php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #68963 Error handler output is not binary safe
Submitted: 2015-01-31 09:30 UTC Modified: -
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: mails at thomasbley dot de Assigned:
Status: Open Package: *General Issues
PHP Version: 5.5.21 OS: Ubuntu 14.04.1 LTS
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mails at thomasbley dot de
New email:
PHP Version: OS:

 

 [2015-01-31 09:30 UTC] mails at thomasbley dot de 
Description:
------------
Accessing undefined object members gives a wrong notice message if the member contains a zero byte. The problem occurs in real code when request parameters are put as members in controller or request objects.

Test script:
---------------
<?php
ini_set('error_reporting', E_ALL);
ini_set('display_errors', 1);

$obj = new stdclass();
echo $obj->{"foo\0bar"};

$obj->{"foo\0bar"} = 1;
echo $obj->{"foo\0bar"};

Expected result:
----------------
sapi/cli/php /tmp/test.php

Notice: Undefined property: stdClass::$foobar in /tmp/test.php on line 6
1

Actual result:
--------------
sapi/cli/php /tmp/test.php

Notice: Undefined property: stdClass::$foo in /tmp/test.php on line 6
1

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-07-05 21:23 UTC] hanskrentel at yahoo dot de 
This is for all error messages, e.g.:

trigger_error("foo\0bar");
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Mon Dec 30 14:01:28 2024 UTC