php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #14984 php parser problem, with // comment, can reveal script
Submitted: 2002-01-10 19:03 UTC Modified: 2002-04-29 07:33 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: dd at asi dot fr Assigned:
Status: Closed Package: Documentation problem
PHP Version: 4.0.6 OS: windows and other
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: dd at asi dot fr
New email:
PHP Version: OS:

 

 [2002-01-10 19:03 UTC] dd at asi dot fr 
Hi all,

I found this bug randomly as all other, it cause me
a php html parser to crash.

try a script like this : 


<?php
// eval('?>'.$tmp);
// eval('>'.$tmp);
$coucou='';

$password = 'le parser php d?conne';
$password = 'php parser bug';

/*
<? php ?>
*/
// // coucou ?>
// ?>
// ?
// >
?>

see the result, abnormal I think:

'.$tmp); // eval('>'.$tmp); $coucou=''; $password = 'le parser php d?conne'; $password = 'php parser bug'; /* */ // // coucou ?> // ?> // ? // > ?>


I think it can be a very very serious, easy to fiw fot you,
but in the case a php user encounter it.
It so surpising !!!



thanks.

An echo please.

Yours faithlly php is always great!.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-01-11 05:56 UTC] hholzgra@php.net 
'?>' in a comment switching out of php mode
is intended behaviour, consider

...<?php foo($bar); // do foo ?>...

embedded in a document

changing this would break backwards compatibility
and would lead to problems of its own kind

changed to "documentation problem"
 [2002-01-19 22:05 UTC] irc-html@php.net 
I'll add a note in the documentation about this.

Status -> Assigned
 [2002-01-26 12:28 UTC] irc-html@php.net 
Un-assigning.

Status -> Open
 [2002-04-29 07:33 UTC] manuzhai@php.net 
This bug has been fixed in CVS. You can grab a snapshot of the
CVS version at http://snaps.php.net/
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed May 07 11:01:29 2025 UTC