|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2009-02-25 11:15 UTC] gazheyes at gmail dot com
Description: ------------ Stripslashes appears to be converting null escapes into a null character. I've tested other unicode characters from 0 to 100,000 and only null escapes are converted. IMO you shouldn't be able to decode null chars from a url like this. Marc Zimmerli originally found this bug. Reproduce code: --------------- the url contains page.php?x=\0 <?php echo stripslashes($_GET['x']); ?> Expected result: ---------------- 0 Actual result: -------------- null PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Sat Dec 21 15:01:29 2024 UTC |
Thank you for your bug report. I could reproduce the problem, but I don't think it is a bug. Stripslashes is meant to be the reverse of addslashes or the magic_quotes_gpc behavior. This means it does not only remove the slash in front of quotes, but also handles some other escaped characters, such as newlines and null characters: <?php $slashed = addslashes("\0\r\n\t"); echo bin2hex(stripslashes($slashed)); ?>