From: hacker at tjworld dot net Operating system: Windows XP Professional SP2 PHP version: 5.1.0RC6 PHP Bug Type: Strings related Bug description: strpos fails to match unescaped single-quotes passed via function
Description: ------------ strpos() is failing to match 'needle' when the part of haystack we're looking for contains single-quotes, AND the needle string is passed into a function that does the strpos() search, AND the needle string does not use escaped single-quotes. The same strpos() search outside of the function scope works as expected. This only occurs with magic_quotes_runtime = On but the docs for magic_quotes_runtime don't mention that strings being passed into functions will be affected, only strings returned... http://uk.php.net/manual/en/ref.info.php#ini.magic-quotes-runtime TJ. Reproduce code: --------------- <?php function findNeedle($file, $needle) { if (($f = fopen($file, 'r'))) { $content = fread($f, filesize($file)); fclose($f); echo htmlspecialchars("Haystack: $content\n\n"); $offsetStart = strpos($content, $needle); echo "From offset $offsetStart ->>>".htmlspecialchars($needle)."\n"; if ($offsetStart === false) echo "Error, cannot find start offset.\n"; } } $haystack="<tr><td class=\"main\"><?php echo TEXT_PRODUCTS_WEIGHT; ?></td><td class=\"main\"><?php echo tep_draw_separator('pixel_trans.gif', '24', '15') . ' ' . tep_draw_input_field('products_weight', \$pInfo->products_weight); ?></td></tr></table></td>"; $needle = "tep_draw_input_field('products_weight', \$pInfo->products_weight); ?></td>"; echo "<pre>This will find it - strpos() in same scope\n"; echo htmlspecialchars("Haystack: $haystack\n\n"); $offsetStart = strpos($haystack, $needle); echo "From offset $offsetStart ->>>".htmlspecialchars($needle)."\n"; if ($offsetStart === false) echo "Error, cannot find start offset.\n"; if (($f = fopen('test.html', 'w'))) { // note: haystack contains excerpt from HTML source file, which is read from disk in the code where the problem was discovered // double-quotes are manually escaped here to pass grammar checks // dollar-signs escaped to prevent variable replacement fwrite($f, $haystack); fclose($f); echo "\n\nThis will fail to find it - strpos() in function scope\n"; $needle = "tep_draw_input_field('products_weight', \$pInfo->products_weight); ?></td>"; findNeedle('test.html',$needle); echo "\n\nThis will find it - added escaped single-quotes - strpos() in function scope\n"; $needle = "tep_draw_input_field(\'products_weight\', \$pInfo->products_weight); ?></td>"; findNeedle('test.html',$needle); echo "</pre>"; } ?> Expected result: ---------------- All three searches should find the needle. Actual result: -------------- This will find it - strpos() in same scope Haystack: <tr><td class="main"><?php echo TEXT_PRODUCTS_WEIGHT; ?></td><td class="main"><?php echo tep_draw_separator('pixel_trans.gif', '24', '15') . ' ' . tep_draw_input_field('products_weight', $pInfo->products_weight); ?></td></tr></table></td> >From offset 152 ->>>tep_draw_input_field('products_weight', $pInfo->products_weight); ?></td> This will fail to find it - strpos() in function scope Haystack: <tr><td class=\"main\"><?php echo TEXT_PRODUCTS_WEIGHT; ?></td><td class=\"main\"><?php echo tep_draw_separator(\'pixel_trans.gif\', \'24\', \'15\') . \' \' . tep_draw_input_field(\'products_weight\', $pInfo->products_weight); ?></td></tr></table></td> >From offset ->>>tep_draw_input_field('products_weight', $pInfo->products_weight); ?></td> Error, cannot find start offset. This will find it - added escaped single-quotes - strpos() in function scope Haystack: <tr><td class=\"main\"><?php echo TEXT_PRODUCTS_WEIGHT; ?></td><td class=\"main\"><?php echo tep_draw_separator(\'pixel_trans.gif\', \'24\', \'15\') . \' \' . tep_draw_input_field(\'products_weight\', $pInfo->products_weight); ?></td></tr></table></td> >From offset 164 ->>>tep_draw_input_field(\'products_weight\', $pInfo->products_weight); ?></td> -- Edit bug report at http://bugs.php.net/?id=35334&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=35334&r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=35334&r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=35334&r=trysnapshot51 Fixed in CVS: http://bugs.php.net/fix.php?id=35334&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=35334&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=35334&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=35334&r=needscript Try newer version: http://bugs.php.net/fix.php?id=35334&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=35334&r=support Expected behavior: http://bugs.php.net/fix.php?id=35334&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=35334&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=35334&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=35334&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=35334&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=35334&r=dst IIS Stability: http://bugs.php.net/fix.php?id=35334&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=35334&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=35334&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=35334&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=35334&r=mysqlcfg
