ID: 9462 Updated by: derick Reported By: [EMAIL PROTECTED] Old-Status: Open Status: Closed Bug Type: Filesystem function related PHP Version: 4.0.4pl1 Assigned To: Comments: Andi says: I don't understand why this is a bug. He should code better :) This is how the OS works or am I missing something? This is an OS thingy, so I'm closing this. Previous Comments: --------------------------------------------------------------------------- [2001-03-01 10:34:19] [EMAIL PROTECTED] On my system, with something like: include($string . ".php"); I'm able to get, for example, /etc/passwd by adding a null byte to the end of $string, causing the include function to ignore the ".php" extension set on the include. --------------------------------------------------------------------------- [2001-02-28 23:06:04] [EMAIL PROTECTED] just error reporting functions are not binary safe. although i do not see a reason to open a file containing a null char in the name - most OSes will get the part before the first null char. lets call it bug because current behav doesn't help enough to track the problem --------------------------------------------------------------------------- [2001-02-26 09:17:33] [EMAIL PROTECTED] I'm not sure if this is a bug or feature, comments are apreciated. http://bugs.horde.org/show_bug.cgi?id=621 Example: <quote> include($string . ".php"); </quote> with "magic_quotes_gpc = On" (php.ini) calling test.php?string=test%00 result: Warning: Failed opening 'test -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
