php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #30603 eval() - some double quotes are removed
Submitted: 2004-10-28 19:43 UTC Modified: 2004-10-28 22:38 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: naderman at gmx dot de Assigned:
Status: Not a bug Package: Unknown/Other Function
PHP Version: 4.3.9 OS: GNU/Linux (Debian)
Private report: No CVE-ID: None
View Developer Edit
 [2004-10-28 19:43 UTC] naderman at gmx dot de 
Description:
------------
I use a templating engine, and tried to put escaped quotes inside an html attribute, but the result was quite different to what I expected, the quotes in the end were missing. Afterwards I tried to do the same with smarty, but the result was the same. I found out, that this only happens inside quotes inside a html tag. This only happens with double quotes. Single quotes are not removed, but I need to use double quotes because my original intention was to use javascript inside onmouseover.

I use the Debian PHP Package.

(This also happend with a self compiled version of PHP 5.0.2)

Reproduce code:
---------------
<?php
$var = 'This is a \\"test\\"';
eval(' ?><a title="<?php echo $var; ?>"><?php ');
?>

Expected result:
----------------
<a title="This is a \"test\"">

Actual result:
--------------
<a title="This is a \"test\>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-10-28 22:25 UTC] naderman at gmx dot de 
I noticed, this is not allowed anyway. I have to use &quot; inside attributes. So I close this now.
 [2004-10-28 22:38 UTC] derick@php.net 
Not a bug in PHP -> bogus.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Thu Dec 04 08:00:01 2025 UTC