From: carsten_sttgt at gmx dot de
Operating system: Windows_NT
PHP version: 5.2.5
PHP Bug Type: Scripting Engine problem
Bug description: wrong parsing of QUERY_STRING
Description:
------------
Hello,
it seems, only the original bug reporter can change the status of
"Feedback" or "No Feedback" to "Open" with a comment? So I must open a new
bug report according to Bug #43162.
We all know, that a "." or " " in a query_string variable is rewritten to
"_".
But there is a misbehavior with non printable characters (and/or
characters which can't be in a variable name) which should be clarified.
In the test I use the array $_GET. But this also applies to parse_str():
| parse_str($_SERVER['QUERY_STRING']);
| var_dump($GLOBALS);
also wrong:
I can create a variable, with is not a valid variable name (as descriped
in PHP manual):
| <a href="?%10a=%10a">Testlink</a>
| <?php
| $a= "\x10a";
| var_dump($$a);
| ?>
An other misbehavior:
If I have a "\0" (in the URI %00), the $_GET key name, starting from "\0"
is missing (not binary safe).
Regards,
Carsten
Reproduce code:
---------------
<html>
<head><title>Testscript</title></head>
<body>
<a
href="?a%00a=a%00a&b%10b=b%10b&c%0Dc=c%0Dc&d%20d=d%20d&e%2Ee=e%2Ee">Testlink</a>
<br>
<pre>
<?php
var_dump($_GET);
?>
</pre>
</body>
</html>
Expected result:
----------------
Good question ;-)
"\0" should have the same misbehavior as "\x10"
Or you can replace all non printable chars with "_".
(On the other side: for an array key ($_GET), this chars are valid.
Only a problem for register_globals or parse_str)
Actual result:
--------------
magic_quotes_gpc = Off:
-----------------------
array(5) {
["a"]=>
string(3) "a�a"
["b�b"]=>
string(3) "b�b"
["c
c"]=>
string(3) "c
c"
["d_d"]=>
string(3) "d d"
["e_e"]=>
string(3) "e.e"
}
magic_quotes_gpc = On:
----------------------
array(5) {
["a"]=>
string(4) "a\0a"
["b�b"]=>
string(3) "b�b"
["c
c"]=>
string(3) "c
c"
["d_d"]=>
string(3) "d d"
["e_e"]=>
string(3) "e.e"
}
--
Edit bug report at http://bugs.php.net/?id=43253&edit=1
--
Try a CVS snapshot (PHP 4.4):
http://bugs.php.net/fix.php?id=43253&r=trysnapshot44
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=43253&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=43253&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=43253&r=trysnapshot60
Fixed in CVS: http://bugs.php.net/fix.php?id=43253&r=fixedcvs
Fixed in release:
http://bugs.php.net/fix.php?id=43253&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=43253&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=43253&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=43253&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=43253&r=support
Expected behavior: http://bugs.php.net/fix.php?id=43253&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=43253&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=43253&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=43253&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=43253&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=43253&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=43253&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=43253&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=43253&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=43253&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=43253&r=mysqlcfg
