From: micromas at arcor dot de Operating system: Debian Linux 2.6.20 PHP version: 5.2.6 PHP Bug Type: Scripting Engine problem Bug description: Access problem with submitted text containing word VALUES
Description: ------------ I created a form with a textarea named "editContent" and a submit button named "btnSave": <form name="editForm" action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post" enctype="multipart/form-data"> <textarea name='editContent' style='width: 550px; height: 400px;' wrap='off'> <?php htmlspecialchars($txt); ?> </textarea> <input type="submit" name="btnSave" value="Save"> The textarea is used for editing php files. Whenever there is a file containg an sql statement containing the word VALUES (e. g. for insert) then I get this error message after submitting: "You don't have permission to access /folder/script.php on this server." Reproduce code: --------------- $query="INSERT INTO TABLE1 (FIELD1, FIELD2) VALUES (1,2)"; (Part of submitted text) Expected result: ---------------- No error message. Actual result: -------------- "You don't have permission to access /folder/script.php on this server." This happens only if the text contains the word VALUES. -- Edit bug report at http://bugs.php.net/?id=46291&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=46291&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=46291&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=46291&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=46291&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=46291&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=46291&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=46291&r=needscript Try newer version: http://bugs.php.net/fix.php?id=46291&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=46291&r=support Expected behavior: http://bugs.php.net/fix.php?id=46291&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=46291&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=46291&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=46291&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=46291&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=46291&r=dst IIS Stability: http://bugs.php.net/fix.php?id=46291&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=46291&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=46291&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=46291&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=46291&r=mysqlcfg
