PHP :: Bug #48719 :: parse_ini_*(): scanner mode is not checked for sanity

Bug #48719	parse_ini_*(): scanner mode is not checked for sanity
Submitted:	2009-06-29 13:13 UTC	Modified:	2009-08-07 15:45 UTC
From:	dragoonis at gmail dot com	Assigned:	kalle (profile)
Status:	Closed	Package:	PHP options/info functions
PHP Version:	5.3.0RC4	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	dragoonis at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2009-06-29 13:13 UTC] dragoonis at gmail dot com

Description:
------------
The sanitation on the new parse_ini_file parameter names scanner mode doesn't check if a valid scanner mode has been passed.

The patch has been applied below the if() for if (filename_len == 0) {.
The fix can be found here:
http://digiflexdev.com/php/parse_ini_file_fix.txt

The .phpt file for this is below
http://digiflexdev.com/php/parse_ini_file_test.txt
I realise the .phpt file is wrong somewhat this is my first bug report and the .phpt file just shows.

The same issue applies to parse_ini_string, respectively.

Reproduce code:
---------------
<?php print_r(parse_ini_file('file.ini', false', INVALID_SCANNER_MODE));

Make a file named file.ini with the following in it.
data = 2

Expected result:
----------------
I'd expect to see a notice. and default to ZEND_INI_SCANNER_NORMAL which is what my fix does.

Actual result:
--------------
Warning: parse_ini_file() expects parameter 3 to be long, string given in /home/pdragoonis/php-5.3.0/sapi/cli/pd/parse_ini_file_test.php on line 3

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-06-29 13:44 UTC] dragoonis at gmail dot com

Firstly, the original reproduce code has a syntax error in it however heres what happens if you pass a valid constant to the function which isn't ZEND_INI_SCANNER_NORMAL and ZEND_INI_SCANNER_RAW

<?php
error_reporting(E_ALL);
defie('MODE', 3);
print_r(parse_ini_file('file.ini', false, MODE));


The fix outputs the following.
Notice: parse_ini_file(): Invalid scanner mode supplied. Defaulting to INI_SCANNER_NORMAL in /home/pdragoonis/php-5.3.0/sapi/cli/file.php on line 5
Array
(
    [data] => 2
)

[2009-06-29 21:45 UTC] dragoonis at gmail dot com

After more learning of how things work i've made the ZendEngine2 .patch file and uploaded it to the following location.
http://digiflexdev.com/php/48719.patch

[2009-08-07 15:44 UTC] svn@php.net

Automatic comment from SVN on behalf of jani
Revision: http://svn.php.net/viewvc/?view=revision&revision=286913
Log: - Fixed bug #48719 parse_ini_*(): scanner mode is not checked for sanity)

[2009-08-07 15:45 UTC] jani@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Oct 29 22:00:02 2025 UTC