PHP :: Bug #48719 :: parse_ini_*(): scanner mode is not checked for sanity

Bug #48719	parse_ini_*(): scanner mode is not checked for sanity
Submitted:	2009-06-29 13:13 UTC	Modified:	2009-08-07 15:45 UTC
From:	dragoonis at gmail dot com	Assigned:	kalle (profile)
Status:	Closed	Package:	PHP options/info functions
PHP Version:	5.3.0RC4	OS:	*
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	dragoonis at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2009-06-29 13:13 UTC] dragoonis at gmail dot com

Description:
------------
The sanitation on the new parse_ini_file parameter names scanner mode doesn't check if a valid scanner mode has been passed.

The patch has been applied below the if() for if (filename_len == 0) {.
The fix can be found here:
http://digiflexdev.com/php/parse_ini_file_fix.txt

The .phpt file for this is below
http://digiflexdev.com/php/parse_ini_file_test.txt
I realise the .phpt file is wrong somewhat this is my first bug report and the .phpt file just shows.

The same issue applies to parse_ini_string, respectively.

Reproduce code:
---------------
<?php print_r(parse_ini_file('file.ini', false', INVALID_SCANNER_MODE));

Make a file named file.ini with the following in it.
data = 2

Expected result:
----------------
I'd expect to see a notice. and default to ZEND_INI_SCANNER_NORMAL which is what my fix does.

Actual result:
--------------
Warning: parse_ini_file() expects parameter 3 to be long, string given in /home/pdragoonis/php-5.3.0/sapi/cli/pd/parse_ini_file_test.php on line 3

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-06-29 13:44 UTC] dragoonis at gmail dot com

Firstly, the original reproduce code has a syntax error in it however heres what happens if you pass a valid constant to the function which isn't ZEND_INI_SCANNER_NORMAL and ZEND_INI_SCANNER_RAW

<?php
error_reporting(E_ALL);
defie('MODE', 3);
print_r(parse_ini_file('file.ini', false, MODE));


The fix outputs the following.
Notice: parse_ini_file(): Invalid scanner mode supplied. Defaulting to INI_SCANNER_NORMAL in /home/pdragoonis/php-5.3.0/sapi/cli/file.php on line 5
Array
(
    [data] => 2
)

[2009-06-29 21:45 UTC] dragoonis at gmail dot com

After more learning of how things work i've made the ZendEngine2 .patch file and uploaded it to the following location.
http://digiflexdev.com/php/48719.patch

[2009-08-07 15:44 UTC] svn@php.net

Automatic comment from SVN on behalf of jani
Revision: http://svn.php.net/viewvc/?view=revision&revision=286913
Log: - Fixed bug #48719 parse_ini_*(): scanner mode is not checked for sanity)

[2009-08-07 15:45 UTC] jani@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Jan 22 13:01:32 2025 UTC