|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2006-01-12 21:23 UTC] tony2001@php.net
[2006-01-12 21:28 UTC] scott at abcoa dot com
[2006-01-12 21:35 UTC] tony2001@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Oct 25 22:00:01 2025 UTC |
Description: ------------ After some hair pulling over figuring out the problem was until I came upon this bug and built a testcase for it. The script I'm using is a screen scraping feature since one of the Credit Bureaus doesn't have XML data. This bug was detected 2 months ago with PHP 4.3.7 then upgraded PHP 5.1.1 and bug still exist. The bug here is that there's no "<td>" data in PHP but is present when it is passed on to HTML. I don't know if the bug is the echo, substr() or strpos(). So, pay attention to the $ssn1 variable via echo output. Reproduce code: --------------- <? //$responsedata = "<table><tr><td>SSN:</td><td>400-41-4001</td></table>"; $responsedata = "<table><tr><td>SSN:</td><td>400-41-4001</td></table>"; //$StrPosValue3 = 0; for($x=0;$x<2;$x++) { //1 - Individual, 2 - Joint $StrPosValue1 = strpos($responsedata,"SSN:",$StrPosValue3); if (!($StrPosValue1 === false)) { $StrPosValue1 = strpos($responsedata,"<td>",($StrPosValue1+1)); $tmp1 = substr($responsedata,0,$StrPosValue1+4); $tmp2 = substr($responsedata,$StrPosValue1,strlen($responsedata)); $StrPosValue2 = strpos($tmp2,"</td>"); $ssn1 = substr($tmp2,0,$StrPosValue2); $tmp3 = substr($tmp2,$StrPosValue2,strlen($tmp2)); $ssn1 = trim($ssn1); $ssn1 = str_replace("-","",$ssn1); //12/23/2005 - Found a PHP bug that somehow insert the \"<td>\" characters to the beginning of // the SSN characters, problem is it is not visisible with the echo command unless // it is assigned to a variable or to this, echo "test ".$ssn1." test"; statement... // So, we'll have to use PHP to remove it ourselve... //============================================= //============================================= // See bug demo below... echo "## --> ".$ssn1." <-- ##<br>"; echo "<script type='text/javascript'>\n"; echo "alert('".$ssn1."');\n"; echo "</script>\n"; //============================================= //============================================= // Bug workaround available below... $ssn1 = substr($ssn1,-9); //Used the last 9 characters and dump the first 4 characters... //============================================= //============================================= $ssn1 = "XXX-XX-".substr($ssn1, -4); $responsedata = $tmp1.$ssn1.$tmp3; $StrPosValue3 = $StrPosValue1 + 1; } } ?> Expected result: ---------------- Should not display the "<td>" data. Actual result: -------------- Displayed the "<td>" data.