#28494 [Opn]: Using utf8_decode with ereg breaks ereg

Sun, 23 May 2004 05:40:10 -0700 

 ID:               28494
 User updated by:  david at collectfair dot co dot uk
 Reported By:      david at collectfair dot co dot uk
 Status:           Open
 Bug Type:         *Regular Expressions
 Operating System: Linux
 PHP Version:      4.3.6
 New Comment:

Further testing shows that failure only occurs when the %f0 is at the
GET string

Changing to this Perl based regular expression removes the problem
completely.

preg_match('/^\d{1,8}$/', utf8_decode($_GET['tt']));


Previous Comments:
------------------------------------------------------------------------

[2004-05-23 01:59:20] david at collectfair dot co dot uk

Description:
------------
ereg wrongly indicates that a GET string contains only integers if the
string is first processed using utf8_decode. 

Example: The regular expression should return true only if the variable
'tt' in the GET string contains between 1 and 8 number characters. 

This behaves correctly:
ereg('^[0-9]{1,8}$',$_GET['tt']))

This behaves wrongly:
ereg('^[0-9]{1,8}$',utf8_decode($_GET['tt'])))
---------------------------------------------------
PHP Configure line - './configure'
'--with-apxs2=/usr/local/apache/bin/apxs'
'--with-mysql=/usr/local/mysql/' '--with-mysql-sock=/tmp/mysql.sock'
'--enable-exif' '--with-gd' '--with-jpeg-dir=/usr/lib'
'--with-png-dir=/usr/lib' '--with-zlib-dir=/usr/lib'
'--with-xpm-dir=/usr/lib' '--with-freetype-dir=/usr/lib'
'--with-t1lib=/usr/lib' '--with-freetype-dir=/usr/lib'
'--disable-debug' '--with-config-file-path=/etc/httpd'
'--with-openssl=/usr/local/ssl' '--enable-memory-limit'
----------------------------------------------------
Apache 2.0.49
core mod_access mod_auth mod_include mod_log_config mod_env mod_headers
mod_setenvif mod_ssl prefork http_core mod_mime mod_status
mod_autoindex mod_asis mod_cgi mod_negotiation mod_dir mod_imap
mod_actions mod_alias mod_so mod_expires mod_rewrite mod_deflate
mod_logio sapi_apache2 mod_security

Reproduce code:
---------------
Call this script with the following line in the browser:

http://localhost/test.php?tt=119%f0

<?php
if(isset($_GET['tt']) &&
eregi('^[0-9]{1,8}$',utf8_decode($_GET['tt']))){
  //Should only get here if 'tt' is an integer 
  echo 'Integer';
}else{
  echo 'Not an integer';
}
?>

Expected result:
----------------
The script should return "Not an integer" in the browser.

Actual result:
--------------
The script returns "Integer" in the browser, even though the GET string
contains other characters.


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=28494&edit=1

Reply via email to