php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #8795 Recieved POST-form-data is unexpectedly escaped with backslashes
Submitted: 2001-01-18 22:37 UTC Modified: 2001-01-19 12:14 UTC
From: mogens at i dot am Assigned:
Status: Closed Package: Scripting Engine problem
PHP Version: 4.0.4pl1 OS: Windows 2000, SunOS and Linux (
Private report: No CVE-ID: None
 [2001-01-18 22:37 UTC] mogens at i dot am
When using the <form action="post"...>-tag, the posted result is unexpectedly changed so that single quotes ('), double quotes (") and backslash (\) is recieved in backslash-escaped form (\', \", and \\).

The unexpected results have been reproduced with PHP4 v4.0.2, v4.0.3pl1 and v4.0.4pl1 on Windows 2000 (downloaded binary from php.net), and with PHP v4.0.3pl1 on SunOS SunOS v5.6 (amongst others). The tested browsers are MS Internet Explorer 5.00, IE5.5sp1, Netscape v6.?? and Opera v5.??.

However, php3 produces the EXPECTED, un-escaped result!!!
This is tested with PHP v3.0.16 on SunOS v5.6 and PHP v3.0.11 on Linux v2.0.30.

You can experience both the expected and unexpected behavior yourself with a tiny testscript I've written to trace the problem:
http://witca.dk/php/posttest.php (PHP4)
and http://witca.dk/php/posttest.php3 (PHP3)

The source is visible at 
http://witca.dk/php/source.php?file=posttest.php

The script sends the result to itself and shows it.
You will notice that everything is passed on unmodified in the php3-version, whereas the mentioned characters are escaped each time they are sent through the php4-version (doubling the number of backslashes every time!)

phpinfo is available at
http://witca.dk/php/phpinfo.php (php4)
and http://witca.dk/php/phpinfo.php3 (php3).

If this is a documented feature and not a bug as I expect I would really apreciate being pointed to documentation of the "feature" and better yet, how to work around the "feature"! ;)

Thanks in advance! :)
Mogens M. Christensen

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-01-19 12:14 UTC] cynic@php.net
you must turn magic_quotes_gpc off if you don't want PHP to addslashes() your GPC data.
if this is not the case, reopen the bug report.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 14:01:28 2024 UTC