#26684 [NEW]: POST to external server

Sun, 21 Dec 2003 10:11:10 -0800 

From:             telefoontoestel at officepxert dot digitaal dot biz
Operating system: Linux 8.5.3-STABLE #3
PHP version:      4.3.4
PHP Bug Type:     Variables related
Bug description:  POST to external server

Description:
------------
It is possible to post data to an script on an external server. I find
this a huge bug in the php api, because of this harmfull persons can
add/alter any kind of data to a script. Will this be resolved in a future
PHP version?

Reproduce code:
---------------
[external server]
<?php
ini_set("register_globals", 1);

$variabel = $_POST["test_var"];

if(!empty($variabel)){
        print "This is the bug I'm talking about";
}
?>

[other server]
<form method="post"
action="http://my.external.site/externalphpscript.php";>
<input type="text" name="test_var">
<input type="submit" value="Test">
</form>

Expected result:
----------------
This is the bug I'm talking about


-- 
Edit bug report at http://bugs.php.net/?id=26684&edit=1
-- 
Try a CVS snapshot (php4):  http://bugs.php.net/fix.php?id=26684&r=trysnapshot4
Try a CVS snapshot (php5):  http://bugs.php.net/fix.php?id=26684&r=trysnapshot5
Fixed in CVS:               http://bugs.php.net/fix.php?id=26684&r=fixedcvs
Fixed in release:           http://bugs.php.net/fix.php?id=26684&r=alreadyfixed
Need backtrace:             http://bugs.php.net/fix.php?id=26684&r=needtrace
Need Reproduce Script:      http://bugs.php.net/fix.php?id=26684&r=needscript
Try newer version:          http://bugs.php.net/fix.php?id=26684&r=oldversion
Not developer issue:        http://bugs.php.net/fix.php?id=26684&r=support
Expected behavior:          http://bugs.php.net/fix.php?id=26684&r=notwrong
Not enough info:            http://bugs.php.net/fix.php?id=26684&r=notenoughinfo
Submitted twice:            http://bugs.php.net/fix.php?id=26684&r=submittedtwice
register_globals:           http://bugs.php.net/fix.php?id=26684&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=26684&r=php3
Daylight Savings:           http://bugs.php.net/fix.php?id=26684&r=dst
IIS Stability:              http://bugs.php.net/fix.php?id=26684&r=isapi
Install GNU Sed:            http://bugs.php.net/fix.php?id=26684&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=26684&r=float

Reply via email to