From: david at sickmiller dot com
Operating system: Linux
PHP version: 5.2.6
PHP Bug Type: HTTP related
Bug description: Multipart/form-data field names truncated at semicolon in
certain cases
Description:
------------
When a form is submitted using multipart-/form-data enctype, PHP will
truncate field names if they contain semicolons and certain other
characters. It seems to happen when there is an uneven number of quotation
marks that precede the semicolon.
Reproduce code:
---------------
<html><form action="semicolon.php" method="POST"
enctype="multipart/form-data">
<input type="hidden" name="before ; after">
<input type="hidden" name="" before ; after">
<input type="hidden" name="' before ; after">
<input type="hidden" name="' ' before ; after">
<input type="hidden" name="' " before ; after">
<input type="hidden" name="" ' before ; after">
<input type="hidden" name="" " before ; after">
<input type="hidden" name="" ' ' before ; after">
<input type="hidden" name="" ' " before ;
after">
<input type="hidden" name="" " ' before ;
after">
<input type="hidden" name="" " " before ;
after">
<input type="hidden" name="' ' ' before ; after">
<input type="hidden" name="' ' " before ; after">
<input type="hidden" name="' " ' before ; after">
<input type="hidden" name="' " " before ;
after">
<input type="submit">
</form><pre><?php
print_r($_POST);
?></pre> </html>
Expected result:
----------------
Array
(
[before_;_after] =>
["_before_;_after] =>
['_before_;_after] =>
['_'_before_;_after] =>
['_"_before_;_after] =>
["_'_before_;_after] =>
["_"_before_;_after] =>
["_'_'_before_;_after] =>
["_'_"_before_;_after] =>
["_"_'_before_;_after] =>
["_"_"_before_;_after] =>
['_'_'_before_;_after] =>
['_'_"_before_;_after] =>
['_"_'_before_;_after] =>
['_"_"_before_;_after] =>
)
Actual result:
--------------
Array
(
[before_;_after] =>
["_before_] =>
['_before_;_after] =>
['_'_before_;_after] =>
['_"_before_] =>
["_'_before_;_after] =>
["_"_before_;_after] =>
["_'_'_before_] =>
["_'_"_before_;_after] =>
["_"_'_before_;_after] =>
["_"_"_before_] =>
['_'_'_before_;_after] =>
['_'_"_before_] =>
['_"_'_before_;_after] =>
['_"_"_before_;_after] =>
)
--
Edit bug report at http://bugs.php.net/?id=46745&edit=1
--
Try a CVS snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=46745&r=trysnapshot52
Try a CVS snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=46745&r=trysnapshot53
Try a CVS snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=46745&r=trysnapshot60
Fixed in CVS:
http://bugs.php.net/fix.php?id=46745&r=fixedcvs
Fixed in CVS and need be documented:
http://bugs.php.net/fix.php?id=46745&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=46745&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=46745&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=46745&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=46745&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=46745&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=46745&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=46745&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=46745&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=46745&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=46745&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=46745&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=46745&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=46745&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=46745&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=46745&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=46745&r=mysqlcfg
