecated: Constant FILTER_SANITIZE_STRING is deprecated in %s on line %d
 string(24) "!@#$%^&*()'""
+
+Deprecated: Constant FILTER_SANITIZE_STRING is deprecated in %s on line %d
 string(11) "`1234567890"
+
+Deprecated: Constant FILTER_SANITIZE_STRING is deprecated in %s on line %d
 string(5) "`123`"
+
+Deprecated: Constant FILTER_SANITIZE_STRING is deprecated in %s on line %d
 string(1) "."
 Done

ext/filter/tests/026.phpt

@@ -19,14 +19,31 @@ var_dump(filter_var("", FILTER_SANITIZE_STRIPPED, FILTER_FLAG_STRIP_HIGH));
 
 echo "Done\n";
 ?>
---EXPECT--
+--EXPECTF--
+Deprecated: Constant FILTER_SANITIZE_STRIPPED is deprecated in %s on line %d
 string(40) "Let me see you Stripped down to the bone"
+
+Deprecated: Constant FILTER_SANITIZE_STRIPPED is deprecated in %s on line %d
 string(11) "!@#$%^&*()>"
+
+Deprecated: Constant FILTER_SANITIZE_STRIPPED is deprecated in %s on line %d
 string(0) ""
+
+Deprecated: Constant FILTER_SANITIZE_STRIPPED is deprecated in %s on line %d
 string(40) "Let me see you Stripped down to the bone"
+
+Deprecated: Constant FILTER_SANITIZE_STRIPPED is deprecated in %s on line %d
 string(11) "!@#$%^&*()>"
+
+Deprecated: Constant FILTER_SANITIZE_STRIPPED is deprecated in %s on line %d
 string(0) ""
+
+Deprecated: Constant FILTER_SANITIZE_STRIPPED is deprecated in %s on line %d
 string(40) "Let me see you Stripped down to the bone"
+
+Deprecated: Constant FILTER_SANITIZE_STRIPPED is deprecated in %s on line %d
 string(11) "!@#$%^&*()>"
+
+Deprecated: Constant FILTER_SANITIZE_STRIPPED is deprecated in %s on line %d
 string(0) ""
 Done

ext/filter/tests/042.phpt

@@ -14,6 +14,9 @@ script>alert(/ext/filter+bypass/);<
 $a = filter_var($var, FILTER_SANITIZE_STRING, array("flags" => FILTER_FLAG_STRIP_LOW));
 echo $a . "\n";
 ?>
---EXPECT--
+--EXPECTF--
+Deprecated: Constant FILTER_SANITIZE_STRING is deprecated in %s on line %d
 XYZalert(/ext/filter+bypass/);ABC
+
+Deprecated: Constant FILTER_SANITIZE_STRING is deprecated in %s on line %d
 XYZalert(/ext/filter+bypass/);ABC

ext/filter/tests/043.phpt

@@ -7,7 +7,7 @@ filter
 $flags = FILTER_FLAG_ENCODE_AMP|FILTER_FLAG_ENCODE_LOW|FILTER_FLAG_ENCODE_HIGH;
 
 for ($i = 0; $i < 256; $i++) {
-    var_dump(filter_var(chr($i), FILTER_SANITIZE_STRING, array("flags" => $flags)));
+    var_dump(filter_var(chr($i), FILTER_UNSAFE_RAW, array("flags" => $flags)));
 }
 ?>
 --EXPECT--
@@ -45,12 +45,12 @@ string(5) "&#30;"
 string(5) "&#31;"
 string(1) " "
 string(1) "!"
-string(5) "&#34;"
+string(1) """
 string(1) "#"
 string(1) "$"
 string(1) "%"
 string(5) "&#38;"
-string(5) "&#39;"
+string(1) "'"
 string(1) "("
 string(1) ")"
 string(1) "*"
@@ -71,7 +71,7 @@ string(1) "8"
 string(1) "9"
 string(1) ":"
 string(1) ";"
-string(0) ""
+string(1) "<"
 string(1) "="
 string(1) ">"
 string(1) "?"

ext/filter/tests/052.phpt

@@ -10,7 +10,7 @@ function filter_cb($var)
 }
 
 $data = array ('bar' => array ('fu<script>bar', 'bar<script>fu') );
-var_dump(filter_var($data, FILTER_SANITIZE_STRING, FILTER_FORCE_ARRAY));
+var_dump(filter_var($data, FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FORCE_ARRAY));
 var_dump($data);
 var_dump(filter_var($data, FILTER_CALLBACK, array('options' => 'filter_cb')));
 var_dump($data);
@@ -22,9 +22,9 @@ array(1) {
   ["bar"]=>
   array(2) {
     [0]=>
-    string(5) "fubar"
+    string(21) "fu&#60;script&#62;bar"
     [1]=>
-    string(5) "barfu"
+    string(21) "bar&#60;script&#62;fu"
   }
 }
 array(1) {

ext/filter/tests/bug69202.phpt

@@ -4,10 +4,10 @@ Bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used)
 filter
 --FILE--
 <?php
-var_dump(filter_var("``a`b`c``", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_BACKTICK));
-var_dump(filter_var("``a`b`c``", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_BACKTICK));
-var_dump(filter_var("``a`b`c``", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH | FILTER_FLAG_STRIP_BACKTICK));
-var_dump(filter_var("``a`b`c``", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH));
+var_dump(filter_var("``a`b`c``", FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_BACKTICK));
+var_dump(filter_var("``a`b`c``", FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_BACKTICK));
+var_dump(filter_var("``a`b`c``", FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_HIGH | FILTER_FLAG_STRIP_BACKTICK));
+var_dump(filter_var("``a`b`c``", FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH));
 ?>
 --EXPECT--
 string(3) "abc"

ext/filter/tests/bug69203.phpt

@@ -9,7 +9,8 @@ var_dump(filter_var("\x7f", FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_HIGH));
 var_dump(filter_var("\x7f", FILTER_SANITIZE_ENCODED, FILTER_FLAG_STRIP_HIGH));
 var_dump(filter_var("\x7f", FILTER_SANITIZE_SPECIAL_CHARS, FILTER_FLAG_STRIP_HIGH));
 ?>
---EXPECT--
+--EXPECTF--
+Deprecated: Constant FILTER_SANITIZE_STRING is deprecated in %s on line %d
 string(0) ""
 string(0) ""
 string(0) ""