From: michkol at gmail dot com
Operating system: Linux
PHP version: 5.2.11
PHP Bug Type: Apache2 related
Bug description: Source code is sometimes sent to the browser
Description:
------------
PHP responds to some invalid POST requests with an error message that
includes the source code.
Reproduce code:
---------------
<?php
$dblogin = 'admin';
$dbpass = 'secret';
mysql_connect('localhost', $dblogin, $dbpass);
echo 'some output';
?>
$ telnet localhost 80
POST /test.php HTTP/1.0
Content-Length: -75000000
Expected result:
----------------
The code of a script should be never sent to clients. This is a severe
security flaw.
Apache/PHP should just send a 413 error, without the code, for example:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>413 Request Entity Too Large</title>
</head><body>
<h1>Request Entity Too Large</h1>
The requested resource<br />/test.php<br />
does not allow request data with POST requests, or the amount of data
provided in
the request exceeds the capacity limit.
</body></html>
Actual result:
--------------
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>413 Request Entity Too Large</title>
</head><body>
<h1>Request Entity Too Large</h1>
The requested resource<br />/test.php<br />
does not allow request data with POST requests, or the amount of data
provided in
the request exceeds the capacity limit.
</body></html>
<?php
$dblogin = 'admin';
$dbpass = 'secret';
mysql_connect('localhost', $dblogin, $dbpass);
echo 'some output';
?>
--
Edit bug report at http://bugs.php.net/?id=49650&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=49650&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=49650&r=trysnapshot53
Try a snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=49650&r=trysnapshot60
Fixed in SVN:
http://bugs.php.net/fix.php?id=49650&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=49650&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=49650&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=49650&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=49650&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=49650&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=49650&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=49650&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=49650&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=49650&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=49650&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=49650&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=49650&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=49650&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=49650&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=49650&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=49650&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=49650&r=mysqlcfg
