php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68666 in 5.4 most Functions and Statements, taint is not work
Submitted: 2014-12-28 05:04 UTC Modified: 2014-12-29 02:17 UTC
From: devtoby at 163 dot com Assigned:
Status: Closed Package: taint (PECL)
PHP Version: 5.4.36 OS: OS X 10.9, CentOS 6.5
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: devtoby at 163 dot com
New email:
PHP Version: OS:

 

 [2014-12-28 05:04 UTC] devtoby at 163 dot com
Description:
------------
OS: OS X 10.9, CentOS 6.5
PHP Version: php-5.4.24
Taint Version: taint-1.2.2

The manual example is not work. (http://php.net/manual/en/intro.taint.php)

Test script:
---------------
<?php

$a = trim($_GET['a']);

$output    = "{$a}";
echo $output;

$file_name = '/tmp' .  $a;
$output    = "Welcome, {$a} !!!";
$var       = "output";
$sql       = "Select *  from " . $a;
$sql      .= "ooxx";

echo $output;

print $$var;

include($file_name);

mysql_query($sql);

Expected result:
----------------
Same as the manual example. (http://php.net/manual/en/intro.taint.php) 

Warning: main() [function.echo]: Attempt to echo a string that might be tainted

Warning: main() [function.echo]: Attempt to print a string that might be tainted

Warning: include() [function.include]: File path contains data that might be tainted

Warning: mysql_query() [function.mysql-query]: SQL statement contains data that might be tainted

Actual result:
--------------
Error log:

[28-Dec-2014 12:51:55 PRC] PHP Warning:  main(): Attempt to echo a string that might be tainted in /data/www/1.php on line 6
[28-Dec-2014 12:51:55 PRC] PHP Warning:  include(/tmp1 or 1=1): failed to open stream: No such file or directory in /data/www/1.php on line 18
[28-Dec-2014 12:51:55 PRC] PHP Warning:  include(): Failed opening '/tmp1 or 1=1' for inclusion (include_path='.:') in /data/www/1.php on line 18
[28-Dec-2014 12:51:55 PRC] PHP Warning:  mysql_query(): No such file or directory in /data/www/1.php on line 20
[28-Dec-2014 12:51:55 PRC] PHP Warning:  mysql_query(): A link to the server could not be established in /data/www/1.php on line 20


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-12-29 02:17 UTC] devtoby at 163 dot com
-Status: Open +Status: Closed
 [2014-12-29 02:17 UTC] devtoby at 163 dot com
It's conflict with XDebug. When I remove xdebug.so, it work.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 26 21:01:28 2024 UTC