PHP :: Bug #66090 :: echo function in a script tag problem

Bug #66090	echo function in a script tag problem
Submitted:	2013-11-13 14:18 UTC	Modified:	2013-11-13 14:30 UTC
From:	leesec dot com at gmail dot com	Assigned:
Status:	Not a bug	Package:	*General Issues
PHP Version:	Irrelevant	OS:	win 7
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	leesec dot com at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2013-11-13 14:18 UTC] leesec dot com at gmail dot com

Description:
------------
Test environment is as follows:
---------------------------------
PHP version:5.4.16
Apache version:2.4.4
Mysql version:5.6.12
---------------------------------



Test script:
---------------
Copy the following code:
-------------------------------------------------------------------------
<html>
<head>
	<title>Hello World</title>
	<meta http-equiv="Content-type" content="text/html;charset=utf-8" />
<script>

var a="<?php echo $_GET['name'] ?>";

</script>
</head>
<body>

</body>
</html>

-----------------------------------------------------------------
Save as test.php, then run http://localhost/test.php (no parameters)

The browser's source code leak path found

Then view browser's source code with the following code:
<script>

var a="<br />
<font size='1'><table class='xdebug-error xe-notice' dir='ltr' border='1' cellspacing='0' cellpadding='1'>
<tr><th align='left' bgcolor='#f57900' colspan="5"><span style='background-color: #cc0000; color: #fce94f; font-size: x-large;'>( ! )</span> Notice: Undefined index: name in E:\wamp\www\test.php on line <i>7</i></th></tr>
<tr><th align='left' bgcolor='#e9b96e' colspan='5'>Call Stack</th></tr>
<tr><th align='center' bgcolor='#eeeeec'>#</th><th align='left' bgcolor='#eeeeec'>Time</th><th align='left' bgcolor='#eeeeec'>Memory</th><th align='left' bgcolor='#eeeeec'>Function</th><th align='left' bgcolor='#eeeeec'>Location</th></tr>
<tr><td bgcolor='#eeeeec' align='center'>1</td><td bgcolor='#eeeeec' align='center'>0.0000</td><td bgcolor='#eeeeec' align='right'>139408</td><td bgcolor='#eeeeec'>{main}(  )</td><td title='E:\wamp\www\test.php' bgcolor='#eeeeec'>..\test.php<b>:</b>0</td></tr>
</table></font>
";

</script>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-11-13 14:30 UTC] derick@php.net

-Status: Open +Status: Not a bug

[2013-11-13 14:30 UTC] derick@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

PHP is warning you about an undefined array element. This is exactly what should happen.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sat Jul 12 10:01:33 2025 UTC