PHP :: Bug #7987 :: POST/GET: string with NULL values not parsed correctly

Bug #7987	POST/GET: string with NULL values not parsed correctly
Submitted:	2000-11-27 02:28 UTC	Modified:	2000-12-12 05:53 UTC
From:	andbe611 at student dot liu dot se	Assigned:
Status:	Closed	Package:	HTTP related
PHP Version:	4.0.3pl1	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	andbe611 at student dot liu dot se
New email:
PHP Version:		OS:

New Comment:

[2000-11-27 02:28 UTC] andbe611 at student dot liu dot se

When posting a string like this:
var=hello%00world

The $HTTP_POST_VARS["var"] only contains "hello".

I use php.ini-dist
'--with-apxs=/usr/local/apache/bin/apxs' '--with-config-file-path=/usr/local/apache/conf' '--with-mysql' '--enable-track-vars' '--enable-ftp' '--enable-wddx'

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-11-27 02:44 UTC] andbe611 at student dot liu dot se

Ok, I might have been to brief.
I have an application posting the string "var=hello%00world" to a script:
<?php
print $HTTP_POST_VARS["var"];
?>
And the "var" gets trucated at the NULL character.
(I've tried it with and without magic_quotes_gpc)

[2000-11-27 06:28 UTC] waldschrott@php.net

are you sure they get truncated?
please echo strlen($HTTP_POST_VARS["var"]) *before* the
other output and please don't use NS 4.x it is known to
truncate an unknown number of bytes after a \0 string,
NS6,IE will work...

[2000-11-27 06:34 UTC] waldschrott@php.net

maybe duplicate of 7621

[2000-11-27 11:38 UTC] andbe611 at student dot liu dot se

Here is a short script that shows the problem. (I guess I should have posted thins in my first bugreport, sorry)
The script null_string.php gets called with:
http://myserver.com/null_string.php?truncated=hello%00world

null_string.php:
<?php
$works= "hello\x00world";
$fp = fopen("file.txt","w");
fwrite($fp,"$works\n");
fwrite($fp,"$truncated\n");
fclose($fp);
?>

file.txt opened in an hex editor:

hex: 68 65 6C 6C 6F 00 77 6F-72 6C 64 0A 68 65 6C 6C 6F 0A
text:hello.world.hello.

The $works is saved with the null value, but the $truncated in the get request gets truncated by php.

[2000-11-28 09:24 UTC] andbe611 at student dot liu dot se

Ok, I found this in:
php_variables.c row 202
/* FIXME: XXX: not binary safe, discards returned length */
php_url_decode(var, strlen(var));
php_url_decode(val, strlen(val));
php_register_variable(var, val, array_ptr ELS_CC PLS_CC);

So I guess you are already aware of the problem.

[2000-12-12 05:53 UTC] stas@php.net

Fixed in CVS.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Dec 27 15:01:29 2024 UTC