Bug #54703 [Fbk->Opn]: When containing a null character, $_GET variable not set (properly)

Tue, 10 May 2011 14:31:27 -0700 

Edit report at http://bugs.php.net/bug.php?id=54703&edit=1

 ID:                 54703
 User updated by:    php at tracking-celebs dot info
 Reported by:        php at tracking-celebs dot info
 Summary:            When containing a null character, $_GET variable not
                     set (properly)
-Status:             Feedback
+Status:             Open
 Type:               Bug
 Package:            *General Issues
 PHP Version:        5.2.17
 Block user comment: N
 Private report:     N

 New Comment:

On that linux machine there is suhosin indeed, so it could be causing
the problem. I just tried on another computer with a new vanilla
php-5.2.17 and then got the same results as did on windows.



Would seem indeed to be caused by suhosin; however i just added suhosin
on there and it still worked then as before, so there must be something
else on that other computer...



Anyways, can't reproduce it with a vanilla php, so that's that. I got
things mixed up, seems there's no bug here after all; Apologies.


Previous Comments:
------------------------------------------------------------------------
[2011-05-10 19:39:23] [email protected]

On Linux this is not true unless you have something specifically
filtering these 

on you. Without ext/filter, suhosin or your own filter code, nulls go
through 

fine. See: http://progphp.com/null.php?fb=foo%00bar

And the source for the script: http://progphp.com/null.phps



And it shouldn't be any different on Windows.

------------------------------------------------------------------------
[2011-05-10 19:21:28] php at tracking-celebs dot info

Description:
------------
When a null character is present in the value of a variable in the
request string (encoded as %00), said variable will either not be set in
$_GET at all (linux) or be set improperly (null character is escaped;
win32)



Test script:
---------------
<?php

print_r($_GET);



if (isset($_GET['fb']))

{

 echo strlen($_GET['fb']);

}

else

{

 echo '<a href="?fb=foo%00bar">click me</a>';

}



Expected result:
----------------
After clicking the link:

Array

(

    [fb] => foo�bar

)

7



Actual result:
--------------
After clicking the link:



- On a linux setup:

Array

(

)

<a href="?fb=foo%00bar">click me</a>



- On a win32 setup:

Array

(

    [fb] => foo\0bar

)

8




------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=54703&edit=1

Reply via email to