ID: 9462
Updated by: derick
Old-Status: Open
Status: Closed
Bug Type: Filesystem function related
PHP Version: 4.0.4pl1
Assigned To: 

Andi says:
I don't understand why this is a bug. He should code better :) This is how
the OS works or am I missing something?

This is an OS thingy, so I'm closing this.

Previous Comments:

[2001-03-01 10:34:19] [EMAIL PROTECTED]
On my system, with something like:
include($string . ".php");

I'm able to get, for example, /etc/passwd by adding a null byte to the end of $string, 
causing the include function to ignore the ".php" extension set on the include.


[2001-02-28 23:06:04] [EMAIL PROTECTED]
just error reporting functions are not binary safe. although i do not see a reason to 
open a file containing a null char in the name - most OSes will get the part before 
the first null char. lets call it bug because current behav doesn't help enough to 
track the problem


[2001-02-26 09:17:33] [EMAIL PROTECTED]
I'm not sure if this is a bug or feature, comments are apreciated.

include($string . ".php");
with "magic_quotes_gpc = On" (php.ini) calling test.php?string=test%00
result: Warning: Failed opening 'test

PHP Development Mailing List <>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to