php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #54703 When containing a null character, $_GET variable not set (properly)
Submitted: 2011-05-10 19:21 UTC Modified: 2011-05-11 11:15 UTC
From: php at tracking-celebs dot info Assigned:
Status: Not a bug Package: *General Issues
PHP Version: 5.2.17 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: php at tracking-celebs dot info
New email:
PHP Version: OS:

 

 [2011-05-10 19:21 UTC] php at tracking-celebs dot info 
Description:
------------
When a null character is present in the value of a variable in the request string (encoded as %00), said variable will either not be set in $_GET at all (linux) or be set improperly (null character is escaped; win32)


Test script:
---------------
<?php
print_r($_GET);

if (isset($_GET['fb']))
{
 echo strlen($_GET['fb']);
}
else
{
 echo '<a href="?fb=foo%00bar">click me</a>';
}


Expected result:
----------------
After clicking the link:
Array
(
    [fb] => foo�bar
)
7


Actual result:
--------------
After clicking the link:

- On a linux setup:
Array
(
)
<a href="?fb=foo%00bar">click me</a>

- On a win32 setup:
Array
(
    [fb] => foo\0bar
)
8

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-05-10 19:39 UTC] rasmus@php.net
-Status: Open +Status: Feedback
 [2011-05-10 19:39 UTC] rasmus@php.net 
On Linux this is not true unless you have something specifically filtering these 
on you. Without ext/filter, suhosin or your own filter code, nulls go through 
fine. See: http://progphp.com/null.php?fb=foo%00bar
And the source for the script: http://progphp.com/null.phps

And it shouldn't be any different on Windows.
 [2011-05-10 23:31 UTC] php at tracking-celebs dot info
-Status: Feedback +Status: Open
 [2011-05-10 23:31 UTC] php at tracking-celebs dot info 
On that linux machine there is suhosin indeed, so it could be causing the problem. I just tried on another computer with a new vanilla php-5.2.17 and then got the same results as did on windows.

Would seem indeed to be caused by suhosin; however i just added suhosin on there and it still worked then as before, so there must be something else on that other computer...

Anyways, can't reproduce it with a vanilla php, so that's that. I got things mixed up, seems there's no bug here after all; Apologies.
 [2011-05-11 11:15 UTC] johannes@php.net
-Status: Open +Status: Bogus
 [2011-05-11 11:15 UTC] johannes@php.net 
No bug. Closing.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 16:01:28 2024 UTC