php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #9462 NULL bute eats rest of string
Submitted: 2001-02-26 09:17 UTC Modified: 2001-05-05 14:33 UTC
From: tharbad at kaotik dot org Assigned:
Status: Closed Package: Filesystem function related
PHP Version: 4.0.4pl1 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tharbad at kaotik dot org
New email:
PHP Version: OS:

 

 [2001-02-26 09:17 UTC] tharbad at kaotik dot org 
I'm not sure if this is a bug or feature, comments are apreciated.

http://bugs.horde.org/show_bug.cgi?id=621

Example:
<quote>
include($string . ".php");
</quote>
with "magic_quotes_gpc = On" (php.ini) calling test.php?string=test%00
result: Warning: Failed opening 'test\0.php' for inclusion
with "magic_quotes_gpc = Off", same request
result: Warning: Failed opening 'test' for inclusion

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-02-28 23:06 UTC] bbonev@php.net 
just error reporting functions are not binary safe. although i do not see a reason to open a file containing a null char in the name - most OSes will get the part before the first null char. lets call it bug because current behav doesn't help enough to track the problem
 [2001-03-01 10:34 UTC] tharbad at kaotik dot org 
On my system, with something like:
include($string . ".php");

I'm able to get, for example, /etc/passwd by adding a null byte to the end of $string, causing the include function to ignore the ".php" extension set on the include.
 [2001-05-05 14:33 UTC] derick@php.net 
Andi says:
I don't understand why this is a bug. He should code better :) This is how
the OS works or am I missing something?

This is an OS thingy, so I'm closing this.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Jan 15 04:01:28 2025 UTC