php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Doc Bug #64069 Function strcasecmp will return NULL if it gets an array.
Submitted: 2013-01-25 08:55 UTC Modified: 2013-01-25 10:46 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: cayce245 at gmail dot com Assigned:
Status: Not a bug Package: Documentation problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: cayce245 at gmail dot com
New email:
PHP Version: OS:

 

 [2013-01-25 08:55 UTC] cayce245 at gmail dot com 
Description:
------------
---
From manual page: http://www.php.net/function.strcasecmp#refsect1-
function.strcasecmp-returnvalues
---

Function strcasecmp will return NULL if it gets an array. Now it seems that 
function will return only an integer, and this 
assumption can be a security risk, like in the example bellow.

Test script:
---------------
<?php
$pass = isset($_GET['pass'])?$_GET['pass']:'';

    // Query /?pass=[] will authorize user
if ( strcasecmp( $pass, '123456' ) == 0 )
{
  echo 'You successfully logged in.';
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-01-25 09:18 UTC] cayce245 at gmail dot com 
Query /?pass[] will authorize user **
 [2013-01-25 10:46 UTC] krakjoe@php.net
-Status: Open +Status: Not a bug
 [2013-01-25 10:46 UTC] krakjoe@php.net 
It is established behavior for function that receive the wrong type of 
argument(s) to return null.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 21:01:28 2024 UTC