ID: 32127
Updated by: [EMAIL PROTECTED]
Reported By: M dot Kooiman at MAP-IS dot nl
-Status: Open
+Status: Assigned
Bug Type: Unknown/Other Function
Operating System: Linux 2.6
PHP Version: 4.3.10
-Assigned To:
+Assigned To: derick
Previous Comments:
------------------------------------------------------------------------
[2005-02-27 12:58:18] M dot Kooiman at MAP-IS dot nl
Description:
------------
Hi,
It seems is_numeric() isn't binary safe. Which, in itself isn't a big
problem, but it becomes a problem when is_numeric () is used as input
(GET/POST) validation.
Reproduce code:
---------------
<?php
/*
* I'm fully aware you should first sanitize the data before
outputting. The following code
* is just an example pointing out the problem. Also consider
situations where
* the result is trusted because of is_numeric() and then used in SQL
queries.
*/
/* call this like:
file.php?whatever=123%00<script>alert(document.cookie);</script>
*/
if (is_numeric($_GET['whatever']))
{
echo "Whatever: {$_GET['whatever']}<br>";
} else{
echo 'The string isn't numeric.';
}
?>
Expected result:
----------------
is_numeric() should fail the string because it contains extra arbitrary
data.
Actual result:
--------------
is_numeric() will validate a string that has a number + null char +
arbitrary data as a valid number.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=32127&edit=1
