From: david at collectfair dot co dot uk
Operating system: Linux
PHP version: 4.3.6
PHP Bug Type: *Regular Expressions
Bug description: Using utf8_decode with ereg breaks ereg
Description:
------------
ereg wrongly indicates that a GET string contains only integers if the
string is first processed using utf8_decode.
Example: The regular expression should return true only if the variable
'tt' in the GET string contains between 1 and 8 number characters.
This behaves correctly:
ereg('^[0-9]{1,8}$',$_GET['tt']))
This behaves wrongly:
ereg('^[0-9]{1,8}$',utf8_decode($_GET['tt'])))
---------------------------------------------------
PHP Configure line - './configure'
'--with-apxs2=/usr/local/apache/bin/apxs' '--with-mysql=/usr/local/mysql/'
'--with-mysql-sock=/tmp/mysql.sock' '--enable-exif' '--with-gd'
'--with-jpeg-dir=/usr/lib' '--with-png-dir=/usr/lib'
'--with-zlib-dir=/usr/lib' '--with-xpm-dir=/usr/lib'
'--with-freetype-dir=/usr/lib' '--with-t1lib=/usr/lib'
'--with-freetype-dir=/usr/lib' '--disable-debug'
'--with-config-file-path=/etc/httpd' '--with-openssl=/usr/local/ssl'
'--enable-memory-limit'
----------------------------------------------------
Apache 2.0.49
core mod_access mod_auth mod_include mod_log_config mod_env mod_headers
mod_setenvif mod_ssl prefork http_core mod_mime mod_status mod_autoindex
mod_asis mod_cgi mod_negotiation mod_dir mod_imap mod_actions mod_alias
mod_so mod_expires mod_rewrite mod_deflate mod_logio sapi_apache2
mod_security
Reproduce code:
---------------
Call this script with the following line in the browser:
http://localhost/test.php?tt=119%f0
<?php
if(isset($_GET['tt']) && eregi('^[0-9]{1,8}$',utf8_decode($_GET['tt']))){
//Should only get here if 'tt' is an integer
echo 'Integer';
}else{
echo 'Not an integer';
}
?>
Expected result:
----------------
The script should return "Not an integer" in the browser.
Actual result:
--------------
The script returns "Integer" in the browser, even though the GET string
contains other characters.
--
Edit bug report at http://bugs.php.net/?id=28494&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=28494&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=28494&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=28494&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=28494&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=28494&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=28494&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=28494&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=28494&r=support
Expected behavior: http://bugs.php.net/fix.php?id=28494&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=28494&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=28494&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=28494&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=28494&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=28494&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=28494&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=28494&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=28494&r=float
